Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop suddenly very slow [Solved]


  • This topic is locked This topic is locked

#1
gianky

gianky

    New Member

  • Member
  • Pip
  • 8 posts
Hi! I am a newbee about computers and do not know how to fix my laptop. Suddenly, actually since 3 days ago, it became very slow to start up: it takes about 10 minutes before I can start to use it properly: the hard disk keeps on working and I an not able to open any application. When I can finally start to use the laptop after some time the hard disk starts again to work continuosly for about 5 minutes meanwhile I am not able to use the computer.
Can someone tell me what happens: everything was perfect until 3 days ago.

I have used OTL and run a scanning. Do I have to post the logfile?

Thanks in advance for the answers and for the help.

Gianky
  • 0

Advertisements


#2
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now! It isn't always a quick & easy fix to remove malware but if you'll stick with me, I'll stick with you until your computer is clean. Throughout this process you may want to print instructions in case you loose internet access unless you have another way to access them aside from the infected computer. Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)


After running OTL you should have two files, OTL.txt and Extras.txt They should be saved in the same place you saved OTL. If you could please post both of these I'll get started analyzing them to determine the best plan of action to get your computer running properly again. :)
  • 0

#3
gianky

gianky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for offering me help.
Here are the log files I got after running OTL.


OTL logfile created on: 11/3/2012 10:15:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.21% Memory free
7.49 Gb Paging File | 5.98 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 129.93 Gb Free Space | 59.39% Space Free | Partition Type: NTFS
Drive D: | 700.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRISTINA-PC | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 10:14:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
PRC - [2012/10/27 21:27:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/27 07:48:20 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2011/05/29 15:24:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
PRC - [2010/03/26 15:10:22 | 000,136,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\UIExec.exe
PRC - [2010/03/26 15:04:02 | 000,251,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\AssistantServices.exe
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/09 00:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 19:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/25 02:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/25 02:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 21:27:54 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/27 07:48:19 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2010/03/26 15:10:22 | 000,136,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\UIExec.exe
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/17 15:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/06 04:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/10/27 21:27:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/26 15:04:02 | 000,251,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/27 19:19:14 | 000,310,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/05/27 19:19:07 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/20 19:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/03/17 18:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/17 14:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/08 14:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/21 12:51:08 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/22 10:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/10/29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/08/23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1m5t56l2n673
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z1m5t56l2n673
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1m5t56l2n673
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z1m5t56l2n673
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1m5t56l2n673
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_daDK410
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://homepage.acer...4z1m5t56l2n673"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/23 18:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/23 15:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 21:27:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 21:27:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/01/09 17:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Extensions
[2012/10/24 19:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Firefox\Profiles\9ript0bt.default\extensions
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/27 21:27:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/01 19:19:26 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/09/01 19:19:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/01 19:19:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Mobile Broadband\UIExec.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90AA18A7-6682-45F4-B2B9-D9B7AE8CA842}: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B848DD1C-CFA9-43B8-9463-9EB4F100773B}: DhcpNameServer = 192.168.1.5 192.168.1.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 10:14:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2012/11/02 15:16:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/11/02 15:03:31 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{0E28BAAF-8253-4DA8-BDAD-2FE70E36FCF9}
[2012/11/01 19:45:57 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{43C19FA5-D615-4A9C-8DF3-AF573A4DB444}
[2012/10/31 21:02:19 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2012/10/31 14:57:08 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2A6AD43E-4153-47DA-9D3D-48D42468EBAA}
[2012/10/30 16:44:03 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{65217133-D2E1-40C2-A2F9-CA98FA053A8F}
[2012/10/29 14:10:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{42871F74-9D97-4AE0-B1D7-700672B4DCF3}
[2012/10/28 08:23:50 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{E78C02FE-444B-4732-B617-B4EC202D9A63}
[2012/10/27 21:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/27 09:19:44 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2CF8A140-656B-4C38-9D60-99AF39D151B7}
[2012/10/26 13:43:22 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{B506794B-60A6-4141-950E-C064954AD3C0}
[2012/10/25 17:22:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{A99EE24E-D403-417A-BF36-B4DF73636914}
[2012/10/24 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{6DF2D965-9AE4-4230-AD6C-A709A0D9C7C3}
[2012/10/23 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{AEBB5559-8BE3-40DE-A906-E432AE5DC5C6}
[2012/10/22 18:28:31 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9AA6D6D2-190D-4B67-904C-43F99EE57CD6}
[2012/10/21 08:33:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{1EE67204-600A-472D-9BA8-B95AA7E09A8C}
[2012/10/20 08:15:56 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3AE5AC02-7C7F-45F1-9DC1-244547111549}
[2012/10/19 22:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/19 22:06:31 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/10/19 22:06:31 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/10/19 22:06:31 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/10/19 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{4D4835CC-691C-4D03-B935-F4FB4101C652}
[2012/10/18 07:34:14 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{18B62421-DB32-4007-89D4-4166132243F9}
[2012/10/17 13:54:23 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{861AA21C-E258-42E7-BB60-15AFC581FEAA}
[2012/10/16 16:01:21 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{EC29A477-6EAD-45E0-A489-F9D05EABD9C7}
[2012/10/15 17:24:29 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{B8A15853-B035-48D4-9916-8395624E1A44}
[2012/10/15 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{F95CCB2A-8100-4E03-9C1D-A654C4084F42}
[2012/10/14 09:42:46 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9B12FE21-5151-4EC2-886B-383B4C107CD6}
[2012/10/13 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2012/10/13 14:11:52 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{362A23EE-BF55-4E39-8CF1-A6D2C18A56D9}
[2012/10/12 17:31:16 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{A496A58A-CC9E-4560-8FE9-48CE52D8196D}
[2012/10/12 09:28:18 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{38BB0A9A-5612-4D7C-8864-E2ADEF43029A}
[2012/10/11 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{AADBECA8-7454-45C4-8C33-CE8F2409598A}
[2012/10/10 12:00:44 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 12:00:42 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 12:00:41 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 12:00:31 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 12:00:31 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 12:00:31 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 12:00:30 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 12:00:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 12:00:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 12:00:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 12:00:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 12:00:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 12:00:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 12:00:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 12:00:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 12:00:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 12:00:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 12:00:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 12:00:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 12:00:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 12:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 12:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 12:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 12:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 12:00:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 12:00:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 12:00:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 12:00:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 12:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 12:00:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 12:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 12:00:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 12:00:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 12:00:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 12:00:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 12:00:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 12:00:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 12:00:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 12:00:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 12:00:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 12:00:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 12:00:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 12:00:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 12:00:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 12:00:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 12:00:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 11:59:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 11:59:14 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 11:59:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/10 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{07D32F8C-CD34-418F-BB81-0059686AB461}
[2012/10/09 15:42:50 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{CBFDF2A7-21BC-4B3D-823E-78B75287CBFA}
[2012/10/08 11:20:56 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{48455019-9AA7-4CFC-8073-8A859AF3C5BA}
[2012/10/07 08:11:54 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{7EF3EDBC-CEDB-4743-9596-FBE9D84DC309}
[2012/10/05 14:25:03 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{414E53E3-2D31-47F7-A499-EB89202917E8}
[2012/10/04 15:29:30 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{F622BC75-CE5B-4CAB-99E5-935670BA1158}

========== Files - Modified Within 30 Days ==========

[2012/11/03 10:14:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2012/11/03 09:54:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/03 09:23:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 09:23:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 09:15:27 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/03 09:15:26 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/11/03 09:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/03 09:15:01 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/02 15:16:28 | 455,654,834 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/30 23:21:17 | 001,277,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/30 23:21:17 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/30 23:21:17 | 000,474,792 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/10/30 23:21:17 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/30 23:21:17 | 000,082,370 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/10/27 21:41:48 | 000,002,052 | ---- | M] () -- C:\Users\Christina\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/26 20:15:26 | 013,879,740 | ---- | M] () -- C:\Users\Christina\Desktop\ipad2_manuale_utente.pdf

========== Files Created - No Company Name ==========

[2012/11/02 15:16:28 | 455,654,834 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/26 20:15:25 | 013,879,740 | ---- | C] () -- C:\Users\Christina\Desktop\ipad2_manuale_utente.pdf
[2012/03/27 19:43:35 | 000,000,000 | ---- | C] () -- C:\Users\Christina\temp.dat
[2011/08/04 12:12:40 | 000,007,680 | ---- | C] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 13:21:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/09 17:45:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/29 12:21:30 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >


