Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirects & odd ads coming from bottom of window

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirects & odd ads coming from bottom of window

Unread postby redheartlove » August 2nd, 2012, 10:17 pm

Good day Malware removal team!

Right off, let me say what a great bunch of volunteer folks you are to help us malware inflicted folk :D

I use(d) IE & now use Firefox, but both are infected.
1st - Redirects
2nd - A small window will crawl up the lower right corner of the screen w/advertisements. I was able to catch some of the websites & block them (this produces an empty window), but I know this is only stopping a symptom & not the big issue.

Thanks again for the help, you're all great!!
Holly Richter
redheartlove

My DDS report:
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by christopher at 16:54:22 on 2012-07-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1860 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Holly\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Users\Holly\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... EgtTkZGS0o"&"inst=NzYtOTUzNDk1MDc4LVFJWDErNC1YMjAxMCsyLVNQMSsxLVNQMVRCKzEtU1VQKzQtU1AxUzIrMS1ERFQrNTU4MjMtU1QxMEFQUCsxLUREMTArMS1TVDEyT0kr
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\2375942554635333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\2533E24556E676F694E6475627E65647 : DhcpNameServer = 10.29.95.1
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\27966756273756467656 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\354716E6460225F636B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\47271696C63756E646 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\C696E6B6379737 : DhcpNameServer = 216.165.129.157 134.215.200.126
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... EgtTkZGS0o"&"inst=NzYtOTUzNDk1MDc4LVFJWDErNC1YMjAxMCsyLVNQMSsxLVNQMVRCKzEtU1VQKzQtU1AxUzIrMS1ERFQrNTU4MjMtU1QxMEFQUCsxLUREMTArMS1TVDEyT0kr
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 94.228.209.244 http://www.google-analytics.com.
Hosts: 94.228.209.244 ad-emea.doubleclick.net.
Hosts: 94.228.209.244 http://www.statcounter.com.
Hosts: 178.250.45.15 http://www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\7wnh8ayu.default\
redheartlove
Active Member
 
Posts: 12
Joined: August 2nd, 2012, 9:42 pm
Advertisement
Register to Remove

Re: Redirects & odd ads coming from bottom of window

Unread postby Cypher » August 6th, 2012, 6:22 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


The DDS.txt log you posted is cut off/incomplete, could you post it again please.
Also when you run DDS it should create another log called Attach.txt, post this log also in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirects & odd ads coming from bottom of window

Unread postby redheartlove » August 6th, 2012, 9:24 pm

Good day Cypher!!
Thanks again for the aid! :mrgreen:
Not sure how I broke it off, but here is my DDS again.
I don't know how much you want to know of what I've done...
Of course I used ad-aware & anti-malware, but nothing came up in the scans.
I used Firefox to block the sites that were identified on bottom window bar (brain cloud - forgot whatsit called) and blocked them, but then I just get a blank window with no ad content. Grrr. I feel so violated! I've never had this happen B/4! :pale:
I will check back Tuesday when I get off work to see if you need any other info!
Holly
Need any plant advice? I'm a licensed arborist & a horticulturist :flower:

DDS Report:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by christopher at 19:45:53 on 2012-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2405 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Holly\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Holly\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\2375942554635333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\2533E24556E676F694E6475627E65647 : DhcpNameServer = 10.29.95.1
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\27966756273756467656 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\354716E6460225F636B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\47271696C63756E646 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}\C696E6B6379737 : DhcpNameServer = 216.165.129.157 134.215.200.126
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 94.228.209.244 http://www.google-analytics.com.
Hosts: 94.228.209.244 ad-emea.doubleclick.net.
Hosts: 94.228.209.244 http://www.statcounter.com.
Hosts: 178.250.45.15 http://www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\7wnh8ayu.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\christopher\AppData\Roaming\E-centives\NPcolPM460.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-5-25 47776]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-25 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-8-29 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-20 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-4 654408]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-17 1153368]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-20 243232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-5 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152720]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-21 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-4 1436424]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-5 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-16 113120]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-07 00:12:27 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{566035E6-17EE-4F09-AB11-7D77D3C55AC3}\mpengine.dll
2012-08-05 03:08:55 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-14 21:21:12 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70530FFE-3EF1-4EE9-A667-DEE1F93A4E1F}\gapaengine.dll
2012-07-14 21:15:59 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-14 21:15:46 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-13 19:56:45 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E3FB6B4-E9A5-4725-88D5-BE58E6837C84}\mpengine.dll
2012-07-12 20:38:56 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 00:54:20 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 00:54:19 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 00:54:18 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
.
==================== Find3M ====================
.
2012-08-07 00:38:26 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-08-03 02:12:40 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 02:12:40 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-03 01:10:07 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-06-08 00:29:29 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 19:47:07.08 ===============

Here is the 'attach file' - I do read & you said post in my reply. But, ironically, I did try to save it, but I could never find the file??? Very weird & Its not my 1st saved file. :monkey:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2010 12:36:18 PM
System Uptime: 8/6/2012 4:13:56 PM (3 hours ago)
.
Motherboard: Acer | | Aspire 5742
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU | 1190/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 322.012 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2C6C2BDB&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2C6C2BDB&0&01
Service: vwifimp
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 6500 E709n
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP148: 6/28/2012 11:20:27 AM - Windows Live Essentials
RP150: 6/28/2012 11:21:57 AM - Installed DirectX
RP151: 6/28/2012 11:22:56 AM - WLSetup
RP152: 6/29/2012 4:36:04 PM - Windows Update
RP153: 7/4/2012 1:22:58 PM - Windows Update
RP154: 7/10/2012 7:52:59 PM - Windows Update
RP155: 7/12/2012 3:24:38 PM - Windows Update
RP156: 7/15/2012 11:15:52 AM - Removed AVG 2012
RP157: 7/15/2012 11:19:49 AM - Removed AVG 2012
RP158: 7/15/2012 9:49:58 PM - Windows Update
RP159: 7/19/2012 7:22:33 AM - Windows Update
RP160: 7/22/2012 10:14:06 AM - Windows Update
RP161: 7/26/2012 5:00:02 PM - Windows Update
RP162: 7/31/2012 9:45:27 PM - Windows Update
RP163: 8/4/2012 10:08:10 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 94.228.209.244 www.google-analytics.com.
Hosts: 94.228.209.244 ad-emea.doubleclick.net.
Hosts: 94.228.209.244 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
Hosts: 178.250.45.15 www.statcounter.com.
.
==== Installed Programs ======================
.
18 Wheels of Steel - American Long Haul
6500_E709_eDocs
6500_E709_Help
6500_E709n
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Agatha Christie - Death on the Nile
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Autodesk Design Review 2011
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Backup Manager Basic
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Build-a-lot 2
Chuzzle Deluxe
CyberLink PowerDVD 9
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DocMgr
DocProc
Dora's Carnival Adventure
DynaSCAPE Color
DynaSCAPE Design
eSobi v2
FARO LS 1.1.406.58
FATE
Fax
Google Earth
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Product Detection
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Identity Card
Inkscape 0.48.2
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mihov Image Resizer 1.2 (remove only)
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
NTI Media Maker 9
OpenOffice.org 3.2
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
ProductContext
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shredder
Simple Adblock
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Structure Studios SE3D
swMSM
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
WebReg
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/3/2012 3:30:24 PM, Error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
8/3/2012 3:30:24 PM, Error: Service Control Manager [7023] - The Google Update Service (gupdate) service terminated with the following error: %%-2147467243
.
==== End Of File ===========================


THANKS!!!
redheartlove
Active Member
 
Posts: 12
Joined: August 2nd, 2012, 9:42 pm

Re: Redirects & odd ads coming from bottom of window

Unread postby Cypher » August 7th, 2012, 5:33 am

Hi Holly,
Thanks again for the aid!

You're most welcome.
I don't know how much you want to know of what I've done...
I used ad-aware & anti-malware, but nothing came up in the scans.

That's fine, but as mentioned in my previous post, please do not run any further scans other than the ones i ask you to.

Ok continue with the instructions below please.

  • You are operating your computer with multiple Anti Virus programs running in memory at once:
    Lavasoft Ad-Watch Live! Anti-Virus
    Microsoft Security Essentials
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove Ad-Aware.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Ad-Aware
Java(TM) 6 Update 20 << Remove this also, we will replace it later.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirects & odd ads coming from bottom of window

Unread postby redheartlove » August 7th, 2012, 8:32 pm

Good day Cypher!
I removed both Adaware & the Java thing as you asked.
Here are the logs you asked for:
Thanks Again, for your help :geek:
Take Care,
Holly


OTL logfile created on: 8/7/2012 7:08:04 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Holly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 53.01% Memory free
7.36 Gb Paging File | 5.07 Gb Available in Paging File | 68.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 322.90 Gb Free Space | 71.49% Space Free | Partition Type: NTFS

Computer Name: CHRISTOPHER-PC | User Name: christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/08/07 18:27:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
PRC - [2012/07/22 10:17:39 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Holly\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/16 14:20:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/06/28 17:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/06/22 01:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/22 01:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/06/09 20:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/05/26 21:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/05/21 01:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 01:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 11:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/22 10:17:25 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 06:17:15 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/15 06:16:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 06:36:32 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/20 08:52:21 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6ec4dc5649a0969dd383d88a2f0e3faa\IAStorUtil.ni.dll
MOD - [2012/05/20 07:35:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/20 07:35:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/20 07:34:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/20 07:34:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/20 07:34:49 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/20 07:34:07 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/28 17:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/06/09 20:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010/05/04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/02/04 17:38:39 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/06/11 16:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 14:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/02 21:12:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/22 10:17:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/16 14:20:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/20 03:51:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/05/25 19:46:44 | 000,047,776 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/08 22:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/17 04:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/25 17:26:02 | 000,264,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/05/20 15:42:30 | 000,294,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/05/20 15:42:30 | 000,202,792 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/05/20 15:42:30 | 000,156,392 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/05/20 15:42:30 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/05/20 15:42:30 | 000,052,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/05/20 15:42:30 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/05/20 15:42:30 | 000,032,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/05/15 07:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/05/11 05:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/19 21:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/13 05:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/02/26 18:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 08:38:32 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/02 14:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5v47k21569
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS408
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\christopher\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/18 16:00:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/23 13:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/22 10:17:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/18 16:00:24 | 000,000,000 | ---D | M]