And here is the Extras

OTL Extras logfile created on: 11/3/2012 10:15:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.21% Memory free
7.49 Gb Paging File | 5.98 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 129.93 Gb Free Space | 59.39% Space Free | Partition Type: NTFS
Drive D: | 700.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRISTINA-PC | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067152F4-16B2-4A13-910E-635BA516ED97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{096283AB-2516-46DE-AD78-32F0DE6F6A63}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A5DBF22-EF4A-4422-A867-5AEC0074C731}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0AC58C62-3C1D-42CB-A3B3-D4452EA9AA09}" = lport=445 | protocol=6 | dir=in | app=system |
"{0EF5337C-8ED3-4CF1-BE56-EE63E6590564}" = rport=139 | protocol=6 | dir=out | app=system |
"{0FFBA36F-6B35-4DF7-B163-312209CB1E56}" = rport=10243 | protocol=6 | dir=out | app=system |
"{12D20BAC-C7CA-431B-A4B8-089DB6DFC589}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{163E442B-0FBC-45E7-BE0F-579062C370B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4475F573-2911-4CCC-88A8-E57D453E1B19}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B1937BA-1DEF-472E-9810-1A3B171E91A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5D8105E4-BB31-4208-B5B2-44EFE119C614}" = lport=10243 | protocol=6 | dir=in | app=system |
"{613CE813-32AD-46F5-81C7-B3CDBB746E95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B23E05B-B020-404B-928A-EF71800AE7C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FBF2AC6-EA08-4259-9BD2-1A2AE048D4C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B690632-9D26-41BF-BE6E-043DBC4B0EF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{981B218E-A676-4D6F-8898-B67D7B4CCA14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B56F82F-060F-4105-B715-D27C5EDF8157}" = rport=137 | protocol=17 | dir=out | app=system |
"{ACF55815-984E-476C-AB12-A5802F2D07FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B39CEB0B-6154-4AEB-880B-ABA973EE9B4F}" = lport=138 | protocol=17 | dir=in | app=system |
"{B7FB28FE-0586-4BBF-BB8C-5376A464C4E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B987B9AB-C0F9-4031-A2FD-AE294C3231AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C681B1C0-26A9-4CD0-842A-F674AABEB55C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C683D74F-5F58-48CC-ADC6-9C9C5E291913}" = lport=137 | protocol=17 | dir=in | app=system |
"{D046CF35-15A0-402F-9EC1-B1BC56408B69}" = rport=445 | protocol=6 | dir=out | app=system |
"{F937433C-51E0-4C7A-A1AC-75D3AB6B7AC1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FCEAF940-F980-4996-AF12-1DCB0384281B}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A389F0-02F6-4C97-AAAE-1C0395C0D32A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{02286A4F-574C-4404-8A84-F100E529DFAB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{028DC257-1277-44E6-8D11-EA7FB01C0651}" = protocol=58 | dir=out | [email protected],-28546 |
"{0FA1AF8F-BFEE-4200-B5F2-D1861C4033A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11338AFF-2315-47D2-859C-ADC1D32D42EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{149E11AF-CFCA-4F4D-B2DA-3EC076E19BAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18C52851-3A05-4AF7-88D2-B51EABD9CF40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1F725DEF-A2F9-4295-9100-FFF9F50CF31D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{284E52E2-2B7D-43DD-8923-05DD8CC6121C}" = protocol=6 | dir=out | app=system |
"{3BD0AA66-B33F-4AEF-9108-31304C312403}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44E9B4C2-CCEB-4B6A-BB68-DA95FC5EFABC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46CDBA68-A568-4362-BFA0-4E8081539903}" = protocol=1 | dir=out | [email protected],-28544 |
"{4D04C660-F554-4292-BC43-D2AACB37E31A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5F1D3F56-316B-457B-8D78-B6E45DEBDA23}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{62EDDEB5-9E40-4716-8ED2-9EFD897DEF9C}" = protocol=58 | dir=in | [email protected],-28545 |
"{6DD52CE6-B708-4C0A-8C34-5B8E67262D5F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74371C15-DEB5-4ADA-9EEC-4CC7DCF6F81C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7B245A2D-D5DD-4D01-A17A-9D67EB096EC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BB33CBB-B088-49BC-A7E4-F81D78D32A83}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8D2D538E-0089-41BF-A7AA-A8742C8159C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9D370FBB-D1F3-4A96-BF01-10A3B55F04CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F944B63-6E92-4EC2-8719-70C77C8EBA0E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A04A3015-BC83-43EC-BC4D-0786DC55CD52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4E16EB9-E674-48F4-9E17-30E2494B9944}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ACB920C6-E5DD-4A6D-AFBF-8BE02ACF2C44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF5456FA-C003-4FE7-97AC-09793CA77C4D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B25363E6-7287-4B54-AF66-0E59CC3CC148}" = protocol=1 | dir=in | [email protected],-28543 |
"{B8A18502-93BA-429F-AB90-12086DD9E983}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF1D366F-A331-4659-9F30-C2A2224DFCCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3141EDE-1236-4F5B-B8F2-1806E5981D32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D65ADAAF-C932-4F5D-A7E1-777130182829}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E0C19772-1BA7-42B7-8B7D-4F2955309592}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FC48A15B-DAD9-408A-9E6D-3F162B490E62}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{0D248E87-5ADD-45FF-8577-46694D85743B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{141D496B-5F69-420A-9A91-59C453016D34}D:\grand prix 3\gp3.icd" = protocol=6 | dir=in | app=d:\grand prix 3\gp3.icd |
"TCP Query User{A80C882D-6CF9-406A-8926-5DDDACE3B593}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{B9E7FA70-330E-4644-8C50-23F90D04434E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{E6D1C3B6-E90B-4229-B2FC-4275E55A90CD}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{E85FA949-FEA4-4C47-9EAB-DD55B07A4F8A}C:\program files (x86)\infogrames\grand prix 4\gp4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\infogrames\grand prix 4\gp4.exe |
"UDP Query User{0D5D9430-6F66-40CB-8F53-CDF90E64C4E5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{607CC712-7534-4EC4-8BE5-16FBE023A848}C:\program files (x86)\infogrames\grand prix 4\gp4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\infogrames\grand prix 4\gp4.exe |
"UDP Query User{967B7A4F-05DE-447B-AEA9-CF1BB3906B16}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{AF6C3346-1D50-452D-839B-4C0F71224F92}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{C65883DD-0949-4CF5-8A2A-DEA786C3E147}D:\grand prix 3\gp3.icd" = protocol=17 | dir=in | app=d:\grand prix 3\gp3.icd |
"UDP Query User{CE1B124D-9FBA-4E3E-BB9D-51C56F1BF170}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{42281103-DF49-8A45-C960-977096F29F45}" = ccc-utility64
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6F43CF39-8B2F-546B-57E3-4803E935C465}" = ATI Catalyst Install Manager
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0406-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Danish) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE6D49CE-ED18-47E1-8449-037BC7181450}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{F83E9BF0-B8D8-3D68-9E07-7505290C2202}" = Microsoft .NET Framework 4 Client Profile DAN Language Pack
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DAN Language Pack" = Microsoft .NET Framework 4 Client Profile DAN sprogpakke
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio
"{15424D99-B708-54FD-94EC-997BE1976918}" = CCC Help Japanese
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DCEE28F-CEDA-ADBA-DE41-1377ADD42DD3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2552055A-7121-346E-F287-C0E7CC1BB36E}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{327AD686-FD94-F270-C0C9-D379ACC3CCA3}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3CABCB73-0ABE-9578-A11C-6888ECF5D6D7}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3DCF232A-B152-4375-B840-F19D866A316D}" = Catalyst Control Center Graphics Full New
"{3F34DE3B-887D-72A9-FCFE-2676B2EDBE67}" = CCC Help Thai
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{45A2D49C-8124-4015-A8B3-073A827EC5C1}" = Windows Live Sync
"{45FFEC16-0615-47E2-8B70-CBAFD31D820C}" = Angry Birds Space
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{5B30D670-AA94-3DAC-965D-CA8FED631DA3}" = Catalyst Control Center Graphics Previews Common
"{5F65AB3C-FCF3-E10B-3203-26F3C133F036}" = CCC Help Chinese Standard
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64CFDAC9-C358-88FE-E0E3-B33ED5C8AB2C}" = CCC Help Norwegian
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{702A9675-C93C-6914-7B90-8056525349A7}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7661AFE4-1F7A-8B5C-D395-3A8B682F106A}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77D3B22B-CB40-19AE-5A7D-9256E9862010}" = Catalyst Control Center Core Implementation
"{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A555AD4-057E-EB0B-3C2D-82658AA1B190}" = CCC Help English
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81FC1368-171E-4151-E3E1-D63C8CF1F150}" = CCC Help Polish
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85DD738D-6572-53AA-E570-50D0D0842722}" = Catalyst Control Center Graphics Full Existing
"{86141D3B-58F6-D4E9-809E-05032F1C09BE}" = CCC Help Swedish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
"{90120000-0015-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0406-0000-0000000FF1CE}_PROPLUS_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0406-0000-0000000FF1CE}_PROPLUS_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0406-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Danish) 2007
"{90120000-0017-0406-0000-0000000FF1CE}_OMUI.da-dk_{6127DAC2-962C-44CA-9ABD-0D5A65473A1C}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0406-0000-0000000FF1CE}_PROPLUS_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
"{90120000-0019-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0406-0000-0000000FF1CE}_PROPLUS_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0406-0000-0000000FF1CE}_PROPLUS_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0406-0000-0000000FF1CE}_PROPLUS_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_OMUI.da-dk_{8F771259-9037-4097-AA88-8613F3BE5627}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0406-0000-0000000FF1CE}_PROPLUS_{8F771259-9037-4097-AA88-8613F3BE5627}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.da-dk_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.da-dk_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0406-0000-0000000FF1CE}" = Kompatibilitetspakke til Office 2007-systemet
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0406-1000-0000000FF1CE}_OMUI.da-dk_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0406-1000-0000000FF1CE}_PROPLUS_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2007
"{90120000-0044-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0406-0000-0000000FF1CE}_PROPLUS_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_OMUI.da-dk_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0406-0000-0000000FF1CE}_PROPLUS_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2007
"{90120000-00A1-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2007
"{90120000-00BA-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0406-0000-0000000FF1CE}" = Microsoft Office O MUI (Danish) 2007
"{90120000-0100-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0406-0000-0000000FF1CE}" = Microsoft Office X MUI (Danish) 2007
"{90120000-0101-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00AF-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Danish)
"{95140000-007A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97DA45B6-451C-A4B8-897F-106E2B3B6E2F}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A26840C5-95D5-BB10-700A-304AA9F4AF92}" = CCC Help Greek
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A385939C-3DE9-5568-D8B0-3972BA293DC7}" = CCC Help German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobilt Bredbånd
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-1030-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Dansk
"{B238D61F-3EEF-4716-BFEA-9903DEF045D9}" = Microsoft Works
"{B284EA3C-8391-5648-BFC4-800A44D01ADA}" = ccc-core-static
"{B2F1B278-B685-1112-F051-AD05C5946C0D}" = CCC Help French
"{B3A0945A-1A84-BD5C-D33A-F4DC811FCCCC}" = CCC Help Chinese Traditional
"{B4060669-4633-038A-8A50-E05D1F54929E}" = CCC Help Czech
"{BC171806-3828-33E5-289C-9609C5BC59DF}" = Catalyst Control Center Localization All
"{BDE26FB2-E880-BFF9-3A85-18D70FC44D8D}" = Catalyst Control Center InstallProxy
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C31501D8-8267-A455-D269-85FBDBE2BFC3}" = CCC Help Italian
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C75A193A-D403-5707-7D32-166DF4EA47DD}" = CCC Help Spanish
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4905980-7A59-8CE0-1336-EBC0338DAC1B}" = CCC Help Hungarian
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F98098D2-8822-1B1D-6771-945669046216}" = CCC Help Danish
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Dream Day Wedding: Viva Las Vegas" = Dream Day Wedding: Viva Las Vegas
"eMule" = eMule
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"Mozilla Firefox 16.0.2 (x86 da)" = Mozilla Firefox 16.0.2 (x86 da)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.da-dk" = Microsoft Office Language Pack 2007 - Danish/dansk
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Silke" = Silke
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2012 11:22:26 AM | Computer Name = Christina-Pc | Source = Application Error | ID = 1000
Description = Navn på program med fejl: firefox.exe, version: 15.0.1.4631, tidsstempel:
0x5047f9c5 Navn på modul med fejl: xul.dll, version: 15.0.1.4631, tidsstempel: 0x5047f93b
Undtagelseskode:
0xc0000005 Forskydning med fejl 0x0010e567 Proces-id 0x173c Programmets starttidspunkt
0x01cd9f1e64d7d007 Programsti: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Modulsti:
C:\Program Files (x86)\Mozilla Firefox\xul.dll Rapport-id: a37c3fae-0b12-11e2-bc8f-88ae1d1c3ac8

Error - 10/4/2012 5:06:22 PM | Computer Name = Christina-Pc | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Der er en fejl i manifestet
eller politikfilen "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. Værdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 10/6/2012 3:38:54 PM | Computer Name = Christina-Pc | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Der er en fejl i manifestet
eller politikfilen "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. Værdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 10/7/2012 4:17:02 PM | Computer Name = Christina-Pc | Source = Application Error | ID = 1000
Description = Navn på program med fejl: firefox.exe, version: 15.0.1.4631, tidsstempel:
0x5047f9c5 Navn på modul med fejl: xul.dll, version: 15.0.1.4631, tidsstempel: 0x5047f93b
Undtagelseskode:
0xc0000005 Forskydning med fejl 0x0010e567 Proces-id 0x1f48 Programmets starttidspunkt
0x01cda4c8247d305a Programsti: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Modulsti:
C:\Program Files (x86)\Mozilla Firefox\xul.dll Rapport-id: f4112ac6-10bb-11e2-a774-88ae1d1c3ac8

Error - 10/9/2012 2:52:12 PM | Computer Name = Christina-Pc | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Der er en fejl i manifestet
eller politikfilen "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. Værdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 10/11/2012 2:21:28 PM | Computer Name = Christina-Pc | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Der er en fejl i manifestet
eller politikfilen "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. Værdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 10/12/2012 10:28:44 AM | Computer Name = Christina-Pc | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Der er en fejl i manifestet
eller politikfilen "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. Værdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 10/13/2012 12:58:14 PM | Computer Name = Christina-Pc | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Der er en fejl i manifestet
eller politikfilen "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. Værdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 10/15/2012 3:19:13 PM | Computer Name = Christina-Pc | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Der er en fejl i manifestet
eller politikfilen "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. Værdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 10/17/2012 3:31:29 PM | Computer Name = Christina-Pc | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Der er en fejl i manifestet
eller politikfilen "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. Værdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

[ System Events ]
Error - 11/3/2012 4:27:28 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 4:27:28 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 4:27:28 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 4:27:28 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 4:27:28 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 4:27:28 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 5:23:15 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 5:23:15 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 5:23:15 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.

Error - 11/3/2012 5:31:14 AM | Computer Name = Christina-Pc | Source = atapi | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Ide\IdePort0.


< End of report >
  • 0

#4
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi,

Thank you for offering me help.


You're welcome!

Step 1
Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Step 2

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. If you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Posted Image Backing Up Your Registry with ERUNT
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Compatible with Windows NT, 2000, 2003, XP, Vista, Windows 7, 32 & 64-bit versions.
1. Download ERUNT
2. Double-click erunt_setup.exe to run.
  • Vista and Windows 7 users will need to right click the erunt_setup.exe file and click Run as Admimistrstor. If prompted by Windows UAC, allow it.
3. Follow the prompts and install using the default configuration:
a. Select your preferred Setup language.
Posted Image

b. At the Setup screen click Next.
Posted Image

c. Accept the default destination folder by clicking Next.
Posted Image

d. Accept the default Start Menu Folder by clicking Next.
Posted Image

e. On the Select Additional Tasks Window, click Create ERUNT desktop icon only. Do Not check the Create NTREGOPT desktop icon. Then click Next.

Posted Image

f. Ready to Install. The Create NTREGOPT desktop icon will not be on the list. Click the Install button.
Posted Image

g. Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
Posted Image

h. Setup has completed. Tick the check boxes to Show documentation, or Launch ERUNT. Click Finish.
Posted Image
4. Click OK to start ERUNT
Posted Image

5. Choose a location for the backup

The default location C:\WINDOWS\ERDNT\[today's date] is preferred


6. The first two check boxes are ticked by default (System registry and Current user registry).
7. Press OK
Posted Image

8. When prompted, click YES to create a new folder.
Posted Image

9. Progress bars will show backup status.
Posted Image

10. A confirmation window will pop up when complete.
Posted Image

11. Click Ok to close.
There is a Readme.txt file in the C:/Program Files/ERUNT folder that explains the program.

Step 3

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box, right click and click Copy.

:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_daDK410
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0

:Commands
[resethosts]
[emptytemp]
[Reboot]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Then, re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Then click the Quick Scan button at the top
  • Let the program run and post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. TDSSKiller Log
2. OTL Fix log
3. New OTL Custom Scan
  • 0

#5
gianky

gianky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi again!
Here are the things you requested.