[2012/06/16 14:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christopher\AppData\Roaming\Mozilla\Extensions
[2012/06/19 09:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christopher\AppData\Roaming\Mozilla\Firefox\Profiles\7wnh8ayu.default\extensions
[2012/06/16 14:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/22 10:17:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/25 15:52:01 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.228.209.244 www.google-analytics.com.
O1 - Hosts: 94.228.209.244 ad-emea.doubleclick.net.
O1 - Hosts: 94.228.209.244 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B362A36A-B0A4-45C2-84CF-897B66D3E6A7}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/04 17:13:20 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 16:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/14 16:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

========== Files - Modified Within 30 Days ==========

[2012/08/07 19:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/07 19:06:41 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 19:06:37 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/08/07 19:06:37 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/08/07 19:06:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 16:10:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 16:42:16 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/08/05 16:42:16 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/08/03 16:49:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 16:49:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 20:10:07 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/08/02 20:09:42 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 16:16:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/14 16:16:06 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/14 16:16:06 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/14 16:16:06 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/14 10:05:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/13 16:57:11 | 000,000,126 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/12 16:10:30 | 000,505,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 20:55:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\HP_192.168.0.106_MY9984Y11Z05G2

========== Files Created - No Company Name ==========

[2012/08/02 20:13:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 16:16:16 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/13 16:57:11 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/10 20:55:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\HP_192.168.0.106_MY9984Y11Z05G2
[2012/03/16 11:55:06 | 000,000,218 | ---- | C] () -- C:\Users\christopher\.recently-used.xbel
[2012/02/12 13:00:43 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/12 13:00:43 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/08 18:51:14 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/18 15:57:16 | 000,228,983 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/03/18 15:57:16 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011/01/31 12:41:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\securegg.dll
[2011/01/31 12:41:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2010/08/29 06:51:54 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/29 06:51:54 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2010/08/29 06:51:54 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/08/29 06:51:54 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== LOP Check ==========

[2011/02/04 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\Autodesk
[2012/04/07 20:48:03 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\Dropbox
[2011/08/05 16:31:36 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\E-centives
[2012/03/16 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\inkscape
[2010/12/17 17:31:48 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\OpenOffice.org
[2012/01/26 18:57:02 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\Structure Studios
[2010/12/05 15:55:09 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\WildTangent
[2012/01/06 17:25:41 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\Windows Live Writer
[2009/07/14 00:08:49 | 000,029,132 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >





OTL Extras logfile created on: 8/7/2012 7:08:04 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Holly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 53.01% Memory free
7.36 Gb Paging File | 5.07 Gb Available in Paging File | 68.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 322.90 Gb Free Space | 71.49% Space Free | Partition Type: NTFS

Computer Name: CHRISTOPHER-PC | User Name: christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0739EEA0-2669-4DDF-8198-AAF446607A13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{09281CA3-1118-4045-B01B-A3AA8EA16420}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B5FC503-3F27-4B38-808F-07403A14DA1B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{10DAE22B-3562-4062-9034-02F8356B9463}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{126302B8-6254-4812-A93A-EC0EA6FDE1CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1601722F-1B1E-4FDF-862C-7C51BB506780}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1AA86BBF-09AD-4EE8-832A-8957D5571DB0}" = lport=445 | protocol=6 | dir=in | app=system |
"{1B6E1B9E-E4CE-48FE-A987-80120A2F3601}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FAC33F7-8D59-45C2-B6D8-EDE19D59FDF5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3079DD77-D736-4521-8436-B6FEE6D5E95E}" = lport=138 | protocol=17 | dir=in | app=system |
"{346802D8-AA28-4F3C-955E-16523B01EEC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A983CB3-0D56-478C-92CB-A7CD675CD226}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B7BCCD3-71A3-467F-8C4B-73CA90A59EE4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B11D6F7-A053-4612-8D20-2439E0108BE1}" = lport=61136 | protocol=6 | dir=in | name=akamai netsession interface |
"{7B2C4BE8-B3DD-409C-B76B-72972FD32DC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7D1AC21B-1A42-452B-AEA6-DC0499230EDB}" = rport=445 | protocol=6 | dir=out | app=system |
"{88EE0DF2-EC44-4A05-BB79-88EF3ADB31CD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C4230EB-067A-459A-B351-BBFA0CF2C222}" = lport=139 | protocol=6 | dir=in | app=system |
"{8FEBD737-39E7-4B26-8C54-AD33A10241DF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90A2360D-6171-4E92-909A-A25E70249C08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9227938C-85EC-42DA-B557-B5221EBD568B}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B674EB2-987E-49B7-AEDE-EDD1FE89C49A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB18B1FB-6BA5-42AF-B3BC-6CC60336F7B1}" = rport=139 | protocol=6 | dir=out | app=system |
"{BE1247B1-ADBA-4CA6-A8D4-8F3D534AD310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C425AF94-D3FC-46B0-AF1E-753F0A50F9F4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{CA538AA7-8B52-48F0-9A21-1A0E8E7F63A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7EF836E-88D8-4E2D-BC42-62A4D4671DF9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA1782B1-298A-44FE-9BAB-7C46F0FE53F4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{EA43DF23-7C05-41E6-BE69-D5BC65BE1751}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F1A60EF5-3BA8-4C98-B324-6B779C28E72F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1EDC514-6E3B-4F9D-A92A-3958F36F8798}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025CFEC5-61F4-4280-83BE-3BBB21557CB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{038A4BED-43C7-4208-99EA-4980779903D5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{0E8515B8-2BB3-4513-9AC8-8FB048365D35}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{0F9789B4-80CD-4A70-87F1-6B42DDAB5DB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10A98D23-66D0-4AE2-84B3-0EDE14F05F0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10BBD163-67D8-4F5C-A813-2BDBF2AE9C15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{117A112C-FDA2-4410-9E42-7E7F6CB3DCA9}" = protocol=6 | dir=in | app=c:\users\holly\appdata\local\akamai\netsession_win.exe |
"{11B8FA25-F323-4F37-B4C0-550F7D6ECE3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{13F39905-E0FE-42A0-9926-B83804593B8E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{146DCC31-DE2E-47DF-A834-0F4DCC3B7868}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{1470C3A0-6CF9-482C-92AA-2683ABF49E48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{154EF5D9-5487-4271-A1FA-C590D0181C63}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{176ECE80-2481-46DB-B7A4-827F083A9BB6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C881212-3073-4BED-B4FB-B7450399873D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{26B5D2B7-B439-4EE7-B4B2-5995733712B3}" = protocol=17 | dir=in | app=c:\users\holly\appdata\local\akamai\netsession_win.exe |
"{29E356FC-7F94-41EE-AD8A-56CD3FC2839F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{29EBC227-BE7E-4E60-8BCD-B75F6C5DC76C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2DC28802-5116-41BC-B5FD-BCCC877765B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{368FAFD2-B52B-4807-959E-C287E790D8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{38959164-AC4D-413B-B678-29D0AA2CCAFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38FA61DE-31F6-4A4D-8DD6-58D68679BF55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39A1B3BE-5FF2-4DF0-B7A5-A60CDC5C0263}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{40EB89C2-B428-4804-934E-DA7FB7722557}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{410716AC-B035-4A06-A913-C2C774F3649E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{44A369F2-A75D-44A4-946C-18BE255CA3E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{4545954C-0E22-4711-BC76-7848523DF343}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{49E9052D-9811-4961-9EBA-A08B4D5DDC5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{4A28DC6A-215B-4F16-8334-7CE9C4883832}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C5EB809-4BAE-4B0B-ABDF-0264FAA078A4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{50256BED-0821-4C63-9F47-1E37F823DEA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{50822D10-B427-4D20-BE56-87A5057EC12E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5087144A-95FD-40FB-B571-2938EDD2E971}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{54E4D5E9-D495-4846-9847-B910D62F53D6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{56786659-C76D-4B14-912D-8C3E50371604}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{5F9D86FF-25AF-4EBF-B67F-827DDB3DEFE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{6D3EE363-2FA9-48D4-9FF9-A335C9B49244}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{731DE7F7-97E6-42E7-A532-585A829A75B9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7453F8A3-FDC9-4AFE-88E7-2BB884E4609A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{776C3E28-2D38-4958-8557-BBE805ACD5EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{787DEA34-A472-4A86-85F9-8D5C8BF62E18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7D318FE1-0FC0-405E-89A7-EB652CB3F996}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{859A6701-FE10-4BEB-8411-0FADE87113AD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{86847836-0837-4C6A-84F3-747559C3028E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{89641CA7-7D25-4122-A4D1-ED6E2E635299}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{8A553301-E864-4B98-9FE0-B8EE9F986460}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8E399F53-0820-417F-9514-751944090314}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{933CB3BB-6B0A-4018-A3A9-4A3A746130FF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A3A648C3-39AC-49AF-9064-2FDCF2B3D8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{A7991BEB-9D04-47A2-891F-5993B9741627}" = protocol=6 | dir=in | app=c:\users\holly\appdata\roaming\dropbox\bin\dropbox.exe |
"{A8929F42-97F4-4EEB-A7A6-A711E62B756C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA280EFC-9D47-44C9-B223-77A5FD66B0A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AF64B9F8-17EA-4E7F-ABAE-C72263D0B868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4673536-7CA4-4941-BC7B-D65A88BE962C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCD80B32-2EF3-4C1C-8136-191618E7CA16}" = protocol=6 | dir=out | app=system |
"{BFB90E75-AACC-4F7B-A72B-546C237BB54C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C0C07036-BF23-4AF2-9AC6-00B56927C5C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C611EF4D-D299-41D9-9909-2047B4F2853D}" = protocol=17 | dir=in | app=c:\users\holly\appdata\roaming\dropbox\bin\dropbox.exe |
"{C74AE77F-A8AF-4D20-9637-966BDCA3CCAD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{CF231DB3-0A03-4D0D-B91D-545EBA767C3E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFED84A1-991C-468A-A713-A9406AD6BB9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{E8F5F487-E90E-430E-93A7-B671BF8D26C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F34D6B1F-1C1B-4D39-8FCD-8FEC53DCB3A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{FD74C321-0736-452C-9B07-3A3C31492231}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{FF14E75F-EBF2-49AB-9E19-0C24B657DA86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"TCP Query User{D0FDBABE-9363-4D2E-8332-87517DCD8F71}C:\users\holly\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\holly\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F928DAEE-D599-4C40-8702-494554F74EC3}C:\users\holly\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\holly\appdata\local\akamai\netsession_win.exe |
"UDP Query User{30B782BC-E341-4F70-8E10-7884FE60AFDF}C:\users\holly\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\holly\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DABE04FB-A278-41E5-8809-B5D536FCDCE4}C:\users\holly\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\holly\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9004-0409-0102-0060B0CE6BBA}" = AutoCAD Architecture 2011 - English
"{5783F2D7-9004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2011 Language Pack - English
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AutoCAD Architecture 2011 - English" = AutoCAD Architecture 2011 - English
"AutoCAD Architecture 2011 - English Version 2.1" = AutoCAD Architecture 2011 - English Version 2.1
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{141988D0-7336-43A4-8817-9BD27D3E6301}" = DynaSCAPE Design
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59308225-510C-4492-A7E4-71625FAD545E}" = Simple Adblock
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78198007-5E2F-4DD8-AD9D-35B75617E7C2}" = Structure Studios SE3D
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9099AE3B-4C63-432A-B606-BCC9B8138FA0}" = DynaSCAPE Color
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Identity Card" = Identity Card
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mihov Image Resizer" = Mihov Image Resizer 1.2 (remove only)
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT088295" = Agatha Christie - Death on the Nile
"WT088300" = Bejeweled 2 Deluxe
"WT088310" = Build-a-lot 2
"WT088312" = Chuzzle Deluxe
"WT088318" = Diner Dash 2 Restaurant Rescue
"WT088350" = Jewel Quest Solitaire 2
"WT088364" = Plants vs. Zombies
"WT088373" = Blackhawk Striker 2
"WT088393" = Dora's Carnival Adventure
"WT088413" = FATE
"WT088445" = John Deere Drive Green
"WT088449" = Penguins!
"WT088453" = Polar Bowler
"WT088457" = Polar Golfer
"WT088517" = Zuma's Revenge
"WT088553" = Virtual Villagers 4 - The Tree of Life
"WT088649" = 18 Wheels of Steel - American Long Haul
"WT088653" = Jewel Quest - Heritage