1. TDSSKiller Log

19:53:55.0198 6304 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:53:55.0370 6304 ============================================================
19:53:55.0370 6304 Current date / time: 2012/11/04 19:53:55.0370
19:53:55.0370 6304 SystemInfo:
19:53:55.0370 6304
19:53:55.0370 6304 OS Version: 6.1.7601 ServicePack: 1.0
19:53:55.0370 6304 Product type: Workstation
19:53:55.0370 6304 ComputerName: CHRISTINA-PC
19:53:55.0370 6304 UserName: Christina
19:53:55.0370 6304 Windows directory: C:\Windows
19:53:55.0370 6304 System windows directory: C:\Windows
19:53:55.0370 6304 Running under WOW64
19:53:55.0370 6304 Processor architecture: Intel x64
19:53:55.0370 6304 Number of processors: 2
19:53:55.0370 6304 Page size: 0x1000
19:53:55.0370 6304 Boot type: Normal boot
19:53:55.0370 6304 ============================================================
19:53:56.0633 6304 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:53:56.0649 6304 ============================================================
19:53:56.0649 6304 \Device\Harddisk0\DR0:
19:53:56.0649 6304 MBR partitions:
19:53:56.0649 6304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C01A24, BlocksNum 0x32FCD
19:53:56.0649 6304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C349F1, BlocksNum 0x1B59077F
19:53:56.0649 6304 ============================================================
19:53:56.0680 6304 C: <-> \Device\Harddisk0\DR0\Partition2
19:53:56.0680 6304 ============================================================
19:53:56.0680 6304 Initialize success
19:53:56.0680 6304 ============================================================
19:54:02.0047 6400 ============================================================
19:54:02.0047 6400 Scan started
19:54:02.0047 6400 Mode: Manual; SigCheck; TDLFS;
19:54:02.0047 6400 ============================================================
19:54:02.0967 6400 ================ Scan system memory ========================
19:54:02.0967 6400 System memory - ok
19:54:02.0967 6400 ================ Scan services =============================
19:54:03.0466 6400 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:54:03.0560 6400 1394ohci - ok
19:54:03.0622 6400 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:54:03.0653 6400 ACPI - ok
19:54:03.0716 6400 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:54:03.0747 6400 AcpiPmi - ok
19:54:03.0903 6400 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:03.0919 6400 AdobeARMservice - ok
19:54:03.0965 6400 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:03.0997 6400 adp94xx - ok
19:54:04.0028 6400 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:54:04.0059 6400 adpahci - ok
19:54:04.0075 6400 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:54:04.0090 6400 adpu320 - ok
19:54:04.0121 6400 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:54:04.0184 6400 AeLookupSvc - ok
19:54:04.0246 6400 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:54:04.0293 6400 AFD - ok
19:54:04.0340 6400 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:54:04.0371 6400 agp440 - ok
19:54:04.0387 6400 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:54:04.0418 6400 ALG - ok
19:54:04.0449 6400 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:54:04.0465 6400 aliide - ok
19:54:04.0496 6400 [ 53E74B13EEF0E3ED256F4B8028F91274 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:54:04.0527 6400 AMD External Events Utility - ok
19:54:04.0527 6400 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:54:04.0543 6400 amdide - ok
19:54:04.0589 6400 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:54:04.0636 6400 AmdK8 - ok
19:54:04.0839 6400 [ 09A3D41550116E898C4C6F2B941E6D07 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
19:54:04.0979 6400 amdkmdag - ok
19:54:05.0026 6400 [ 5E9D3213040458690EBB61C37EC685BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:54:05.0042 6400 amdkmdap - ok
19:54:05.0073 6400 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:54:05.0120 6400 AmdPPM - ok
19:54:05.0167 6400 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:54:05.0182 6400 amdsata - ok
19:54:05.0213 6400 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:05.0229 6400 amdsbs - ok
19:54:05.0245 6400 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:54:05.0276 6400 amdxata - ok
19:54:05.0323 6400 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:54:05.0369 6400 AppID - ok
19:54:05.0401 6400 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:54:05.0447 6400 AppIDSvc - ok
19:54:05.0479 6400 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:54:05.0557 6400 Appinfo - ok
19:54:05.0603 6400 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:54:05.0619 6400 arc - ok
19:54:05.0635 6400 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:54:05.0666 6400 arcsas - ok
19:54:05.0697 6400 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:54:05.0744 6400 aswFsBlk - ok
19:54:05.0791 6400 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:54:05.0806 6400 aswMonFlt - ok
19:54:05.0853 6400 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:54:05.0884 6400 aswRdr - ok
19:54:05.0947 6400 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:54:06.0009 6400 aswSnx - ok
19:54:06.0025 6400 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:54:06.0040 6400 aswSP - ok
19:54:06.0071 6400 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:54:06.0087 6400 aswTdi - ok
19:54:06.0118 6400 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:06.0181 6400 AsyncMac - ok
19:54:06.0196 6400 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:54:06.0212 6400 atapi - ok
19:54:06.0274 6400 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:54:06.0290 6400 AtiPcie - ok
19:54:06.0368 6400 [ F88EF61BCD43ADDF2C9555430C16CD96 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:54:06.0415 6400 atksgt - ok
19:54:06.0649 6400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:06.0711 6400 AudioEndpointBuilder - ok
19:54:06.0742 6400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:54:06.0805 6400 AudioSrv - ok
19:54:06.0898 6400 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:54:06.0945 6400 avast! Antivirus - ok
19:54:06.0976 6400 AVFSFilter - ok
19:54:07.0023 6400 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:54:07.0070 6400 AxInstSV - ok
19:54:07.0132 6400 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:07.0148 6400 b06bdrv - ok
19:54:07.0210 6400 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:07.0226 6400 b57nd60a - ok
19:54:07.0803 6400 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:54:07.0865 6400 BCM43XX - ok
19:54:07.0912 6400 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:54:07.0928 6400 BDESVC - ok
19:54:07.0943 6400 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:54:07.0990 6400 Beep - ok
19:54:08.0084 6400 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:54:08.0162 6400 BFE - ok
19:54:08.0209 6400 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:54:08.0318 6400 BITS - ok
19:54:08.0349 6400 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:08.0380 6400 blbdrive - ok
19:54:08.0458 6400 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:54:08.0489 6400 bowser - ok
19:54:08.0505 6400 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:08.0521 6400 BrFiltLo - ok
19:54:08.0536 6400 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:08.0552 6400 BrFiltUp - ok
19:54:08.0599 6400 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:54:08.0630 6400 Browser - ok
19:54:08.0645 6400 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:54:08.0677 6400 Brserid - ok
19:54:08.0692 6400 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:08.0708 6400 BrSerWdm - ok
19:54:08.0723 6400 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:08.0739 6400 BrUsbMdm - ok
19:54:08.0755 6400 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:08.0770 6400 BrUsbSer - ok
19:54:08.0786 6400 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:08.0801 6400 BTHMODEM - ok
19:54:08.0833 6400 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:54:08.0864 6400 bthserv - ok
19:54:08.0895 6400 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:54:08.0926 6400 cdfs - ok
19:54:08.0989 6400 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:54:09.0020 6400 cdrom - ok
19:54:09.0067 6400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:54:09.0145 6400 CertPropSvc - ok
19:54:09.0176 6400 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:54:09.0191 6400 circlass - ok
19:54:09.0223 6400 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:54:09.0254 6400 CLFS - ok
19:54:09.0363 6400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:09.0379 6400 clr_optimization_v2.0.50727_32 - ok
19:54:09.0441 6400 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:09.0457 6400 clr_optimization_v2.0.50727_64 - ok
19:54:09.0535 6400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:09.0550 6400 clr_optimization_v4.0.30319_32 - ok
19:54:09.0597 6400 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:09.0628 6400 clr_optimization_v4.0.30319_64 - ok
19:54:09.0659 6400 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:09.0691 6400 CmBatt - ok
19:54:09.0722 6400 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:54:09.0737 6400 cmdide - ok
19:54:09.0784 6400 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:54:09.0815 6400 CNG - ok
19:54:09.0847 6400 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:54:09.0862 6400 Compbatt - ok
19:54:09.0878 6400 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:54:09.0909 6400 CompositeBus - ok
19:54:09.0925 6400 COMSysApp - ok
19:54:09.0956 6400 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:09.0971 6400 crcdisk - ok
19:54:10.0018 6400 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:54:10.0034 6400 CryptSvc - ok
19:54:10.0096 6400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:54:10.0159 6400 DcomLaunch - ok
19:54:10.0205 6400 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:54:10.0252 6400 defragsvc - ok
19:54:10.0299 6400 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:54:10.0361 6400 DfsC - ok
19:54:10.0408 6400 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:54:10.0471 6400 Dhcp - ok
19:54:10.0502 6400 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:54:10.0549 6400 discache - ok
19:54:10.0595 6400 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:54:10.0595 6400 Disk - ok
19:54:10.0642 6400 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:54:10.0673 6400 Dnscache - ok
19:54:10.0720 6400 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:54:10.0767 6400 dot3svc - ok
19:54:10.0798 6400 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:54:10.0861 6400 DPS - ok
19:54:10.0892 6400 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:54:10.0907 6400 drmkaud - ok
19:54:11.0001 6400 [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:54:11.0048 6400 DsiWMIService - ok
19:54:11.0126 6400 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:54:11.0173 6400 DXGKrnl - ok
19:54:11.0219 6400 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:54:11.0329 6400 EapHost - ok
19:54:11.0453 6400 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:54:11.0516 6400 ebdrv - ok
19:54:11.0578 6400 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:54:11.0625 6400 EFS - ok
19:54:11.0719 6400 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:54:11.0781 6400 ehRecvr - ok
19:54:11.0812 6400 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:54:11.0843 6400 ehSched - ok
19:54:11.0906 6400 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:54:11.0953 6400 elxstor - ok
19:54:12.0031 6400 [ 49EEF52BFB986A2B5D70F4EC12637D7B ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:54:12.0093 6400 ePowerSvc - ok
19:54:12.0109 6400 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:54:12.0140 6400 ErrDev - ok
19:54:12.0202 6400 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:54:12.0280 6400 EventSystem - ok
19:54:12.0311 6400 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:54:12.0343 6400 exfat - ok
19:54:12.0389 6400 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:54:12.0436 6400 fastfat - ok
19:54:12.0530 6400 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:54:12.0577 6400 Fax - ok
19:54:12.0592 6400 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:54:12.0608 6400 fdc - ok
19:54:12.0655 6400 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:54:12.0717 6400 fdPHost - ok
19:54:12.0733 6400 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:54:12.0764 6400 FDResPub - ok
19:54:12.0811 6400 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:54:12.0826 6400 FileInfo - ok
19:54:12.0842 6400 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:54:12.0889 6400 Filetrace - ok
19:54:12.0904 6400 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:12.0920 6400 flpydisk - ok
19:54:12.0982 6400 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:54:13.0013 6400 FltMgr - ok
19:54:13.0091 6400 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:54:13.0123 6400 FontCache - ok
19:54:13.0185 6400 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:13.0216 6400 FontCache3.0.0.0 - ok
19:54:13.0247 6400 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:54:13.0247 6400 FsDepends - ok
19:54:13.0294 6400 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:54:13.0310 6400 fssfltr - ok
19:54:13.0419 6400 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:54:13.0466 6400 fsssvc - ok
19:54:13.0513 6400 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:54:13.0544 6400 Fs_Rec - ok
19:54:13.0606 6400 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:54:13.0622 6400 fvevol - ok
19:54:13.0684 6400 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:13.0715 6400 gagp30kx - ok
19:54:13.0793 6400 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:54:13.0871 6400 gpsvc - ok
19:54:13.0981 6400 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:54:13.0996 6400 GREGService - ok
19:54:14.0105 6400 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:14.0137 6400 gupdate - ok
19:54:14.0168 6400 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:14.0199 6400 gupdatem - ok
19:54:14.0324 6400 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:54:14.0355 6400 gusvc - ok
19:54:14.0480 6400 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:54:14.0511 6400 hcw85cir - ok
19:54:14.0558 6400 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:54:14.0573 6400 HdAudAddService - ok
19:54:14.0620 6400 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:54:14.0636 6400 HDAudBus - ok
19:54:14.0667 6400 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:14.0683 6400 HidBatt - ok
19:54:14.0698 6400 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:54:14.0729 6400 HidBth - ok
19:54:14.0761 6400 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:54:14.0776 6400 HidIr - ok
19:54:14.0807 6400 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:54:14.0870 6400 hidserv - ok
19:54:14.0917 6400 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:54:14.0963 6400 HidUsb - ok
19:54:14.0995 6400 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:54:15.0073 6400 hkmsvc - ok
19:54:15.0119 6400 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:54:15.0151 6400 HomeGroupListener - ok
19:54:15.0197 6400 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:54:15.0229 6400 HomeGroupProvider - ok
19:54:15.0275 6400 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:54:15.0322 6400 HpSAMD - ok
19:54:15.0385 6400 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:54:15.0447 6400 HTTP - ok
19:54:15.0494 6400 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:54:15.0525 6400 hwpolicy - ok
19:54:15.0556 6400 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:54:15.0587 6400 i8042prt - ok
19:54:15.0650 6400 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:54:15.0681 6400 iaStorV - ok
19:54:15.0759 6400 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:15.0806 6400 idsvc - ok
19:54:15.0837 6400 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:54:15.0853 6400 iirsp - ok
19:54:15.0915 6400 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:54:16.0009 6400 IKEEXT - ok
19:54:16.0118 6400 [ FEADC18677A85A123E95A9B976101120 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:54:16.0196 6400 IntcAzAudAddService - ok
19:54:16.0243 6400 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:54:16.0258 6400 intelide - ok
19:54:16.0289 6400 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:54:16.0305 6400 intelppm - ok
19:54:16.0336 6400 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:54:16.0399 6400 IPBusEnum - ok
19:54:16.0430 6400 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:16.0461 6400 IpFilterDriver - ok
19:54:16.0508 6400 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:54:16.0586 6400 iphlpsvc - ok
19:54:16.0617 6400 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:54:16.0633 6400 IPMIDRV - ok
19:54:16.0664 6400 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:54:16.0726 6400 IPNAT - ok
19:54:16.0757 6400 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:54:16.0773 6400 IRENUM - ok
19:54:16.0804 6400 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:54:16.0835 6400 isapnp - ok
19:54:16.0867 6400 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:54:16.0913 6400 iScsiPrt - ok
19:54:16.0960 6400 [ C9B4ECC187581E5BF3F76648884B7829 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
19:54:16.0991 6400 k57nd60a - ok
19:54:17.0038 6400 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:54:17.0069 6400 kbdclass - ok
19:54:17.0116 6400 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:54:17.0147 6400 kbdhid - ok
19:54:17.0179 6400 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:54:17.0194 6400 KeyIso - ok
19:54:17.0241 6400 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:54:17.0257 6400 KSecDD - ok
19:54:17.0288 6400 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:54:17.0303 6400 KSecPkg - ok
19:54:17.0335 6400 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:54:17.0381 6400 ksthunk - ok
19:54:17.0413 6400 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:54:17.0475 6400 KtmRm - ok
19:54:17.0537 6400 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:54:17.0584 6400 LanmanServer - ok
19:54:17.0647 6400 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:54:17.0725 6400 LanmanWorkstation - ok
19:54:17.0787 6400 [ 8E4CA9AFD55EF6B509C80A8715ABF8C6 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
19:54:17.0818 6400 lirsgt - ok
19:54:17.0834 6400 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:54:17.0912 6400 lltdio - ok
19:54:17.0943 6400 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:54:18.0005 6400 lltdsvc - ok
19:54:18.0021 6400 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:54:18.0068 6400 lmhosts - ok
19:54:18.0099 6400 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:54:18.0130 6400 LSI_FC - ok
19:54:18.0177 6400 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:54:18.0193 6400 LSI_SAS - ok
19:54:18.0208 6400 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:54:18.0239 6400 LSI_SAS2 - ok
19:54:18.0239 6400 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:54:18.0255 6400 LSI_SCSI - ok
19:54:18.0271 6400 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:54:18.0333 6400 luafv - ok
19:54:18.0380 6400 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\Windows\system32\drivers\massfilter.sys
19:54:18.0395 6400 massfilter - ok
19:54:18.0442 6400 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:54:18.0473 6400 Mcx2Svc - ok
19:54:18.0583 6400 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:54:18.0598 6400 MDM ( UnsignedFile.Multi.Generic ) - warning
19:54:18.0598 6400 MDM - detected UnsignedFile.Multi.Generic (1)
19:54:18.0629 6400 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:54:18.0645 6400 megasas - ok
19:54:18.0676 6400 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:54:18.0707 6400 MegaSR - ok
19:54:18.0754 6400 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:54:18.0801 6400 MMCSS - ok
19:54:18.0817 6400 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:54:18.0863 6400 Modem - ok
19:54:18.0895 6400 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:54:18.0926 6400 monitor - ok
19:54:18.0957 6400 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:54:18.0973 6400 mouclass - ok
19:54:18.0988 6400 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:54:19.0004 6400 mouhid - ok
19:54:19.0051 6400 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:54:19.0066 6400 mountmgr - ok
19:54:19.0160 6400 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:54:19.0191 6400 MozillaMaintenance - ok
19:54:19.0222 6400 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:54:19.0253 6400 mpio - ok
19:54:19.0285 6400 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:54:19.0347 6400 mpsdrv - ok
19:54:19.0425 6400 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:54:19.0519 6400 MpsSvc - ok
19:54:19.0565 6400 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:54:19.0612 6400 MRxDAV - ok
19:54:19.0659 6400 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:19.0675 6400 mrxsmb - ok
19:54:19.0706 6400 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:19.0737 6400 mrxsmb10 - ok
19:54:19.0753 6400 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:19.0768 6400 mrxsmb20 - ok
19:54:19.0784 6400 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:54:19.0799 6400 msahci - ok
19:54:19.0846 6400 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:54:19.0862 6400 msdsm - ok
19:54:19.0877 6400 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:54:19.0893 6400 MSDTC - ok
19:54:19.0940 6400 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:54:19.0987 6400 Msfs - ok
19:54:20.0033 6400 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:54:20.0096 6400 mshidkmdf - ok
19:54:20.0127 6400 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:54:20.0143 6400 msisadrv - ok
19:54:20.0174 6400 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:54:20.0236 6400 MSiSCSI - ok
19:54:20.0252 6400 msiserver - ok
19:54:20.0299 6400 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:54:20.0345 6400 MSKSSRV - ok
19:54:20.0361 6400 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:20.0408 6400 MSPCLOCK - ok
19:54:20.0439 6400 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:54:20.0486 6400 MSPQM - ok
19:54:20.0595 6400 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:54:20.0642 6400 MsRPC - ok
19:54:20.0704 6400 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:54:20.0720 6400 mssmbios - ok
19:54:20.0751 6400 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:54:20.0798 6400 MSTEE - ok
19:54:20.0813 6400 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:54:20.0829 6400 MTConfig - ok
19:54:20.0845 6400 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:54:20.0860 6400 Mup - ok
19:54:20.0891 6400 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:54:20.0907 6400 mwlPSDFilter - ok
19:54:20.0923 6400 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:54:20.0938 6400 mwlPSDNServ - ok
19:54:20.0954 6400 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:54:20.0969 6400 mwlPSDVDisk - ok
19:54:21.0032 6400 [ 22A4905C958BEB68D78385B633C1351B ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
19:54:21.0079 6400 MWLService - ok
19:54:21.0110 6400 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:54:21.0172 6400 napagent - ok
19:54:21.0219 6400 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:54:21.0250 6400 NativeWifiP - ok
19:54:21.0313 6400 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:54:21.0344 6400 NDIS - ok
19:54:21.0359 6400 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:54:21.0422 6400 NdisCap - ok
19:54:21.0453 6400 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:21.0484 6400 NdisTapi - ok
19:54:21.0531 6400 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:21.0578 6400 Ndisuio - ok
19:54:21.0625 6400 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:21.0687 6400 NdisWan - ok
19:54:21.0734 6400 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:54:21.0812 6400 NDProxy - ok
19:54:21.0843 6400 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:54:21.0890 6400 NetBIOS - ok
19:54:21.0937 6400 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:54:21.0968 6400 NetBT - ok
19:54:21.0983 6400 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:54:22.0015 6400 Netlogon - ok
19:54:22.0046 6400 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:54:22.0108 6400 Netman - ok
19:54:22.0124 6400 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:54:22.0217 6400 netprofm - ok
19:54:22.0249 6400 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:54:22.0280 6400 NetTcpPortSharing - ok
19:54:22.0327 6400 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:54:22.0358 6400 nfrd960 - ok
19:54:22.0420 6400 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:54:22.0514 6400 NlaSvc - ok
19:54:22.0529 6400 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:54:22.0592 6400 Npfs - ok
19:54:22.0607 6400 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:54:22.0670 6400 nsi - ok
19:54:22.0685 6400 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:54:22.0748 6400 nsiproxy - ok
19:54:22.0826 6400 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:54:22.0888 6400 Ntfs - ok
19:54:22.0966 6400 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
19:54:22.0982 6400 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
19:54:22.0982 6400 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
19:54:23.0029 6400 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:54:23.0060 6400 NTIBackupSvc - ok
19:54:23.0107 6400 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
19:54:23.0138 6400 NTIDrvr - ok
19:54:23.0185 6400 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:54:23.0216 6400 NTISchedulerSvc - ok
19:54:23.0247 6400 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:54:23.0294 6400 Null - ok
19:54:23.0325 6400 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:54:23.0356 6400 nvraid - ok
19:54:23.0403 6400 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:54:23.0434 6400 nvstor - ok
19:54:23.0497 6400 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:54:23.0512 6400 nv_agp - ok
19:54:23.0575 6400 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:54:23.0621 6400 odserv - ok
19:54:23.0637 6400 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:54:23.0668 6400 ohci1394 - ok
19:54:23.0715 6400 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:54:23.0746 6400 ose - ok
19:54:23.0793 6400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:54:23.0840 6400 p2pimsvc - ok
19:54:23.0871 6400 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:54:23.0902 6400 p2psvc - ok
19:54:23.0933 6400 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:54:23.0949 6400 Parport - ok
19:54:23.0980 6400 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:54:23.0996 6400 partmgr - ok
19:54:24.0011 6400 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:54:24.0043 6400 PcaSvc - ok
19:54:24.0074 6400 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:54:24.0105 6400 pci - ok
19:54:24.0136 6400 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:54:24.0167 6400 pciide - ok
19:54:24.0199 6400 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:54:24.0214 6400 pcmcia - ok
19:54:24.0245 6400 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:54:24.0261 6400 pcw - ok
19:54:24.0292 6400 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:54:24.0339 6400 PEAUTH - ok
19:54:24.0433 6400 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:54:24.0464 6400 PerfHost - ok
19:54:24.0542 6400 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:54:24.0620 6400 pla - ok
19:54:24.0682 6400 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:54:24.0729 6400 PlugPlay - ok
19:54:24.0760 6400 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:54:24.0776 6400 PNRPAutoReg - ok
19:54:24.0791 6400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:54:24.0823 6400 PNRPsvc - ok
19:54:24.0838 6400 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:54:24.0901 6400 PolicyAgent - ok
19:54:24.0947 6400 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:54:24.0994 6400 Power - ok
19:54:25.0041 6400 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:54:25.0103 6400 PptpMiniport - ok
19:54:25.0135 6400 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:54:25.0166 6400 Processor - ok
19:54:25.0213 6400 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:54:25.0244 6400 ProfSvc - ok
19:54:25.0259 6400 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:54:25.0275 6400 ProtectedStorage - ok
19:54:25.0571 6400 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:54:25.0634 6400 Psched - ok
19:54:26.0008 6400 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:54:26.0039 6400 ql2300 - ok
19:54:26.0071 6400 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:54:26.0086 6400 ql40xx - ok
19:54:26.0102 6400 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:54:26.0133 6400 QWAVE - ok
19:54:26.0149 6400 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:54:26.0180 6400 QWAVEdrv - ok
19:54:26.0195 6400 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:54:26.0242 6400 RasAcd - ok
19:54:26.0289 6400 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:54:26.0367 6400 RasAgileVpn - ok
19:54:26.0383 6400 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:54:26.0429 6400 RasAuto - ok
19:54:26.0476 6400 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:26.0523 6400 Rasl2tp - ok
19:54:26.0570 6400 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:54:26.0632 6400 RasMan - ok
19:54:26.0663 6400 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:26.0710 6400 RasPppoe - ok
19:54:26.0741 6400 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:54:26.0804 6400 RasSstp - ok
19:54:26.0835 6400 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:54:26.0882 6400 rdbss - ok
19:54:26.0913 6400 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:54:26.0929 6400 rdpbus - ok
19:54:26.0960 6400 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:27.0007 6400 RDPCDD - ok
19:54:27.0022 6400 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:54:27.0069 6400 RDPENCDD - ok
19:54:27.0100 6400 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:54:27.0131 6400 RDPREFMP - ok
19:54:27.0163 6400 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:54:27.0209 6400 RDPWD - ok
19:54:27.0256 6400 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:54:27.0287 6400 rdyboost - ok
19:54:27.0319 6400 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:54:27.0412 6400 RemoteAccess - ok
19:54:27.0459 6400 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:54:27.0506 6400 RemoteRegistry - ok
19:54:27.0537 6400 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:54:27.0584 6400 RpcEptMapper - ok
19:54:27.0615 6400 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:54:27.0631 6400 RpcLocator - ok
19:54:27.0693 6400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:54:27.0755 6400 RpcSs - ok
19:54:27.0802 6400 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:54:27.0849 6400 rspndr - ok
19:54:27.0896 6400 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
19:54:27.0927 6400 RSUSBSTOR - ok
19:54:27.0958 6400 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:54:27.0989 6400 RTHDMIAzAudService - ok
19:54:28.0005 6400 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:54:28.0021 6400 SamSs - ok
19:54:28.0052 6400 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:54:28.0067 6400 sbp2port - ok
19:54:28.0083 6400 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:54:28.0161 6400 SCardSvr - ok
19:54:28.0192 6400 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:54:28.0239 6400 scfilter - ok
19:54:28.0301 6400 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:54:28.0364 6400 Schedule - ok
19:54:28.0411 6400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:54:28.0442 6400 SCPolicySvc - ok
19:54:28.0489 6400 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:54:28.0520 6400 SDRSVC - ok
19:54:28.0567 6400 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:54:28.0613 6400 secdrv - ok
19:54:28.0645 6400 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:54:28.0691 6400 seclogon - ok
19:54:28.0723 6400 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:54:28.0769 6400 SENS - ok
19:54:28.0801 6400 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:54:28.0816 6400 SensrSvc - ok
19:54:28.0832 6400 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:54:28.0847 6400 Serenum - ok
19:54:28.0863 6400 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:54:28.0910 6400 Serial - ok
19:54:28.0925 6400 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:54:28.0957 6400 sermouse - ok
19:54:29.0003 6400 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:54:29.0050 6400 SessionEnv - ok
19:54:29.0081 6400 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:54:29.0128 6400 sffdisk - ok
19:54:29.0159 6400 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:54:29.0175 6400 sffp_mmc - ok
19:54:29.0191 6400 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:54:29.0222 6400 sffp_sd - ok
19:54:29.0253 6400 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:54:29.0269 6400 sfloppy - ok
19:54:29.0315 6400 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:54:29.0362 6400 SharedAccess - ok
19:54:29.0409 6400 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:54:29.0456 6400 ShellHWDetection - ok
19:54:29.0487 6400 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:54:29.0503 6400 SiSRaid2 - ok
19:54:29.0534 6400 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:54:29.0549 6400 SiSRaid4 - ok
19:54:29.0643 6400 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:54:29.0674 6400 SkypeUpdate - ok
19:54:29.0705 6400 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:54:29.0768 6400 Smb - ok
19:54:29.0799 6400 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:54:29.0815 6400 SNMPTRAP - ok
19:54:29.0830 6400 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:54:29.0846 6400 spldr - ok
19:54:29.0908 6400 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:54:29.0955 6400 Spooler - ok
19:54:30.0111 6400 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:54:30.0205 6400 sppsvc - ok
19:54:30.0220 6400 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:54:30.0267 6400 sppuinotify - ok
19:54:30.0314 6400 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:54:30.0345 6400 srv - ok
19:54:30.0376 6400 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:54:30.0392 6400 srv2 - ok
19:54:30.0407 6400 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:54:30.0423 6400 srvnet - ok
19:54:30.0454 6400 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:54:30.0501 6400 SSDPSRV - ok
19:54:30.0517 6400 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:54:30.0563 6400 SstpSvc - ok
19:54:30.0626 6400 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:54:30.0657 6400 stexstor - ok
19:54:30.0719 6400 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:54:30.0782 6400 stisvc - ok
19:54:30.0813 6400 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:54:30.0829 6400 swenum - ok
19:54:30.0860 6400 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:54:30.0907 6400 swprv - ok
19:54:30.0969 6400 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:54:30.0985 6400 SynTP - ok
19:54:31.0078 6400 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:54:31.0125 6400 SysMain - ok
19:54:31.0156 6400 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:54:31.0219 6400 TabletInputService - ok
19:54:31.0359 6400 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:54:31.0453 6400 TapiSrv - ok
19:54:31.0484 6400 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:54:31.0531 6400 TBS - ok
19:54:31.0624 6400 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:54:31.0687 6400 Tcpip - ok
19:54:31.0780 6400 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:54:31.0858 6400 TCPIP6 - ok
19:54:31.0905 6400 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:54:31.0967 6400 tcpipreg - ok
19:54:31.0999 6400 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:54:32.0030 6400 TDPIPE - ok
19:54:32.0061 6400 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:54:32.0092 6400 TDTCP - ok
19:54:32.0139 6400 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:54:32.0217 6400 tdx - ok
19:54:32.0248 6400 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:54:32.0279 6400 TermDD - ok
19:54:32.0326 6400 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:54:32.0389 6400 TermService - ok
19:54:32.0435 6400 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:54:32.0467 6400 Themes - ok
19:54:32.0498 6400 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:54:32.0576 6400 THREADORDER - ok
19:54:32.0607 6400 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:54:32.0685 6400 TrkWks - ok
19:54:32.0763 6400 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:54:32.0810 6400 TrustedInstaller - ok
19:54:32.0857 6400 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:32.0888 6400 tssecsrv - ok
19:54:32.0950 6400 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:54:32.0981 6400 TsUsbFlt - ok
19:54:33.0044 6400 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:54:33.0106 6400 tunnel - ok
19:54:33.0153 6400 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:54:33.0169 6400 uagp35 - ok
19:54:33.0184 6400 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
19:54:33.0200 6400 UBHelper - ok
19:54:33.0325 6400 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:54:33.0403 6400 udfs - ok
19:54:33.0481 6400 [ 6DD7A265E299768964ADE101626A226A ] UI Assistant Service C:\Program Files (x86)\Mobile Broadband\AssistantServices.exe
19:54:33.0496 6400 UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
19:54:33.0496 6400 UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
19:54:33.0543 6400 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:54:33.0559 6400 UI0Detect - ok
19:54:33.0605 6400 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:54:33.0621 6400 uliagpkx - ok
19:54:33.0668 6400 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:54:33.0683 6400 umbus - ok
19:54:33.0715 6400 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:54:33.0730 6400 UmPass - ok
19:54:33.0808 6400 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:54:33.0855 6400 Updater Service - ok
19:54:33.0886 6400 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:54:33.0964 6400 upnphost - ok
19:54:33.0995 6400 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:54:34.0027 6400 usbccgp - ok
19:54:34.0058 6400 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:54:34.0073 6400 usbcir - ok
19:54:34.0105 6400 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:54:34.0120 6400 usbehci - ok
19:54:34.0151 6400 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:54:34.0167 6400 usbfilter - ok
19:54:34.0198 6400 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:54:34.0229 6400 usbhub - ok
19:54:34.0261 6400 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:54:34.0276 6400 usbohci - ok
19:54:34.0323 6400 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:54:34.0354 6400 usbprint - ok
19:54:34.0370 6400 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:34.0401 6400 USBSTOR - ok
19:54:34.0432 6400 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:54:34.0479 6400 usbuhci - ok
19:54:34.0526 6400 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:54:34.0573 6400 usbvideo - ok
19:54:34.0604 6400 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:54:34.0651 6400 UxSms - ok
19:54:34.0666 6400 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:54:34.0697 6400 VaultSvc - ok
19:54:34.0729 6400 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:54:34.0760 6400 vdrvroot - ok
19:54:34.0807 6400 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:54:34.0869 6400 vds - ok
19:54:34.0885 6400 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:34.0900 6400 vga - ok
19:54:34.0916 6400 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:54:34.0963 6400 VgaSave - ok
19:54:34.0978 6400 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:54:34.0994 6400 vhdmp - ok
19:54:35.0041 6400 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:54:35.0056 6400 viaide - ok
19:54:35.0087 6400 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:54:35.0119 6400 volmgr - ok
19:54:35.0165 6400 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:54:35.0197 6400 volmgrx - ok
19:54:35.0228 6400 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:54:35.0275 6400 volsnap - ok
19:54:35.0321 6400 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:54:35.0353 6400 vsmraid - ok
19:54:35.0446 6400 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:54:35.0540 6400 VSS - ok
19:54:35.0555 6400 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:54:35.0571 6400 vwifibus - ok
19:54:35.0602 6400 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:54:35.0618 6400 vwififlt - ok
19:54:35.0665 6400 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:54:35.0711 6400 W32Time - ok
19:54:35.0743 6400 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:54:35.0758 6400 WacomPen - ok
19:54:35.0805 6400 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:54:35.0883 6400 WANARP - ok
19:54:35.0899 6400 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:54:35.0945 6400 Wanarpv6 - ok
19:54:36.0023 6400 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:54:36.0086 6400 WatAdminSvc - ok
19:54:36.0164 6400 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:54:36.0211 6400 wbengine - ok
19:54:36.0257 6400 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:54:36.0273 6400 WbioSrvc - ok
19:54:36.0320 6400 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:54:36.0382 6400 wcncsvc - ok
19:54:36.0413 6400 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:54:36.0429 6400 WcsPlugInService - ok
19:54:36.0445 6400 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:54:36.0460 6400 Wd - ok
19:54:36.0507 6400 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:54:36.0523 6400 Wdf01000 - ok
19:54:36.0538 6400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:54:36.0569 6400 WdiServiceHost - ok
19:54:36.0585 6400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:54:36.0601 6400 WdiSystemHost - ok
19:54:36.0679 6400 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:54:36.0710 6400 WebClient - ok
19:54:36.0772 6400 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:54:36.0835 6400 Wecsvc - ok
19:54:36.0850 6400 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:54:36.0913 6400 wercplsupport - ok
19:54:36.0944 6400 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:54:37.0006 6400 WerSvc - ok
19:54:37.0037 6400 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:54:37.0084 6400 WfpLwf - ok
19:54:37.0100 6400 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:54:37.0115 6400 WIMMount - ok
19:54:37.0147 6400 WinDefend - ok
19:54:37.0147 6400 WinHttpAutoProxySvc - ok
19:54:37.0225 6400 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:54:37.0303 6400 Winmgmt - ok
19:54:37.0381 6400 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:54:37.0474 6400 WinRM - ok
19:54:37.0552 6400 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:54:37.0568 6400 WinUsb - ok
19:54:37.0630 6400 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:54:37.0693 6400 Wlansvc - ok
19:54:37.0771 6400 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:54:37.0786 6400 wlcrasvc - ok
19:54:37.0942 6400 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:54:37.0989 6400 wlidsvc - ok
19:54:38.0020 6400 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:54:38.0036 6400 WmiAcpi - ok
19:54:38.0067 6400 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:54:38.0083 6400 wmiApSrv - ok
19:54:38.0129 6400 WMPNetworkSvc - ok
19:54:38.0161 6400 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:54:38.0192 6400 WPCSvc - ok
19:54:38.0223 6400 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:54:38.0239 6400 WPDBusEnum - ok
19:54:38.0270 6400 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:54:38.0332 6400 ws2ifsl - ok
19:54:38.0363 6400 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:54:38.0395 6400 wscsvc - ok
19:54:38.0410 6400 WSearch - ok
19:54:38.0519 6400 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:54:38.0582 6400 wuauserv - ok
19:54:38.0629 6400 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:54:38.0707 6400 WudfPf - ok
19:54:38.0722 6400 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:38.0769 6400 WUDFRd - ok
19:54:38.0816 6400 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:54:38.0863 6400 wudfsvc - ok
19:54:38.0909 6400 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:54:38.0941 6400 WwanSvc - ok
19:54:38.0972 6400 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:54:38.0987 6400 ZTEusbmdm6k - ok
19:54:39.0034 6400 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:54:39.0050 6400 ZTEusbnmea - ok
19:54:39.0081 6400 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:54:39.0097 6400 ZTEusbser6k - ok
19:54:39.0112 6400 ================ Scan global ===============================
19:54:39.0143 6400 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:54:39.0175 6400 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:54:39.0190 6400 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:54:39.0221 6400 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:54:39.0268 6400 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:54:39.0284 6400 [Global] - ok
19:54:39.0284 6400 ================ Scan MBR ==================================
19:54:39.0299 6400 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:54:40.0173 6400 \Device\Harddisk0\DR0 - ok
19:54:40.0173 6400 ================ Scan VBR ==================================
19:54:40.0173 6400 [ 8082FBA20B4B8A3F7B3843850D7E7472 ] \Device\Harddisk0\DR0\Partition1
19:54:40.0189 6400 \Device\Harddisk0\DR0\Partition1 - ok
19:54:40.0220 6400 [ 0340F85DEC0725E8F959EA3A76DDB6D0 ] \Device\Harddisk0\DR0\Partition2
19:54:40.0220 6400 \Device\Harddisk0\DR0\Partition2 - ok
19:54:40.0235 6400 ============================================================
19:54:40.0235 6400 Scan finished
19:54:40.0235 6400 ============================================================
19:54:40.0251 5824 Detected object count: 3
19:54:40.0251 5824 Actual detected object count: 3
19:54:44.0650 5824 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:44.0650 5824 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:54:44.0650 5824 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:44.0650 5824 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:54:44.0650 5824 UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:44.0650 5824 UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨



2. OTL Fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {C345E174-3E87-4F41-A01C-B066A90A49B4}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:A724744F deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Christina
->Temp folder emptied: 125967478 bytes
->Temporary Internet Files folder emptied: 46609753 bytes
->Java cache emptied: 103133119 bytes
->FireFox cache emptied: 60824397 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 78350 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 280427974 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50517 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 594.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11042012_211500

Files\Folders moved on Reboot...
C:\Users\Christina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache.Trash6256\D\85\17D35d01 not found!
File\Folder C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache.Trash6256\4\4F\14AE2d01 not found!
File\Folder C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache.Trash6256\0\05\B239Dd01 not found!
C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\urlclassifier3.sqlite moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨


3. New OTL Custom Scan

OTL logfile created on: 11/4/2012 9:56:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3.75 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 56.75% Memory free
7.49 Gb Paging File | 5.83 Gb Available in Paging File | 77.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 129.59 Gb Free Space | 59.23% Space Free | Partition Type: NTFS
Drive D: | 700.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRISTINA-PC | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 10:14:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/27 21:27:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 15:24:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/03/26 15:10:22 | 000,136,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\UIExec.exe
PRC - [2010/03/26 15:04:02 | 000,251,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\AssistantServices.exe
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/09 00:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 19:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/25 02:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/25 02:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 21:27:54 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/03/26 15:10:22 | 000,136,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\UIExec.exe
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/17 15:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/06 04:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/10/27 21:27:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/26 15:04:02 | 000,251,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/27 19:19:14 | 000,310,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/05/27 19:19:07 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/20 19:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/03/17 18:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/17 14:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/08 14:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/21 12:51:08 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/22 10:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/10/29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/08/23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1m5t56l2n673
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z1m5t56l2n673
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1m5t56l2n673
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z1m5t56l2n673
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3040131196-3856302357-2302808339-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1m5t56l2n673
IE - HKU\S-1-5-21-3040131196-3856302357-2302808339-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-3040131196-3856302357-2302808339-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3040131196-3856302357-2302808339-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ACAW_daDK410
IE - HKU\S-1-5-21-3040131196-3856302357-2302808339-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://homepage.acer...4z1m5t56l2n673"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/23 18:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/04 21:48:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 21:27:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 21:27:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/01/09 17:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Extensions
[2012/10/24 19:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Firefox\Profiles\9ript0bt.default\extensions
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/27 21:27:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/01 19:19:26 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/09/01 19:19:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/01 19:19:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2012/11/04 21:15:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-3040131196-3856302357-2302808339-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Mobile Broadband\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90AA18A7-6682-45F4-B2B9-D9B7AE8CA842}: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B848DD1C-CFA9-43B8-9463-9EB4F100773B}: DhcpNameServer = 192.168.1.5 192.168.1.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/04 21:48:10 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{23DA33ED-F863-418E-B9EB-2CBF65564064}
[2012/11/04 21:15:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/04 21:13:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/11/04 21:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/11/04 21:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/11/03 23:11:06 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{A6900561-E790-4455-A2BC-DB6A3C47E677}
[2012/11/03 13:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2012/11/03 10:14:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2012/11/02 15:16:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/11/02 15:03:31 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{0E28BAAF-8253-4DA8-BDAD-2FE70E36FCF9}
[2012/11/01 19:45:57 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{43C19FA5-D615-4A9C-8DF3-AF573A4DB444}
[2012/10/31 14:57:08 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2A6AD43E-4153-47DA-9D3D-48D42468EBAA}
[2012/10/30 16:44:03 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{65217133-D2E1-40C2-A2F9-CA98FA053A8F}
[2012/10/29 14:10:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{42871F74-9D97-4AE0-B1D7-700672B4DCF3}
[2012/10/28 08:23:50 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{E78C02FE-444B-4732-B617-B4EC202D9A63}
[2012/10/27 21:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/27 09:19:44 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2CF8A140-656B-4C38-9D60-99AF39D151B7}
[2012/10/26 13:43:22 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{B506794B-60A6-4141-950E-C064954AD3C0}
[2012/10/25 17:22:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{A99EE24E-D403-417A-BF36-B4DF73636914}
[2012/10/24 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{6DF2D965-9AE4-4230-AD6C-A709A0D9C7C3}
[2012/10/23 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{AEBB5559-8BE3-40DE-A906-E432AE5DC5C6}
[2012/10/22 18:28:31 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9AA6D6D2-190D-4B67-904C-43F99EE57CD6}
[2012/10/21 08:33:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{1EE67204-600A-472D-9BA8-B95AA7E09A8C}
[2012/10/20 08:15:56 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3AE5AC02-7C7F-45F1-9DC1-244547111549}
[2012/10/19 22:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/19 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{4D4835CC-691C-4D03-B935-F4FB4101C652}
[2012/10/18 07:34:14 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{18B62421-DB32-4007-89D4-4166132243F9}
[2012/10/17 13:54:23 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{861AA21C-E258-42E7-BB60-15AFC581FEAA}
[2012/10/16 16:01:21 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{EC29A477-6EAD-45E0-A489-F9D05EABD9C7}
[2012/10/15 17:24:29 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{B8A15853-B035-48D4-9916-8395624E1A44}
[2012/10/15 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{F95CCB2A-8100-4E03-9C1D-A654C4084F42}
[2012/10/14 09:42:46 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9B12FE21-5151-4EC2-886B-383B4C107CD6}
[2012/10/13 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2012/10/13 14:11:52 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{362A23EE-BF55-4E39-8CF1-A6D2C18A56D9}
[2012/10/12 17:31:16 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{A496A58A-CC9E-4560-8FE9-48CE52D8196D}
[2012/10/12 09:28:18 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{38BB0A9A-5612-4D7C-8864-E2ADEF43029A}
[2012/10/11 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{AADBECA8-7454-45C4-8C33-CE8F2409598A}
[2012/10/10 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{07D32F8C-CD34-418F-BB81-0059686AB461}
[2012/10/09 15:42:50 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{CBFDF2A7-21BC-4B3D-823E-78B75287CBFA}
[2012/10/08 11:20:56 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{48455019-9AA7-4CFC-8073-8A859AF3C5BA}
[2012/10/07 08:11:54 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{7EF3EDBC-CEDB-4743-9596-FBE9D84DC309}

========== Files - Modified Within 30 Days ==========

[2012/11/04 21:58:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 21:58:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 21:54:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/04 21:51:40 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/11/04 21:51:30 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/04 21:51:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/04 21:50:55 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 21:50:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/04 21:15:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/11/04 21:11:19 | 000,000,913 | ---- | M] () -- C:\Users\Christina\Desktop\ERUNT.lnk
[2012/11/04 09:45:50 | 001,277,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/04 09:45:50 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/04 09:45:50 | 000,474,792 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/11/04 09:45:50 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/04 09:45:50 | 000,082,370 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/11/03 10:14:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2012/11/02 15:16:28 | 455,654,834 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/27 21:41:48 | 000,002,052 | ---- | M] () -- C:\Users\Christina\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/26 20:15:26 | 013,879,740 | ---- | M] () -- C:\Users\Christina\Desktop\ipad2_manuale_utente.pdf
[2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