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2012 3:11:21 PM | Computer Name = christopher-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Internet Explorer' could not be shut down.

Error - 6/17/2012 12:26:09 PM | Computer Name = christopher-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/17/2012 7:20:16 PM | Computer Name = christopher-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 140.0.213.0, time
stamp: 0x4bffab62 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting process
id: 0x494 Faulting application start time: 0x01cd4ae7b938c4df Faulting application
path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: fef6e6ac-b8d2-11e1-b454-88ae1d87b90a

Error - 6/18/2012 10:02:55 PM | Computer Name = christopher-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: hpslpsvc64.dll, version: 140.0.331.0,
time stamp: 0x4cc1eedf Exception code: 0xc0000005 Fault offset: 0x0000000000059828
Faulting
process id: 0xbc8 Faulting application start time: 0x01cd4a2611d7b512 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\program files (x86)\hp\digital
imaging\bin\hpslpsvc64.dll Report Id: e1d4133c-b9b2-11e1-b454-88ae1d87b90a

Error - 6/20/2012 6:06:09 PM | Computer Name = christopher-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/25/2012 7:37:27 PM | Computer Name = christopher-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/27/2012 8:08:39 PM | Computer Name = christopher-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/28/2012 12:21:29 PM | Computer Name = christopher-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

Error - 6/28/2012 12:21:52 PM | Computer Name = christopher-PC | Source = System Restore | ID = 8193
Description =

Error - 7/1/2012 1:52:33 PM | Computer Name = christopher-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ Media Center Events ]
Error - 9/3/2011 9:20:31 AM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 8:20:31 AM - Error connecting to the internet. 8:20:31 AM - Unable
to contact server..

Error - 9/3/2011 9:20:36 AM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 8:20:36 AM - Error connecting to the internet. 8:20:36 AM - Unable
to contact server..

Error - 9/3/2011 10:20:41 AM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 9:20:41 AM - Error connecting to the internet. 9:20:41 AM - Unable
to contact server..

Error - 9/3/2011 10:20:46 AM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 9:20:46 AM - Error connecting to the internet. 9:20:46 AM - Unable
to contact server..

Error - 9/3/2011 12:10:19 PM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 11:10:19 AM - Error connecting to the internet. 11:10:19 AM - Unable
to contact server..

Error - 9/3/2011 12:10:37 PM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 11:10:24 AM - Error connecting to the internet. 11:10:24 AM - Unable
to contact server..

Error - 9/3/2011 3:16:56 PM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 2:16:56 PM - Error connecting to the internet. 2:16:56 PM - Unable
to contact server..

Error - 9/3/2011 3:17:06 PM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 2:17:01 PM - Error connecting to the internet. 2:17:01 PM - Unable
to contact server..

Error - 9/5/2011 9:51:40 AM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 8:51:40 AM - Error connecting to the internet. 8:51:40 AM - Unable
to contact server..

Error - 9/5/2011 9:51:58 AM | Computer Name = christopher-PC | Source = MCUpdate | ID = 0
Description = 8:51:45 AM - Error connecting to the internet. 8:51:45 AM - Unable
to contact server..

[ System Events ]
Error - 4/30/2012 7:46:35 PM | Computer Name = christopher-PC | Source = DCOM | ID = 10016
Description =

Error - 4/30/2012 7:56:16 PM | Computer Name = christopher-PC | Source = DCOM | ID = 10016
Description =

Error - 4/30/2012 7:56:16 PM | Computer Name = christopher-PC | Source = DCOM | ID = 10016
Description =

Error - 4/30/2012 8:46:56 PM | Computer Name = christopher-PC | Source = DCOM | ID = 10016
Description =

Error - 4/30/2012 8:46:56 PM | Computer Name = christopher-PC | Source = DCOM | ID = 10016
Description =

Error - 5/1/2012 6:14:20 PM | Computer Name = christopher-PC | Source = DCOM | ID = 10010
Description =

Error - 5/1/2012 7:57:38 PM | Computer Name = christopher-PC | Source = DCOM | ID = 10016
Description =

Error - 5/1/2012 7:57:38 PM | Computer Name = christopher-PC | Source = DCOM | ID = 10016
Description =

Error - 5/7/2012 8:17:37 PM | Computer Name = christopher-PC | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/19/2012 10:14:04 PM | Computer Name = christopher-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.


< End of report >
redheartlove
Active Member
 
Posts: 12
Joined: August 2nd, 2012, 9:42 pm

Re: Redirects & odd ads coming from bottom of window

Unread postby Cypher » August 8th, 2012, 5:53 am

Hi Holly,
Continue with the instructions below, once done give me an update on how your computer is performing please.

Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

We need to run an OTL Fix
  • Right - click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.


Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • aswMBR.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirects & odd ads coming from bottom of window

Unread postby redheartlove » August 9th, 2012, 10:40 pm

Good day Cypher!
I ran the OTL Report, but, just FYI, it didn't give me the files like the previous reports. I clicked right clicked / run admin & the report popped up :o
Same thing with the other one also.
Either way, they are both posted for your reading pleasure :cyclopsani:
I had to do some surfing b/4 I got to you & the redirects & ads were in full force. Hopefully it was their swan song!
I will let you know how's it going shortly.

Thanks again!
Holly



All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Holly\Desktop\cmd.bat deleted successfully.
C:\Users\Holly\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: christopher
->Temp folder emptied: 64061572 bytes
->Temporary Internet Files folder emptied: 106619013 bytes
->Java cache emptied: 334768 bytes
->FireFox cache emptied: 187019573 bytes
->Flash cache emptied: 4823 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1527536 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Holly
->Temp folder emptied: 4030549 bytes
->Temporary Internet Files folder emptied: 53193286 bytes
->Java cache emptied: 6336943 bytes
->FireFox cache emptied: 632078856 bytes
->Flash cache emptied: 60086 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183328482 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 867 bytes

Total Files Cleaned = 1,181.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08092012_203215

Files\Folders moved on Reboot...
File\Folder C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QE3YWYZI\2%3Bkvmar%3D2%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkr604%3D8128%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=48919172[1] not found!
File\Folder C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\E8HLHULN\.js,estara.js,image.js,listings.js,browselinks.js,feedback.js,pagination_sort.js,featuredadsflex.js,dealershowcase.js,locatorleads.js,url.js,numbers.js,refine_search[1].js not found!
File\Folder C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8A5M8NQR\1%3Bkvhme%3D2%3Bkvmar%3D2%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D26988%3Bnodecode%3Dyes%3Blink%3D;ord=48801475[1] not found!
File\Folder C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8A5M8NQR\2%3Bkvmar%3D2%3Bkr701%3D261%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D1657%3Bnodecode%3Dyes%3Blink%3D;ord=48885148[1] not found!
File\Folder C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XLRCUZ6\kvmar%3D2%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkr604%3D8128%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D105917%3Bnodecode%3Dyes%3Blink%3D;ord=48066634[1] not found!
File\Folder C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XLRCUZ6\kvmar%3D2%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkr604%3D8128%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D105917%3Bnodecode%3Dyes%3Blink%3D;ord=48515126[1] not found!
C:\Users\christopher\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Holly\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QE3YWYZI\2%3Bkvmar%3D2%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkr604%3D8128%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=48919172[1] not found!
File C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\E8HLHULN\.js,estara.js,image.js,listings.js,browselinks.js,feedback.js,pagination_sort.js,featuredadsflex.js,dealershowcase.js,locatorleads.js,url.js,numbers.js,refine_search[1].js not found!
File C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8A5M8NQR\1%3Bkvhme%3D2%3Bkvmar%3D2%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D26988%3Bnodecode%3Dyes%3Blink%3D;ord=48801475[1] not found!
File C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8A5M8NQR\2%3Bkvmar%3D2%3Bkr701%3D261%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D1657%3Bnodecode%3Dyes%3Blink%3D;ord=48885148[1] not found!
File C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XLRCUZ6\kvmar%3D2%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkr604%3D8128%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D105917%3Bnodecode%3Dyes%3Blink%3D;ord=48066634[1] not found!
File C:\Users\christopher\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XLRCUZ6\kvmar%3D2%3Bkvinc%3D5%3Bkvocc%3Docc13%3Bkr604%3D8128%3Bkvr%3D38%3A51%3A58%3A185%3A360%3Bkvhasrc%3D1%3Bkvagsrc%3D1%3Bkp%3D105917%3Bnodecode%3Dyes%3Blink%3D;ord=48515126[1] not found!
File C:\Users\christopher\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2010/12/05 18:37:36 | 000,000,000 | ---- | M] () C:\Users\Holly\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
[2012/08/09 21:13:57 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5

Registry entries deleted on Reboot...

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-09 21:31:07
-----------------------------
21:31:07.190 OS Version: Windows x64 6.1.7601 Service Pack 1
21:31:07.190 Number of processors: 4 586 0x2505
21:31:07.190 ComputerName: CHRISTOPHER-PC UserName: christopher
21:31:08.562 Initialize success
21:31:19.404 AVAST engine defs: 12080901
redheartlove
Active Member
 
Posts: 12
Joined: August 2nd, 2012, 9:42 pm

Re: Redirects & odd ads coming from bottom of window

Unread postby Cypher » August 10th, 2012, 4:48 am

Hi,
The aswMBR.txt you posted is incomplete, could you post it again please.
Thank you.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirects & odd ads coming from bottom of window

Unread postby redheartlove » August 10th, 2012, 6:39 pm

Good day Cypher!
I completely apologize about the incomplete posts. :oops:
I didn't have a lot of time to surf, but the small amount I did, nothing cropped up.
I will report on Sunday.

Thanks & enjoy the weekend! :flower:
Holly

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-09 21:31:07
-----------------------------
21:31:07.190 OS Version: Windows x64 6.1.7601 Service Pack 1
21:31:07.190 Number of processors: 4 586 0x2505
21:31:07.190 ComputerName: CHRISTOPHER-PC UserName: christopher
21:31:08.562 Initialize success
21:31:19.404 AVAST engine defs: 12080901
21:31:44.754 The log file has been saved successfully to "\\HOLLY\HollyShared\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-10 16:46:10
-----------------------------
16:46:10.219 OS Version: Windows x64 6.1.7601 Service Pack 1
16:46:10.219 Number of processors: 4 586 0x2505
16:46:10.219 ComputerName: CHRISTOPHER-PC UserName: christopher
16:46:11.451 Initialize success
16:46:25.413 AVAST engine defs: 12080901
16:46:29.891 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:46:29.906 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:46:29.922 Disk 0 MBR read successfully
16:46:29.922 Disk 0 MBR scan
16:46:30.062 Disk 0 Windows 7 default MBR code
16:46:30.078 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
16:46:30.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
16:46:30.156 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462502 MB offset 29566976
16:46:30.203 Disk 0 scanning C:\Windows\system32\drivers
16:46:50.171 Service scanning
16:47:43.101 Modules scanning
16:47:43.101 Disk 0 trace - called modules:
16:47:43.148 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:47:43.164 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007002060]
16:47:43.164 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fa8050]
16:47:44.677 AVAST engine scan C:\Windows
16:47:49.513 AVAST engine scan C:\Windows\system32
16:55:24.254 AVAST engine scan C:\Windows\system32\drivers
16:55:51.819 AVAST engine scan C:\Users\christopher
17:05:08.116 AVAST engine scan C:\ProgramData
17:10:41.348 Scan finished successfully
17:28:37.860 Disk 0 MBR has been saved successfully to "\\HOLLY\HollyShared\MBR.dat"
17:28:37.922 The log file has been saved successfully to "\\HOLLY\HollyShared\aswMBR.txt"
redheartlove
Active Member
 
Posts: 12
Joined: August 2nd, 2012, 9:42 pm

Re: Redirects & odd ads coming from bottom of window

Unread postby Cypher » August 11th, 2012, 5:03 am

Hi,
I completely apologize about the incomplete posts

No problem these things happen :)
I didn't have a lot of time to surf, but the small amount I did, nothing cropped up.

Use your computer for a day or so, then let me know if you get any redirected searches, or any pop-up adds.
In the meantime i need you to run another scan for me.

First download and install Java 7 Update 5 from Here

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirects & odd ads coming from bottom of window

Unread postby Cypher » August 13th, 2012, 7:03 am

Hi Holly,
Are you still with me?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirects & odd ads coming from bottom of window

Unread postby redheartlove » August 13th, 2012, 9:41 pm

Good day Cypher!
I apologize for the delay, last weekend was my husbands birthday/pig roast & time escaped me.
I ran the 3 1/2 hour scan & it came up with 1 threat. But, here is the scan log that you asked me for.
We haven't done much surfing, I did get a couple of attempted redirects (firefox blocked), but no advertising from bottom of screen.
It has definitely improved!

Thanks again!
Take care!
Holly :alien:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=18cf1fc78903174a9e9a4e17825ba277
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-14 01:17:47
# local_time=2012-08-13 08:17:47 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2598636 96437891 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=268885
# found=1
# cleaned=0
# scan_time=12625
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe a variant of Win32/CompuTrace.B application (unable to clean) 00000000000000000000000000000000 I
redheartlove
Active Member
 
Posts: 12
Joined: August 2nd, 2012, 9:42 pm

Re: Redirects & odd ads coming from bottom of window

Unread postby Cypher » August 14th, 2012, 5:42 am

Hi Holly,
I apologize for the delay, last weekend was my husbands birthday/pig roast & time escaped me.

No problem :)
We haven't done much surfing, I did get a couple of attempted redirects (firefox blocked), but no advertising from bottom of screen.

Can you explain what you mean by "attempted redirects", what message does FireFox give you when this happens?

Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirects & odd ads coming from bottom of window

Unread postby redheartlove » August 14th, 2012, 7:58 pm

Good day Cypher!
I have the setting in FF that states: "Prevent pages from redirecting" checked, so whatever is causing my 'puter to redirect, gets sorta stopped & FF gives me the warning at the top that says "FF has prevented this page from redirecting. To allow <hit the x>"
The scan didn't find any threats.
Here is the report from the scan.
Enjoy your day!!!

Holly :flower:


18:32:59.0875 6796 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
18:33:00.0252 6796 ============================================================
18:33:00.0252 6796 Current date / time: 2012/08/14 18:33:00.0252
18:33:00.0252 6796 SystemInfo:
18:33:00.0252 6796
18:33:00.0252 6796 OS Version: 6.1.7601 ServicePack: 1.0
18:33:00.0252 6796 Product type: Workstation
18:33:00.0252 6796 ComputerName: CHRISTOPHER-PC
18:33:00.0253 6796 UserName: christopher
18:33:00.0253 6796 Windows directory: C:\Windows
18:33:00.0253 6796 System windows directory: C:\Windows
18:33:00.0253 6796 Running under WOW64
18:33:00.0253 6796 Processor architecture: Intel x64
18:33:00.0253 6796 Number of processors: 4
18:33:00.0253 6796 Page size: 0x1000
18:33:00.0253 6796 Boot type: Normal boot
18:33:00.0253 6796 ============================================================
18:33:01.0902 6796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:01.0964 6796 ============================================================
18:33:01.0964 6796 \Device\Harddisk0\DR0:
18:33:01.0964 6796 MBR partitions:
18:33:01.0964 6796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
18:33:01.0964 6796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
18:33:01.0965 6796 ============================================================
18:33:02.0053 6796 C: <-> \Device\Harddisk0\DR0\Partition2
18:33:02.0054 6796 ============================================================
18:33:02.0054 6796 Initialize success
18:33:02.0054 6796 ============================================================
18:33:09.0390 4064 ============================================================
18:33:09.0390 4064 Scan started
18:33:09.0390 4064 Mode: Manual;
18:33:09.0390 4064 ============================================================
18:33:09.0829 4064 ================ Scan services =============================
18:33:11.0548 4064 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:33:11.0552 4064 1394ohci - ok
18:33:11.0692 4064 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:33:11.0698 4064 ACPI - ok
18:33:11.0773 4064 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:33:11.0775 4064 AcpiPmi - ok
18:33:12.0196 4064 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:33:12.0198 4064 AdobeARMservice - ok
18:33:14.0118 4064 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:33:14.0121 4064 AdobeFlashPlayerUpdateSvc - ok
18:33:14.0403 4064 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:14.0434 4064 adp94xx - ok
18:33:14.0666 4064 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:33:14.0672 4064 adpahci - ok
18:33:14.0791 4064 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:33:14.0795 4064 adpu320 - ok
18:33:14.0888 4064 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:33:14.0890 4064 AeLookupSvc - ok
18:33:15.0193 4064 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:33:15.0201 4064 AFD - ok
18:33:15.0303 4064 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:33:15.0305 4064 agp440 - ok
18:33:15.0414 4064 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
18:33:15.0416 4064 ALG - ok
18:33:15.0578 4064 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:33:15.0580 4064 aliide - ok
18:33:15.0720 4064 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
18:33:15.0722 4064 amdide - ok
18:33:15.0842 4064 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:33:15.0844 4064 AmdK8 - ok
18:33:15.0876 4064 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:33:15.0878 4064 AmdPPM - ok
18:33:16.0006 4064 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:33:16.0009 4064 amdsata - ok
18:33:16.0150 4064 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:16.0154 4064 amdsbs - ok
18:33:16.0262 4064 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:33:16.0263 4064 amdxata - ok
18:33:16.0488 4064 [ 4de0d5d747a73797c95a97dcce5018b5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
18:33:16.0490 4064 androidusb - ok
18:33:16.0706 4064 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
18:33:16.0708 4064 AppID - ok
18:33:16.0815 4064 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:33:16.0817 4064 AppIDSvc - ok
18:33:17.0028 4064 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:33:17.0030 4064 Appinfo - ok
18:33:17.0144 4064 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
18:33:17.0146 4064 arc - ok
18:33:17.0213 4064 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:33:17.0215 4064 arcsas - ok
18:33:17.0328 4064 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:17.0329 4064 AsyncMac - ok
18:33:17.0442 4064 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
18:33:17.0443 4064 atapi - ok
18:33:17.0579 4064 [ 1c60a629ad4ffd06d80cd522b92cdb7c ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
18:33:17.0580 4064 AthBTPort - ok
18:33:17.0733 4064 [ 4ecc791539f23982411864037d1ac8fc ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
18:33:17.0734 4064 ATHDFU - ok
18:33:18.0013 4064 [ a31f72621c938048cba02e82542f0715 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
18:33:18.0015 4064 AtherosSvc - ok
18:33:18.0790 4064 [ e642491f64e58cd5bc8fb8b347dcf65f ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:33:18.0853 4064 athr - ok
18:33:19.0179 4064 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:33:19.0192 4064 AudioEndpointBuilder - ok
18:33:19.0228 4064 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:33:19.0235 4064 AudioSrv - ok
18:33:19.0503 4064 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:33:19.0506 4064 AxInstSV - ok
18:33:19.0790 4064 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:33:19.0797 4064 b06bdrv - ok
18:33:19.0937 4064 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:33:19.0942 4064 b57nd60a - ok
18:33:20.0159 4064 [ 825f81a6f7dd073509db101f0ba6dc59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:33:20.0163 4064 BBSvc - ok
18:33:20.0343 4064 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:33:20.0345 4064 BDESVC - ok
18:33:20.0511 4064 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:33:20.0513 4064 Beep - ok
18:33:20.0856 4064 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
18:33:20.0869 4064 BFE - ok
18:33:21.0135 4064 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
18:33:21.0152 4064 BITS - ok
18:33:21.0218 4064 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:21.0220 4064 blbdrive - ok
18:33:21.0347 4064 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:33:21.0349 4064 bowser - ok
18:33:21.0407 4064 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:21.0409 4064 BrFiltLo - ok
18:33:21.0462 4064 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:21.0464 4064 BrFiltUp - ok
18:33:21.0558 4064 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
18:33:21.0561 4064 Browser - ok
18:33:21.0718 4064 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:33:21.0752 4064 Brserid - ok
18:33:21.0795 4064 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:21.0797 4064 BrSerWdm - ok
18:33:21.0876 4064 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:21.0877 4064 BrUsbMdm - ok
18:33:21.0934 4064 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:21.0936 4064 BrUsbSer - ok
18:33:22.0057 4064 [ 89f5586e80b42ca4e98b3efdafcad1b8 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
18:33:22.0062 4064 BTATH_A2DP - ok
18:33:22.0126 4064 [ bc14a513c0120919a019e18061faca46 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
18:33:22.0128 4064 BTATH_BUS - ok
18:33:22.0208 4064 [ 76e867c34242d16e3418aa9a9430d96a ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
18:33:22.0211 4064 BTATH_HCRP - ok
18:33:22.0288 4064 [ 6409827297daf3699643e9f6ec5c2cd2 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
18:33:22.0289 4064 BTATH_LWFLT - ok
18:33:22.0456 4064 [ 2b53167c52a1730a59edfd3c83deff70 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
18:33:22.0460 4064 BTATH_RCP - ok
18:33:22.0635 4064 [ 9b014e62bd3541812a0b2a46459b31d7 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
18:33:22.0639 4064 BtFilter - ok
18:33:22.0836 4064 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:33:22.0838 4064 BthEnum - ok
18:33:22.0898 4064 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:22.0900 4064 BTHMODEM - ok
18:33:22.0985 4064 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:33:22.0988 4064 BthPan - ok
18:33:23.0193 4064 [ 64c198198501f7560ee41d8d1efa7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:33:23.0201 4064 BTHPORT - ok
18:33:23.0358 4064 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
18:33:23.0364 4064 bthserv - ok
18:33:23.0409 4064 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:33:23.0412 4064 BTHUSB - ok
18:33:23.0469 4064 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:33:23.0471 4064 cdfs - ok
18:33:23.0606 4064 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:33:23.0609 4064 cdrom - ok
18:33:23.0761 4064 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
18:33:23.0763 4064 CertPropSvc - ok
18:33:23.0862 4064 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:33:23.0863 4064 circlass - ok
18:33:23.0996 4064 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
18:33:24.0029 4064 CLFS - ok
18:33:24.0287 4064 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:24.0290 4064 clr_optimization_v2.0.50727_32 - ok
18:33:25.0027 4064 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:33:25.0030 4064 clr_optimization_v2.0.50727_64 - ok
18:33:26.0185 4064 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:26.0188 4064 clr_optimization_v4.0.30319_32 - ok
18:33:26.0768 4064 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:33:26.0772 4064 clr_optimization_v4.0.30319_64 - ok
18:33:26.0859 4064 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:26.0861 4064 CmBatt - ok
18:33:26.0973 4064 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:33:26.0975 4064 cmdide - ok
18:33:27.0144 4064 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
18:33:27.0154 4064 CNG - ok
18:33:27.0243 4064 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:33:27.0245 4064 Compbatt - ok
18:33:27.0342 4064 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:33:27.0344 4064 CompositeBus - ok
18:33:27.0369 4064 COMSysApp - ok
18:33:27.0445 4064 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:27.0446 4064 crcdisk - ok
18:33:27.0555 4064 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:33:27.0560 4064 CryptSvc - ok
18:33:27.0706 4064 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:33:27.0716 4064 DcomLaunch - ok
18:33:27.0777 4064 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
18:33:27.0783 4064 defragsvc - ok
18:33:27.0897 4064 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:33:27.0900 4064 DfsC - ok
18:33:28.0081 4064 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
18:33:28.0087 4064 Dhcp - ok
18:33:28.0190 4064 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
18:33:28.0191 4064 discache - ok
18:33:28.0390 4064 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:33:28.0392 4064 Disk - ok
18:33:28.0522 4064 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:33:28.0525 4064 Dnscache - ok
18:33:28.0651 4064 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:33:28.0658 4064 dot3svc - ok
18:33:28.0787 4064 [ b42ed0320c6e41102fde0005154849bb ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:33:28.0821 4064 Dot4 - ok
18:33:28.0977 4064 [ e9f5969233c5d89f3c35e3a66a52a361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
18:33:28.0979 4064 Dot4Print - ok
18:33:29.0020 4064 [ fd05a02b0370bc3000f402e543ca5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:33:29.0022 4064 dot4usb - ok
18:33:29.0146 4064 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
18:33:29.0150 4064 DPS - ok
18:33:29.0265 4064 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:33:29.0266 4064 drmkaud - ok
18:33:29.0626 4064 [ 1fca854cedfc2ccd0c22e46ea4ea18f1 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:33:29.0840 4064 DsiWMIService - ok
18:33:30.0124 4064 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:33:30.0138 4064 DXGKrnl - ok
18:33:30.0175 4064 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:33:30.0178 4064 EapHost - ok
18:33:31.0035 4064 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:33:31.0126 4064 ebdrv - ok
18:33:31.0153 4064 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
18:33:31.0156 4064 EFS - ok
18:33:31.0531 4064 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:33:31.0602 4064 ehRecvr - ok
18:33:31.0648 4064 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
18:33:31.0701 4064 ehSched - ok
18:33:31.0778 4064 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:33:31.0787 4064 elxstor - ok
18:33:32.0104 4064 [ 3ea2c4f68a782839d97b3c83595575b6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:33:32.0119 4064 ePowerSvc - ok
18:33:32.0173 4064 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:33:32.0174 4064 ErrDev - ok
18:33:32.0365 4064 [ 0975bf32399a24117e317b5bf1d5d0aa ] ETD C:\Windows\system32\DRIVERS\ETD.sys
18:33:32.0368 4064 ETD - ok
18:33:32.0440 4064 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
18:33:32.0448 4064 EventSystem - ok
18:33:32.0627 4064 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
18:33:32.0631 4064 exfat - ok
18:33:32.0675 4064 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:33:32.0679 4064 fastfat - ok
18:33:32.0742 4064 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
18:33:32.0752 4064 Fax - ok
18:33:32.0875 4064 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:33:32.0876 4064 fdc - ok
18:33:33.0001 4064 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:33:33.0003 4064 fdPHost - ok
18:33:33.0094 4064 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:33:33.0098 4064 FDResPub - ok
18:33:33.0137 4064 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:33:33.0140 4064 FileInfo - ok
18:33:33.0203 4064 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:33:33.0208 4064 Filetrace - ok
18:33:33.0299 4064 [ bb0667b0171b632b97ea759515476f07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:33:33.0315 4064 FLEXnet Licensing Service - ok
18:33:33.0432 4064 [ a4297244d4f817278a6ae45b1899ca9c ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:33:33.0477 4064 FLEXnet Licensing Service 64 - ok
18:33:33.0549 4064 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:33:33.0550 4064 flpydisk - ok
18:33:33.0593 4064 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:33:33.0598 4064 FltMgr - ok
18:33:33.0698 4064 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
18:33:33.0733 4064 FontCache - ok
18:33:33.0809 4064 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:33:33.0811 4064 FontCache3.0.0.0 - ok
18:33:33.0833 4064 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:33:33.0835 4064 FsDepends - ok
18:33:33.0893 4064 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:33:33.0895 4064 Fs_Rec - ok
18:33:33.0940 4064 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:33:33.0944 4064 fvevol - ok
18:33:33.0971 4064 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:33:33.0974 4064 gagp30kx - ok
18:33:34.0042 4064 [ ce16683cfd11fe70bde435dda5ea1fca ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
18:33:34.0047 4064 GameConsoleService - ok
18:33:34.0106 4064 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
18:33:34.0122 4064 gpsvc - ok
18:33:34.0200 4064 [ 0191dee9b9eb7902af2cf4f67301095d ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:33:34.0202 4064 GREGService - ok
18:33:34.0256 4064 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:34.0259 4064 gupdate - ok
18:33:34.0305 4064 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:34.0306 4064 gupdatem - ok
18:33:34.0339 4064 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:33:34.0341 4064 gusvc - ok
18:33:34.0386 4064 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:33:34.0387 4064 hcw85cir - ok
18:33:34.0449 4064 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:33:34.0455 4064 HdAudAddService - ok
18:33:34.0593 4064 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:33:34.0596 4064 HDAudBus - ok
18:33:34.0637 4064 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:33:34.0639 4064 HECIx64 - ok
18:33:34.0670 4064 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:33:34.0672 4064 HidBatt - ok
18:33:34.0701 4064 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:33:34.0704 4064 HidBth - ok
18:33:34.0727 4064 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:33:34.0729 4064 HidIr - ok
18:33:34.0755 4064 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
18:33:34.0758 4064 hidserv - ok
18:33:34.0805 4064 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:33:34.0807 4064 HidUsb - ok
18:33:34.0856 4064 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:33:34.0859 4064 hkmsvc - ok
18:33:34.0950 4064 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:33:34.0957 4064 HomeGroupListener - ok
18:33:35.0025 4064 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:33:35.0030 4064 HomeGroupProvider - ok
18:33:35.0231 4064 [ 97aac45a375168c6a2297beeb9692e31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:33:35.0235 4064 hpqcxs08 - ok
18:33:35.0298 4064 [ 19a4fb67b1c97ea18edff44340973cd9 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:33:35.0301 4064 hpqddsvc - ok
18:33:35.0366 4064 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:33:35.0368 4064 HpSAMD - ok
18:33:35.0468 4064 [ f37882f128efacefe353e0bae2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:33:35.0501 4064 HPSLPSVC - ok
18:33:35.0569 4064 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:33:35.0585 4064 HTTP - ok
18:33:35.0671 4064 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:33:35.0672 4064 hwpolicy - ok
18:33:35.0730 4064 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:33:35.0733 4064 i8042prt - ok
18:33:35.0794 4064 [ 1384872112e8e7fd5786eceb8bddf4c9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:33:35.0800 4064 iaStor - ok
18:33:35.0891 4064 [ 6b24d1c3096de796d15571079ea5e98c ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:33:35.0899 4064 IAStorDataMgrSvc - ok
18:33:35.0953 4064 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:33:35.0960 4064 iaStorV - ok
18:33:36.0059 4064 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:33:36.0102 4064 idsvc - ok
18:33:36.0530 4064 [ 677aa5991026a65ada128c4b59cf2bad ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:33:36.0788 4064 igfx - ok
18:33:36.0836 4064 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:33:36.0838 4064 iirsp - ok
18:33:36.0886 4064 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
18:33:36.0918 4064 IKEEXT - ok
18:33:36.0969 4064 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:33:36.0973 4064 Impcd - ok
18:33:37.0052 4064 [ 235362d403d9d677514649d88db31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:33:37.0146 4064 IntcAzAudAddService - ok
18:33:37.0254 4064 [ 58cf58dee26c909bd6f977b61d246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:33:37.0259 4064 IntcDAud - ok
18:33:37.0315 4064 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
18:33:37.0316 4064 intelide - ok
18:33:37.0365 4064 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:33:37.0368 4064 intelppm - ok
18:33:37.0416 4064 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:33:37.0420 4064 IPBusEnum - ok
18:33:37.0470 4064 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:37.0472 4064 IpFilterDriver - ok
18:33:37.0516 4064 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:33:37.0526 4064 iphlpsvc - ok
18:33:37.0609 4064 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:33:37.0611 4064 IPMIDRV - ok
18:33:37.0662 4064 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:33:37.0665 4064 IPNAT - ok
18:33:37.0712 4064 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:33:37.0713 4064 IRENUM - ok
18:33:37.0769 4064 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:33:37.0771 4064 isapnp - ok
18:33:37.0819 4064 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:33:37.0824 4064 iScsiPrt - ok
18:33:37.0875 4064 [ 37e053a2cf8f0082b689ed74106e0cec ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
18:33:37.0881 4064 k57nd60a - ok
18:33:37.0916 4064 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:33:37.0918 4064 kbdclass - ok
18:33:37.0991 4064 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:33:37.0993 4064 kbdhid - ok
18:33:38.0021 4064 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
18:33:38.0023 4064 KeyIso - ok
18:33:38.0058 4064 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:33:38.0061 4064 KSecDD - ok
18:33:38.0105 4064 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:33:38.0108 4064 KSecPkg - ok
18:33:38.0147 4064 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:33:38.0148 4064 ksthunk - ok
18:33:38.0179 4064 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
18:33:38.0188 4064 KtmRm - ok
18:33:38.0255 4064 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:33:38.0261 4064 LanmanServer - ok
18:33:38.0302 4064 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:33:38.0308 4064 LanmanWorkstation - ok
18:33:38.0404 4064 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:33:38.0406 4064 lltdio - ok
18:33:38.0542 4064 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:33:38.0549 4064 lltdsvc - ok
18:33:38.0585 4064 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:33:38.0588 4064 lmhosts - ok
18:33:38.0850 4064 [ dbc1136a62bd4decc3632df650284c2e ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:33:38.0855 4064 LMS - ok
18:33:38.0941 4064 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:33:38.0944 4064 LSI_FC - ok
18:33:38.0974 4064 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:33:38.0977 4064 LSI_SAS - ok
18:33:39.0007 4064 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:33:39.0010 4064 LSI_SAS2 - ok
18:33:39.0025 4064 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:33:39.0028 4064 LSI_SCSI - ok
18:33:39.0061 4064 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
18:33:39.0064 4064 luafv - ok
18:33:39.0105 4064 [ dbc08862a71459e74f7538b432c114cc ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:33:39.0107 4064 MBAMProtector - ok
18:33:39.0165 4064 [ ba400ed640bca1eae5c727ae17c10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:33:39.0175 4064 MBAMService - ok
18:33:39.0229 4064 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:33:39.0233 4064 Mcx2Svc - ok
18:33:39.0274 4064 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:33:39.0276 4064 megasas - ok
18:33:39.0293 4064 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:33:39.0299 4064 MegaSR - ok
18:33:39.0383 4064 Microsoft SharePoint Workspace Audit Service - ok
18:33:39.0413 4064 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
18:33:39.0416 4064 MMCSS - ok
18:33:39.0439 4064 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:33:39.0441 4064 Modem - ok
18:33:39.0479 4064 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:33:39.0480 4064 monitor - ok
18:33:39.0542 4064 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:33:39.0544 4064 mouclass - ok
18:33:39.0575 4064 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:33:39.0577 4064 mouhid - ok
18:33:39.0626 4064 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:33:39.0628 4064 mountmgr - ok
18:33:39.0707 4064 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:33:39.0710 4064 MozillaMaintenance - ok
18:33:39.0804 4064 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:33:39.0808 4064 MpFilter - ok
18:33:39.0833 4064 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:33:39.0836 4064 mpio - ok
18:33:39.0875 4064 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:33:39.0877 4064 mpsdrv - ok
18:33:39.0934 4064 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:33:39.0954 4064 MpsSvc - ok
18:33:40.0018 4064 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:33:40.0021 4064 MRxDAV - ok
18:33:40.0065 4064 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:40.0068 4064 mrxsmb - ok
18:33:40.0114 4064 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:40.0119 4064 mrxsmb10 - ok
18:33:40.0141 4064 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:40.0144 4064 mrxsmb20 - ok
18:33:40.0186 4064 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:33:40.0188 4064 msahci - ok
18:33:40.0228 4064 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:33:40.0232 4064 msdsm - ok
18:33:40.0264 4064 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
18:33:40.0269 4064 MSDTC - ok
18:33:40.0309 4064 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:33:40.0311 4064 Msfs - ok
18:33:40.0323 4064 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:33:40.0325 4064 mshidkmdf - ok
18:33:40.0358 4064 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:33:40.0361 4064 msisadrv - ok
18:33:40.0399 4064 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:33:40.0404 4064 MSiSCSI - ok
18:33:40.0411 4064 msiserver - ok
18:33:40.0449 4064 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:33:40.0451 4064 MSKSSRV - ok
18:33:40.0566 4064 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:33:40.0567 4064 MsMpSvc - ok
18:33:40.0605 4064 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:40.0607 4064 MSPCLOCK - ok
18:33:40.0635 4064 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:33:40.0637 4064 MSPQM - ok
18:33:40.0686 4064 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:33:40.0694 4064 MsRPC - ok
18:33:40.0761 4064 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:33:40.0763 4064 mssmbios - ok
18:33:40.0773 4064 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:33:40.0774 4064 MSTEE - ok
18:33:40.0801 4064 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:33:40.0802 4064 MTConfig - ok
18:33:40.0823 4064 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:33:40.0826 4064 Mup - ok
18:33:40.0853 4064 [ 6ffecc25b39dc7652a0cec0ada9db589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:33:40.0855 4064 mwlPSDFilter - ok
18:33:40.0873 4064 [ 0befe32ca56d6ee89d58175725596a85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:33:40.0875 4064 mwlPSDNServ - ok
18:33:40.0903 4064 [ d43bc633b8660463e446e28e14a51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:33:40.0905 4064 mwlPSDVDisk - ok
18:33:40.0988 4064 [ 3e5e20817259f7328c8f3be5421f35b9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
18:33:40.0994 4064 MWLService - ok
18:33:41.0069 4064 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
18:33:41.0079 4064 napagent - ok
18:33:41.0155 4064 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:33:41.0161 4064 NativeWifiP - ok
18:33:41.0247 4064 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
18:33:41.0268 4064 NDIS - ok
18:33:41.0305 4064 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:41.0306 4064 NdisCap - ok
18:33:41.0337 4064 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:41.0339 4064 NdisTapi - ok
18:33:41.0407 4064 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:41.0409 4064 Ndisuio - ok
18:33:41.0489 4064 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:41.0493 4064 NdisWan - ok
18:33:41.0545 4064 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:33:41.0548 4064 NDProxy - ok
18:33:41.0632 4064 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:33:41.0634 4064 Net Driver HPZ12 - ok
18:33:41.0673 4064 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:33:41.0675 4064 NetBIOS - ok
18:33:41.0720 4064 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:33:41.0724 4064 NetBT - ok
18:33:41.0754 4064 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
18:33:41.0756 4064 Netlogon - ok
18:33:41.0808 4064 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
18:33:41.0816 4064 Netman - ok
18:33:41.0864 4064 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
18:33:41.0874 4064 netprofm - ok
18:33:41.0943 4064 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:41.0946 4064 NetTcpPortSharing - ok
18:33:41.0991 4064 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:33:41.0993 4064 nfrd960 - ok
18:33:42.0061 4064 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:33:42.0064 4064 NisDrv - ok
18:33:42.0216 4064 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:33:42.0221 4064 NisSrv - ok
18:33:42.0361 4064 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:33:42.0368 4064 NlaSvc - ok
18:33:42.0392 4064 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:33:42.0394 4064 Npfs - ok
18:33:42.0460 4064 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:33:42.0462 4064 nsi - ok
18:33:42.0508 4064 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:33:42.0509 4064 nsiproxy - ok
18:33:42.0779 4064 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:33:42.0815 4064 Ntfs - ok
18:33:42.0903 4064 [ 9a308fcdcca98a15b6f62d36a272160e ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
18:33:42.0908 4064 NTI IScheduleSvc - ok
18:33:42.0938 4064 [ ee3ba1024594d5d09e314f206b94069e ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
18:33:42.0940 4064 NTIDrvr - ok
18:33:42.0981 4064 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
18:33:42.0983 4064 Null - ok
18:33:43.0044 4064 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:33:43.0047 4064 nvraid - ok
18:33:43.0137 4064 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:33:43.0140 4064 nvstor - ok
18:33:43.0203 4064 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:33:43.0206 4064 nv_agp - ok
18:33:43.0250 4064 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:33:43.0253 4064 ohci1394 - ok
18:33:43.0502 4064 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:43.0505 4064 ose - ok
18:33:43.0719 4064 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:33:43.0866 4064 osppsvc - ok
18:33:43.0998 4064 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:33:44.0020 4064 p2pimsvc - ok
18:33:44.0086 4064 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:33:44.0094 4064 p2psvc - ok
18:33:44.0139 4064 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:33:44.0141 4064 Parport - ok
18:33:44.0181 4064 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:33:44.0184 4064 partmgr - ok
18:33:44.0213 4064 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:33:44.0219 4064 PcaSvc - ok
18:33:44.0258 4064 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
18:33:44.0262 4064 pci - ok
18:33:44.0296 4064 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
18:33:44.0297 4064 pciide - ok
18:33:44.0398 4064 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:33:44.0402 4064 pcmcia - ok
18:33:44.0431 4064 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:33:44.0434 4064 pcw - ok
18:33:44.0505 4064 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:33:44.0514 4064 PEAUTH - ok
18:33:44.0635 4064 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:33:44.0637 4064 PerfHost - ok
18:33:44.0727 4064 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
18:33:44.0773 4064 pla - ok
18:33:44.0831 4064 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:33:44.0839 4064 PlugPlay - ok
18:33:44.0953 4064 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:33:44.0956 4064 Pml Driver HPZ12 - ok
18:33:44.0993 4064 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:33:44.0996 4064 PNRPAutoReg - ok
18:33:45.0042 4064 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:33:45.0048 4064 PNRPsvc - ok
18:33:45.0095 4064 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:33:45.0104 4064 PolicyAgent - ok
18:33:45.0149 4064 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
18:33:45.0155 4064 Power - ok
18:33:45.0200 4064 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:33:45.0203 4064 PptpMiniport - ok
18:33:45.0224 4064 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:33:45.0226 4064 Processor - ok
18:33:45.0265 4064 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:33:45.0270 4064 ProfSvc - ok
18:33:45.0287 4064 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:33:45.0289 4064 ProtectedStorage - ok
18:33:45.0331 4064 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:33:45.0333 4064 Psched - ok
18:33:45.0474 4064 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:33:45.0509 4064 ql2300 - ok
18:33:45.0516 4064 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:33:45.0523 4064 ql40xx - ok
18:33:45.0555 4064 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
18:33:45.0561 4064 QWAVE - ok
18:33:45.0578 4064 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:33:45.0580 4064 QWAVEdrv - ok
18:33:45.0595 4064 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:33:45.0597 4064 RasAcd - ok
18:33:45.0628 4064 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:45.0630 4064 RasAgileVpn - ok
18:33:45.0662 4064 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
18:33:45.0667 4064 RasAuto - ok
18:33:45.0702 4064 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:45.0706 4064 Rasl2tp - ok
18:33:45.0753 4064 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
18:33:45.0761 4064 RasMan - ok
18:33:45.0793 4064 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:45.0795 4064 RasPppoe - ok
18:33:45.0817 4064 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:33:45.0820 4064 RasSstp - ok
18:33:45.0857 4064 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:33:45.0863 4064 rdbss - ok
18:33:45.0908 4064 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:33:45.0910 4064 rdpbus - ok
18:33:45.0927 4064 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:45.0927 4064 RDPCDD - ok
18:33:45.0947 4064 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:33:45.0948 4064 RDPENCDD - ok
18:33:45.0969 4064 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:33:45.0969 4064 RDPREFMP - ok
18:33:46.0011 4064 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:33:46.0015 4064 RDPWD - ok
18:33:46.0072 4064 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:33:46.0080 4064 rdyboost - ok
18:33:46.0117 4064 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:33:46.0121 4064 RemoteAccess - ok
18:33:46.0161 4064 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:33:46.0166 4064 RemoteRegistry - ok
18:33:46.0274 4064 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:33:46.0278 4064 RFCOMM - ok
18:33:46.0311 4064 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:33:46.0314 4064 RpcEptMapper - ok
18:33:46.0344 4064 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
18:33:46.0348 4064 RpcLocator - ok
18:33:46.0389 4064 [ 3297445bb9fd3e8363e7559010ed2ae7 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe
18:33:46.0393 4064 rpcnet - ok
18:33:46.0440 4064 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
18:33:46.0448 4064 RpcSs - ok
18:33:46.0486 4064 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:33:46.0489 4064 rspndr - ok
18:33:46.0527 4064 [ 763ae0c6d9df4c24b7e2c26036a8188a ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:33:46.0530 4064 RSUSBSTOR - ok
18:33:46.0542 4064 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
18:33:46.0545 4064 SamSs - ok
18:33:46.0591 4064 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:33:46.0594 4064 sbp2port - ok
18:33:46.0730 4064 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:33:46.0764 4064 SBSDWSCService - ok
18:33:46.0813 4064 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:33:46.0818 4064 SCardSvr - ok
18:33:46.0854 4064 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:33:46.0856 4064 scfilter - ok
18:33:46.0917 4064 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
18:33:46.0953 4064 Schedule - ok
18:33:46.0994 4064 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
18:33:46.0995 4064 SCPolicySvc - ok
18:33:47.0034 4064 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:33:47.0039 4064 SDRSVC - ok
18:33:47.0112 4064 [ cc781378e7eda615d2cdca3b17829fa4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:33:47.0116 4064 SeaPort - ok
18:33:47.0153 4064 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:33:47.0154 4064 secdrv - ok
18:33:47.0187 4064 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
18:33:47.0191 4064 seclogon - ok
18:33:47.0228 4064 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
18:33:47.0231 4064 SENS - ok
18:33:47.0257 4064 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:33:47.0261 4064 SensrSvc - ok
18:33:47.0296 4064 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:33:47.0297 4064 Serenum - ok
18:33:47.0316 4064 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:33:47.0318 4064 Serial - ok
18:33:47.0349 4064 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:33:47.0350 4064 sermouse - ok
18:33:47.0461 4064 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:33:47.0467 4064 SessionEnv - ok
18:33:47.0496 4064 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:33:47.0497 4064 sffdisk - ok
18:33:47.0512 4064 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:33:47.0514 4064 sffp_mmc - ok
18:33:47.0530 4064 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:33:47.0532 4064 sffp_sd - ok
18:33:47.0568 4064 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:33:47.0570 4064 sfloppy - ok
18:33:47.0667 4064 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:33:47.0674 4064 SharedAccess - ok
18:33:47.0789 4064 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:33:47.0799 4064 ShellHWDetection - ok
18:33:47.0868 4064 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:33:47.0870 4064 SiSRaid2 - ok
18:33:47.0919 4064 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:33:47.0922 4064 SiSRaid4 - ok
18:33:47.0937 4064 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:33:47.0940 4064 Smb - ok
18:33:48.0030 4064 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:33:48.0043 4064 SNMPTRAP - ok
18:33:48.0079 4064 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:33:48.0081 4064 spldr - ok
18:33:48.0135 4064 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
18:33:48.0146 4064 Spooler - ok
18:33:48.0261 4064 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
18:33:48.0364 4064 sppsvc - ok
18:33:48.0413 4064 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:33:48.0417 4064 sppuinotify - ok
18:33:48.0470 4064 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
18:33:48.0478 4064 srv - ok
18:33:48.0538 4064 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:33:48.0545 4064 srv2 - ok
18:33:48.0585 4064 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:33:48.0591 4064 srvnet - ok
18:33:48.0634 4064 [ 8f8324ed1de63ffc7b1a02cd2d963c72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
18:33:48.0638 4064 ssadbus - ok
18:33:48.0665 4064 [ 58221efcb74167b73667f0024c661ce0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:33:48.0667 4064 ssadmdfl - ok
18:33:48.0709 4064 [ 4da7c71bfac5ad71255b7e4cab980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
18:33:48.0713 4064 ssadmdm - ok
18:33:48.0792 4064 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:33:48.0797 4064 SSDPSRV - ok
18:33:48.0841 4064 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:33:48.0845 4064 SstpSvc - ok
18:33:48.0876 4064 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:33:48.0878 4064 stexstor - ok
18:33:48.0936 4064 [ decacb6921ded1a38642642685d77dac ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:33:48.0937 4064 StillCam - ok
18:33:48.0986 4064 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
18:33:48.0997 4064 stisvc - ok
18:33:49.0037 4064 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:33:49.0039 4064 swenum - ok
18:33:49.0071 4064 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
18:33:49.0081 4064 swprv - ok
18:33:49.0152 4064 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
18:33:49.0199 4064 SysMain - ok
18:33:49.0244 4064 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:33:49.0249 4064 TabletInputService - ok
18:33:49.0299 4064 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:33:49.0306 4064 TapiSrv - ok
18:33:49.0345 4064 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
18:33:49.0349 4064 TBS - ok
18:33:49.0479 4064 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:33:49.0536 4064 Tcpip - ok
18:33:49.0616 4064 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:33:49.0634 4064 TCPIP6 - ok
18:33:49.0678 4064 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:33:49.0680 4064 tcpipreg - ok
18:33:49.0708 4064 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:33:49.0710 4064 TDPIPE - ok
18:33:49.0743 4064 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:33:49.0745 4064 TDTCP - ok
18:33:49.0795 4064 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:33:49.0798 4064 tdx - ok
18:33:49.0835 4064 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:33:49.0837 4064 TermDD - ok
18:33:49.0882 4064 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
18:33:49.0897 4064 TermService - ok
18:33:49.0948 4064 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
18:33:49.0951 4064 Themes - ok
18:33:50.0022 4064 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
18:33:50.0024 4064 THREADORDER - ok
18:33:50.0055 4064 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
18:33:50.0059 4064 TrkWks - ok
18:33:50.0119 4064 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:33:50.0122 4064 TrustedInstaller - ok
18:33:50.0156 4064 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:33:50.0158 4064 tssecsrv - ok
18:33:50.0201 4064 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:33:50.0204 4064 TsUsbFlt - ok
18:33:50.0247 4064 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:33:50.0250 4064 tunnel - ok
18:33:50.0300 4064 [ 825e7a1f48fb8bcfba27c178aab4e275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
18:33:50.0318 4064 TurboB - ok
18:33:50.0368 4064 [ b206be1174d5964d49a56bb6c4e0524a ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:33:50.0400 4064 TurboBoost - ok
18:33:50.0452 4064 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:33:50.0454 4064 uagp35 - ok
18:33:50.0470 4064 [ a17d5e1a6df4eab0a480f2c490de4c9d ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
18:33:50.0471 4064 UBHelper - ok
18:33:50.0511 4064 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:33:50.0517 4064 udfs - ok
18:33:50.0549 4064 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:33:50.0552 4064 UI0Detect - ok
18:33:50.0613 4064 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:33:50.0615 4064 uliagpkx - ok
18:33:50.0661 4064 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:33:50.0663 4064 umbus - ok
18:33:50.0708 4064 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:33:50.0709 4064 UmPass - ok
18:33:50.0826 4064 [ 7466809e6da561d60c2f1ce8ede3c73f ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:33:50.0882 4064 UNS - ok
18:33:50.0935 4064 [ f9ec9acd504d823d9b9ca98a4f8d3ca2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:33:50.0939 4064 Updater Service - ok
18:33:50.0987 4064 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
18:33:50.0996 4064 upnphost - ok
18:33:51.0052 4064 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:33:51.0054 4064 usbccgp - ok
18:33:51.0093 4064 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:33:51.0096 4064 usbcir - ok
18:33:51.0132 4064 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:33:51.0134 4064 usbehci - ok
18:33:51.0175 4064 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:33:51.0181 4064 usbhub - ok
18:33:51.0315 4064 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:33:51.0317 4064 usbohci - ok
18:33:51.0360 4064 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:33:51.0362 4064 usbprint - ok
18:33:51.0401 4064 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:33:51.0403 4064 usbscan - ok
18:33:51.0438 4064 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:33:51.0441 4064 USBSTOR - ok
18:33:51.0474 4064 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:33:51.0476 4064 usbuhci - ok
18:33:51.0531 4064 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:33:51.0535 4064 usbvideo - ok
18:33:51.0558 4064 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
18:33:51.0563 4064 UxSms - ok
18:33:51.0598 4064 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
18:33:51.0600 4064 VaultSvc - ok
18:33:51.0645 4064 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:33:51.0647 4064 vdrvroot - ok
18:33:51.0690 4064 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
18:33:51.0701 4064 vds - ok
18:33:51.0738 4064 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:33:51.0739 4064 vga - ok
18:33:51.0768 4064 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
18:33:51.0769 4064 VgaSave - ok
18:33:51.0813 4064 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:33:51.0817 4064 vhdmp - ok
18:33:51.0851 4064 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:33:51.0854 4064 viaide - ok
18:33:51.0894 4064 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:33:51.0897 4064 volmgr - ok
18:33:51.0932 4064 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:33:51.0937 4064 volmgrx - ok
18:33:51.0985 4064 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:33:51.0991 4064 volsnap - ok
18:33:52.0027 4064 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:33:52.0031 4064 vsmraid - ok
18:33:52.0104 4064 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
18:33:52.0150 4064 VSS - ok
18:33:52.0176 4064 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:33:52.0178 4064 vwifibus - ok
18:33:52.0201 4064 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:33:52.0203 4064 vwififlt - ok
18:33:52.0249 4064 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:33:52.0251 4064 vwifimp - ok
18:33:52.0305 4064 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
18:33:52.0313 4064 W32Time - ok
18:33:52.0325 4064 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:33:52.0327 4064 WacomPen - ok
18:33:52.0451 4064 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:33:52.0454 4064 WANARP - ok
18:33:52.0475 4064 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:33:52.0476 4064 Wanarpv6 - ok
18:33:52.0547 4064 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:33:52.0581 4064 WatAdminSvc - ok
18:33:52.0655 4064 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
18:33:52.0700 4064 wbengine - ok
18:33:52.0765 4064 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:33:52.0771 4064 WbioSrvc - ok
18:33:52.0814 4064 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:33:52.0822 4064 wcncsvc - ok
18:33:52.0832 4064 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:33:52.0836 4064 WcsPlugInService - ok
18:33:52.0865 4064 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:33:52.0867 4064 Wd - ok
18:33:52.0901 4064 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:33:52.0912 4064 Wdf01000 - ok
18:33:52.0934 4064 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:33:52.0938 4064 WdiServiceHost - ok
18:33:52.0946 4064 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:33:52.0949 4064 WdiSystemHost - ok
18:33:52.0987 4064 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:33:52.0994 4064 WebClient - ok
18:33:53.0020 4064 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:33:53.0026 4064 Wecsvc - ok
18:33:53.0041 4064 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:33:53.0046 4064 wercplsupport - ok
18:33:53.0075 4064 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:33:53.0079 4064 WerSvc - ok
18:33:53.0106 4064 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:33:53.0108 4064 WfpLwf - ok
18:33:53.0141 4064 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:33:53.0143 4064 WIMMount - ok
18:33:53.0176 4064 WinDefend - ok
18:33:53.0183 4064 WinHttpAutoProxySvc - ok
18:33:53.0244 4064 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:33:53.0311 4064 Winmgmt - ok
18:33:53.0400 4064 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
18:33:53.0469 4064 WinRM - ok
18:33:53.0558 4064 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
18:33:53.0592 4064 Wlansvc - ok
18:33:53.0737 4064 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:33:53.0805 4064 wlidsvc - ok
18:33:53.0849 4064 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:33:53.0851 4064 WmiAcpi - ok
18:33:53.0889 4064 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:33:53.0932 4064 wmiApSrv - ok
18:33:53.0964 4064 WMPNetworkSvc - ok
18:33:53.0994 4064 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:33:53.0998 4064 WPCSvc - ok
18:33:54.0035 4064 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:33:54.0039 4064 WPDBusEnum - ok
18:33:54.0068 4064 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:33:54.0069 4064 ws2ifsl - ok
18:33:54.0098 4064 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
18:33:54.0103 4064 wscsvc - ok
18:33:54.0108 4064 WSearch - ok
18:33:54.0212 4064 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:33:54.0281 4064 wuauserv - ok
18:33:54.0312 4064 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:33:54.0315 4064 WudfPf - ok
18:33:54.0374 4064 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:33:54.0378 4064 WUDFRd - ok
18:33:54.0424 4064 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:33:54.0428 4064 wudfsvc - ok
18:33:54.0460 4064 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
18:33