========== Files Created - No Company Name ==========

[2012/11/04 21:11:19 | 000,000,913 | ---- | C] () -- C:\Users\Christina\Desktop\ERUNT.lnk
[2012/11/02 15:16:28 | 455,654,834 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/26 20:15:25 | 013,879,740 | ---- | C] () -- C:\Users\Christina\Desktop\ipad2_manuale_utente.pdf
[2012/03/27 19:43:35 | 000,000,000 | ---- | C] () -- C:\Users\Christina\temp.dat
[2011/08/04 12:12:40 | 000,007,680 | ---- | C] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 13:21:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/09 17:45:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/29 12:21:30 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/25 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\eTeks
[2012/06/30 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\MyVideoDownloader
[2012/06/30 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\MyVideoDownloaderHD
[2011/07/18 16:16:17 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\PlayFirst
[2012/09/22 17:44:14 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Rovio
[2011/06/02 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 14:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 14:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 14:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 14:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 14:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 14:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 14:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 14:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 14:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 14:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 14:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 14:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 14:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 14:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 14:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 14:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 14:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 14:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/07/27 21:51:46 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx

< MD5 for: SERVICES.ASFX23 >
[2011/06/06 12:55:34 | 000,000,599 | R--- | M] () MD5=8CEF86FF4BBA687F844CDD2FBC9E2901 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70301B744AA0100000010\10.1.0\services.asfx23

< MD5 for: SERVICES.CFG >
[2012/07/27 21:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/06/25 11:25:23 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\SysNative\da-DK\services.exe.mui
[2010/06/25 11:25:23 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1fd5cd894ef1d409\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/06/25 11:25:20 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysNative\da-DK\services.msc
[2010/06/25 11:25:25 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysWOW64\da-DK\services.msc
[2010/06/25 11:25:20 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_5a179d75255b6dfc\services.msc
[2010/06/25 11:25:25 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_fdf901f16cfdfcc6\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >
  • 0

#6
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have a few more steps for you. After these please let me know how your latop is working. :)

Step 1

Your Firewall needs to be reset. Note: Restoring the default settings removes all of the Windows Firewall settings that you've made for all network location types. This might cause some programs that you've previously allowed through the firewall to stop working. After resetting the firewall some programs may need permission again and it's okay to give the programs permission as long as you know what the program is.

  • Open Windows Firewall by clicking the Start buttonPosted Image, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.
  • In the left pane, click Restore defaults. Posted ImageAdministrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    Posted Image
  • In the dialog box that appears, click Restore defaults. At the confirmation prompt, click Yes.

Step 2
~Security Check~

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. Checkup.txt from Security Check
2. How is you laptop doing?
  • 0

#7
gianky

gianky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi there!

The Windows Firewall has been reset and here is the report you requested:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.268 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````




I can say that the laptop is booting very fast now but I still experience the HDD working and working as soon as I try to do something. For example I wanted to open the .txt file I just pasted in this reply and it took about 45 seconds to do that: I don't think that's normal in a healthy computer. Do you think it is related to the HDD that is going down? Or is it the memory?
I would say that after all the laptop is working fine but these "breaks" are quite annoying as I have to wait until the HDD has finished working before starting to do the next process.
Any good advice?

Regards,
Gianky
  • 0

#8
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
You have several programs that are out of date that need to be updated. Older versions can have vulnerabilities that malware can use to infect your system. First, I have instructions for updating your Java, Adobe Flash Player, and Interet Explorer, then a scan with ComboFix. If your computer is still having the "annoying breaks" after the ComboFix scan, based on the scan, we'll start looking at what else could possibly be causing the "breaks". :)

Step 1
Posted Image Your Java is out of date.
Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (64-bit) link to download Java.
  • Run the installer
  • Close JavaRa

Step 2
Your version of Adobe Flash Player is out of date.
  • Go to the Adobe Flash Player Website here.
  • Unless you'd like to install McAffee Security Scan Plus be sure to unclick the box beside it.
  • Click Download Now to download the lastest version of Adobe Flash

Step 3
Your version of Internet Explorer is also out of date.
  • Go to the Internet Explorer Website here.
  • Unless you'd like to change to Bing and MSN defaults make sure you unclick the box below Download Internet Explorer 9.
  • Click Download Internet Explorer 9 to download the lastest version of Internet Explorer.

Step 4
Download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console
Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
  • If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. ComboFix Log
2. Are you still having the annoying breaks, and is there anything else you notice that is "off" about your computer.
  • 0

#9
gianky

gianky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi!
Java and Adobe Flash player have been updated.
I ran ComboFix but I didn't get a report. Should I try to run it again?

I will keep an eye on the laptop performance today: if I will notice something still annoying I will contact you again.
I want to thank you for your help.

Regards,
Gianky.
  • 0

#10
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

I ran ComboFix but I didn't get a report. Should I try to run it again?

If it ran properly the report should be located at C:\COMBOFIX.txt

If there isn't a file there, please try to re-run it and then post the log or let me know that it didn't run. We also have a few more scans we need to do to make sure all the malware is gone.

I will keep an eye on the laptop performance today: if I will notice something still annoying I will contact you again.
I want to thank you for your help.


You're very welcome! :)
  • 0

Advertisements


#11
gianky

gianky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I found it!
Here is the Combofix report:




ComboFix 12-11-06.03 - Christina 07-11-2012 19:20:58.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.3835.2461 [GMT 1:00]
Kører fra: C:\Users\Christina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt


((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\FullRemove.exe


((((((((((((((((((((((((((((( Filer skabt fra 2012-10-07 til 2012-11-07 )))))))))))))))))))))))))))))))))))


2012-11-07 18:36:19 . 2012-11-07 18:36:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-11-07 18:23:18 . 2012-11-07 18:23:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ABDE1884-7375-4C97-8E0E-1D028C95099B}\offreg.dll
2012-11-06 18:57:14 . 2012-11-06 18:56:44 916456 ----a-w- C:\Windows\system32\deployJava1.dll
2012-11-06 18:57:14 . 2012-11-06 18:56:44 1034216 ----a-w- C:\Windows\system32\npDeployJava1.dll
2012-11-06 18:57:13 . 2012-11-06 18:56:44 289768 ----a-w- C:\Windows\system32\javaws.exe
2012-11-06 18:56:58 . 2012-11-06 18:56:46 108008 ----a-w- C:\Windows\system32\WindowsAccessBridge-64.dll
2012-11-06 18:56:58 . 2012-11-06 18:56:44 189416 ----a-w- C:\Windows\system32\javaw.exe
2012-11-06 18:56:57 . 2012-11-06 18:56:44 188904 ----a-w- C:\Windows\system32\java.exe
2012-11-06 18:56:42 . 2012-11-06 18:56:42 -------- d-----w- C:\Program Files\Java
2012-11-06 15:51:13 . 2012-10-12 07:19:03 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ABDE1884-7375-4C97-8E0E-1D028C95099B}\mpengine.dll
2012-11-04 20:15:00 . 2012-11-04 20:15:00 -------- d-----w- C:\_OTL
2012-11-04 20:11:18 . 2012-11-04 20:11:20 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-11-03 12:14:19 . 2012-11-03 12:44:21 -------- d-----w- C:\ProgramData\clp
2012-10-31 20:02:19 . 2012-06-27 19:26:47 773968 ----a-w- C:\Windows\system32\msvcr100.dll
2012-10-22 17:28:31 . 2012-10-22 17:28:42 -------- d-----w- C:\Users\Christina\AppData\Local\{9AA6D6D2-190D-4B67-904C-43F99EE57CD6}
2012-10-10 10:59:52 . 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\system32\wintrust.dll
2012-10-10 10:59:51 . 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 10:59:41 . 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-10-10 10:59:41 . 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 10:59:21 . 2012-08-11 00:56:03 715776 ----a-w- C:\Windows\system32\kerberos.dll
2012-10-10 10:59:21 . 2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 10:59:14 . 2012-06-02 05:41:27 1464320 ----a-w- C:\Windows\system32\crypt32.dll
2012-10-10 10:59:13 . 2012-06-02 04:36:29 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 10:59:12 . 2012-06-02 05:41:28 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
2012-10-10 10:59:12 . 2012-06-02 05:41:28 140288 ----a-w- C:\Windows\system32\cryptnet.dll
2012-10-10 10:59:12 . 2012-06-02 04:36:29 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 10:59:12 . 2012-06-02 04:36:29 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-11-06 18:58:56 . 2012-03-29 06:31:10 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-06 18:58:56 . 2011-06-27 10:45:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-30 22:51:56 . 2011-05-08 15:44:29 59728 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-10-30 22:51:55 . 2011-05-08 15:44:35 370288 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-10-30 22:51:55 . 2011-05-08 15:44:27 984144 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:55 . 2011-05-08 15:44:22 71600 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:53 . 2011-05-08 15:44:35 25232 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51:07 . 2011-05-08 15:43:21 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-30 22:50:59 . 2011-05-08 15:43:21 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2012-10-30 22:50:30 . 2011-05-08 15:44:21 285328 ----a-w- C:\Windows\system32\aswBoot.exe
2012-10-15 16:59:28 . 2012-03-15 18:44:58 54072 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2012-10-10 12:21:20 . 2011-05-22 17:59:05 65309168 ----a-w- C:\Windows\system32\MRT.exe
2012-09-24 13:32:24 . 2012-06-16 06:30:21 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32:20 . 2011-07-19 08:15:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 18:05:06 . 2012-09-22 14:45:08 1188864 ----a-w- C:\Windows\system32\wininet.dll
2012-08-24 18:05:05 . 2012-09-22 14:45:10 1494528 ----a-w- C:\Windows\system32\urlmon.dll
2012-08-24 18:05:05 . 2012-09-22 14:45:02 134144 ----a-w- C:\Windows\system32\url.dll
2012-08-24 18:03:41 . 2012-09-22 14:45:23 9056256 ----a-w- C:\Windows\system32\mshtml.dll
2012-08-24 18:03:41 . 2012-09-22 14:45:03 97792 ----a-w- C:\Windows\system32\mshtmled.dll
2012-08-24 18:03:37 . 2012-09-22 14:45:12 735744 ----a-w- C:\Windows\system32\msfeeds.dll
2012-08-24 18:03:01 . 2012-09-22 14:45:02 64512 ----a-w- C:\Windows\system32\jsproxy.dll
2012-08-24 18:02:50 . 2012-09-22 14:45:05 247808 ----a-w- C:\Windows\system32\ieui.dll
2012-08-24 18:02:49 . 2012-09-22 14:45:19 12295680 ----a-w- C:\Windows\system32\ieframe.dll
2012-08-24 18:02:49 . 2012-09-22 14:45:05 2453504 ----a-w- C:\Windows\system32\iertutil.dll
2012-08-24 16:57:48 . 2012-09-22 14:45:08 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30 . 2012-09-22 14:45:01 1638912 ----a-w- C:\Windows\system32\mshtml.tlb
2012-08-24 15:20:39 . 2012-09-22 14:45:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 . 2012-09-12 12:31:47 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-08-22 18:12:40 . 2012-09-12 12:31:56 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-08-22 18:12:40 . 2012-09-12 12:31:47 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-08-22 18:12:33 . 2012-09-12 12:31:46 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 . 2012-09-27 06:29:48 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe
2012-08-20 17:38:44 . 2012-10-10 11:00:29 44032 ----a-w- C:\Windows\apppatch\acwow64.dll


((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))


*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03:52 120176 ----a-w- C:\Program Files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2012-07-13 11:33:24 17418928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 19:08:34 337264]
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 01:44:48 201512]
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 01:45:16 401192]
"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 23:56:38 260608]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-18 04:32:22 98304]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2010-03-03 13:21:16 1300560]
"UIExec"="C:\Program Files (x86)\Mobile Broadband\UIExec.exe" [2010-03-26 14:10:22 136840]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-05-29 14:24:05 273544]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 11:28:36 160944]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Mobile Broadband\AssistantServices.exe [2010-03-26 14:04:02 251016]
R3 AVFSFilter;AVFSFilter;C:\Windows\system32\DRIVERS\avfsfilter.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys [2009-10-29 18:28:24 11776]
R3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 18:04:40 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 00:50:50 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-08 13:57:22 239136]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-17 20:33:01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 02:15:30 22576]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 02:15:30 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 02:15:30 60464]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2010-03-17 14:17:08 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 22:51:55 71600]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 13:21:16 325200]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 03:23:06 865824]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 13:21:22 23584]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 23:58:24 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 00:51:20 144640]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 23:27:36 243232]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-03-20 18:59:08 321064]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 09:26:36 38456]


Indhold af mappen 'Planlagte Opgaver'

2012-11-07 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:31:11 . 2012-11-06 18:58:56]

2012-11-07 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 14:38:02 . 2010-12-20 14:37:54]

2012-11-07 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 14:38:02 . 2010-12-20 14:37:54]

2012-09-22 C:\Windows\Tasks\ReclaimerResumeInstall_Christina.job
- C:\Users\Christina\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 21:42:25 . 2012-09-21 21:42:24]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50:24 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06:06 137584 ----a-w- C:\Program Files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 10:16:14 9644576]
"mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 18:05:02 349552]
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 03:23:08 860192]
  • 0

#12
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi gianky!

How is your computer running now? We have a few more scans to make sure all the remnants of the malware are gone and then if all is still running well I'll give you instructions to clean up my tools. :)

Step 1
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Run ESET online scan.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~

1. Let me know how your computer is doing.
2. Malware Bytes Scan Results
3. Eset Scan Results
  • 0

#13
gianky

gianky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi there!
I still experience long breaks before I can use the computer properly. The HDD is working for some minutes and I cannot open any application before it finishes its "work", and I do not know what it is loading or searching.
Anyway, here are the log files you requested:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Christina :: CHRISTINA-PC [administrator]

12-11-2012 19:56:54
mbam-log-2012-11-12 (19-56-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202424
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--------------------------------------------------------------
--------------------------------------------------------------

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7c47897ef0c27a43bb2a318850ede12c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-12 09:10:28
# local_time=2012-11-12 10:10:28 (+0100, Rom, normaltid)
# country="Denmark"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 7703 104377239 0 0
# compatibility_mode=8192 67108863 100 0 3757 3757 0 0
# scanned=140485
# found=2
# cleaned=0
# scan_time=7238
C:\Users\Christina\Downloads\dream_day_vegas_v2_aol-dm.exe a variant of Win32/Adware.Trymedia.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Christina\Downloads\slow-pcfighter_Web.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
  • 0

#14
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
ESET showed a few things & then I have a few scans to see if we can help with the speed of your computer.

Step 1

Posted Image OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box, right click and click Copy.

:Commands
[CREATERESTOREPOINT]

:Files
C:\Users\Christina\Downloads\dream_day_vegas_v2_aol-dm.exe
C:\Users\Christina\Downloads\slow-pcfighter_Web.exe

:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.

Step 2

Please do the following:

  • Click on Start then click on My Computer
  • Right click on the C: drive, scroll down and click on Properties
  • Click on the Tools tab
  • Click on the Check Now... button
  • In the dialog box that opens, place a checkmark in the 2 boxes and click on Start
  • The next dialog box will now show the following
    • Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <Y/N>
    • Type Y and reboot the computer.
  • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.

To find the log that is produced, please do the following

  • Reboot the computer.
  • Click on Start then Control Panel
  • In Control Panel click on Administrative Tools
  • Click on Event Viewer
  • Once the Event Viewer opens, in the middle pane, near the bottom under Log Summary, click on Application.
  • Locate the Winlogon entry under the Source column that corresponds with the time that Checkdisk was ran.
  • Double click on it and a window will open.
  • Click on Details tab then click on Copy in the lower left of that window to save the data to clipboard and post in your next reply.

Step 3

Go to Computer and right click your hard drive or the partition where Windows has been installed.
Click properties and then click the Tools tab and click Defragment Now.
It may take a couple of hours but a badly defragmented drive could really slow your computer down.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~

1. OTL Fix Log
2. CheckDisk Log
3. Is your computer running any better?
  • 0

#15
gianky

gianky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi there!!
I ran the scannings you asked me to do and they went fine. It seems that the problem is solved: I still want to check that the laptop is finally healthy again, so if there is something wrong I will contact you again. But, so far so good!!

Do you have any good advice about how to keep the computer in good health? Do I have to do periodic scans? If so, which programs shoudl I use?
And, now I have a lot of programs installed that you asked me to download: can I delete some of them? If so, which ones?

Here are the logfiles of the last scans I did (I haven't been able to get the log file from the chkdisk scan).

Again, thanks a lot for your help!!
Regards,
Gianky.


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Christina\Downloads\dream_day_vegas_v2_aol-dm.exe moved successfully.
C:\Users\Christina\Downloads\slow-pcfighter_Web.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christina
->Temp folder emptied: 6202 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 157149972 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6317 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142527 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50090 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 150.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11142012_194213

Files\Folders moved on Reboot...
C:\Users\Christina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache.Trash6256\D\85\17D35d01 not found!
File\Folder C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache.Trash6256\4\4F\14AE2d01 not found!
File\Folder C:\Users\Christina\AppData\Local\Mozilla\Firefox\Profiles\9ript0bt.default\Cache.Trash6256\0\05\B239Dd01 not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


==============================================================================================================================================



OTL logfile created on: 11/14/2012 10:13:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3.75 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 68.04% Memory free
7.49 Gb Paging File | 6.14 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 122.08 Gb Free Space | 55.80% Space Free | Partition Type: NTFS
Drive D: | 700.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRISTINA-PC | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 10:14:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 15:24:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/03/26 15:10:22 | 000,136,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\UIExec.exe
PRC - [2010/03/26 15:04:02 | 000,251,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\AssistantServices.exe
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/09 00:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 19:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/25 02:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/25 02:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/26 15:10:22 | 000,136,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Broadband\UIExec.exe
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/17 15:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/06 04:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/11/06 19:58:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/27 21:27:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/26 15:04:02 | 000,251,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/27 19:19:14 | 000,310,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/05/27 19:19:07 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/20 19:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/03/17 18:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/17 14:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/08 14:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/21 12:51:08 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/22 10:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/10/29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/10/29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/08/23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z1m5t56l2n673
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...34z1m5t56l2n673
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34z1m5t56l2n673
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ACAW_daDK410
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://homepage.acer...4z1m5t56l2n673"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/23 18:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/04 21:48:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 21:27:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 21:27:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/01/09 17:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Extensions
[2012/10/24 19:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Firefox\Profiles\9ript0bt.default\extensions
[2012/11/06 19:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/27 21:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/27 21:27:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/01 19:19:26 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/09/01 19:19:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/01 19:19:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2012/11/07 19:36:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Mobile Broadband\UIExec.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90AA18A7-6682-45F4-B2B9-D9B7AE8CA842}: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B848DD1C-CFA9-43B8-9463-9EB4F100773B}: DhcpNameServer = 192.168.1.5 192.168.1.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 20:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/12 19:44:05 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Malwarebytes
[2012/11/12 19:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/12 19:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/12 19:43:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/12 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/12 19:01:20 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\TFC.exe
[2012/11/10 12:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/10 12:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/11/07 19:48:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/07 19:18:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/07 19:18:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/07 19:18:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/07 19:17:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/07 19:17:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/07 19:08:23 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Christina\Desktop\ComboFix.exe
[2012/11/07 18:40:12 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3D294E26-9DAF-454B-8DCC-0F67DDE28760}
[2012/11/06 19:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/06 16:44:41 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{28D8B8E6-5548-48A6-82B2-3B6336F09EA9}
[2012/11/05 18:33:41 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{EF5FDB4B-FD15-4640-9C07-DA780AC33B6A}
[2012/11/04 21:48:10 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{23DA33ED-F863-418E-B9EB-2CBF65564064}
[2012/11/04 21:15:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/04 21:13:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/11/04 21:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/11/04 21:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/11/03 23:11:06 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{A6900561-E790-4455-A2BC-DB6A3C47E677}
[2012/11/03 13:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2012/11/03 10:14:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2012/11/02 15:16:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/11/02 15:03:31 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{0E28BAAF-8253-4DA8-BDAD-2FE70E36FCF9}
[2012/11/01 19:45:57 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{43C19FA5-D615-4A9C-8DF3-AF573A4DB444}
[2012/10/31 14:57:08 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2A6AD43E-4153-47DA-9D3D-48D42468EBAA}
[2012/10/30 16:44:03 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{65217133-D2E1-40C2-A2F9-CA98FA053A8F}
[2012/10/29 14:10:37 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{42871F74-9D97-4AE0-B1D7-700672B4DCF3}
[2012/10/28 08:23:50 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{E78C02FE-444B-4732-B617-B4EC202D9A63}
[2012/10/27 21:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/27 09:19:44 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{2CF8A140-656B-4C38-9D60-99AF39D151B7}
[2012/10/26 13:43:22 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{B506794B-60A6-4141-950E-C064954AD3C0}
[2012/10/25 17:22:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{A99EE24E-D403-417A-BF36-B4DF73636914}
[2012/10/24 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{6DF2D965-9AE4-4230-AD6C-A709A0D9C7C3}
[2012/10/23 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{AEBB5559-8BE3-40DE-A906-E432AE5DC5C6}
[2012/10/22 18:28:31 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{9AA6D6D2-190D-4B67-904C-43F99EE57CD6}
[2012/10/21 08:33:34 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{1EE67204-600A-472D-9BA8-B95AA7E09A8C}
[2012/10/20 08:15:56 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{3AE5AC02-7C7F-45F1-9DC1-244547111549}
[2012/10/19 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{4D4835CC-691C-4D03-B935-F4FB4101C652}
[2012/10/18 07:34:14 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{18B62421-DB32-4007-89D4-4166132243F9}
[2012/10/17 13:54:23 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{861AA21C-E258-42E7-BB60-15AFC581FEAA}
[2012/10/16 16:01:21 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{EC29A477-6EAD-45E0-A489-F9D05EABD9C7}

========== Files - Modified Within 30 Days ==========

[2012/11/14 21:54:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/14 21:52:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/14 20:14:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/14 20:14:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/14 20:05:14 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/11/14 20:05:13 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/14 20:04:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/14 20:04:53 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/12 19:43:32 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/12 19:34:32 | 414,858,674 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/12 19:01:22 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\TFC.exe
[2012/11/11 19:57:25 | 001,277,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/11 19:57:25 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/11 19:57:25 | 000,474,792 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/11/11 19:57:25 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/11 19:57:25 | 000,082,370 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/11/07 19:36:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/07 19:10:08 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Christina\Desktop\ComboFix.exe
[2012/11/06 19:39:06 | 000,270,848 | ---- | M] (SingularLabs) -- C:\Users\Christina\Desktop\JavaRa.exe
[2012/11/04 21:50:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/04 21:11:19 | 000,000,913 | ---- | M] () -- C:\Users\Christina\Desktop\ERUNT.lnk
[2012/11/03 10:14:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/27 21:41:48 | 000,002,052 | ---- | M] () -- C:\Users\Christina\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/26 20:15:26 | 013,879,740 | ---- | M] () -- C:\Users\Christina\Desktop\ipad2_manuale_utente.pdf

========== Files Created - No Company Name ==========

[2012/11/12 19:43:32 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/07 19:18:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/07 19:18:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/07 19:18:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/07 19:18:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/07 19:18:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/06 19:58:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/04 21:11:19 | 000,000,913 | ---- | C] () -- C:\Users\Christina\Desktop\ERUNT.lnk
[2012/11/02 15:16:28 | 414,858,674 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/26 20:15:25 | 013,879,740 | ---- | C] () -- C:\Users\Christina\Desktop\ipad2_manuale_utente.pdf
[2012/03/27 19:43:35 | 000,000,000 | ---- | C] () -- C:\Users\Christina\temp.dat
[2011/08/04 12:12:40 | 000,007,680 | ---- | C] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 13:21:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/09 17:45:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/25 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\eTeks
[2012/06/30 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\MyVideoDownloader
[2012/06/30 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\MyVideoDownloaderHD
[2011/07/18 16:16:17 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\PlayFirst
[2012/09/22 17:44:14 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Rovio
[2011/06/02 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP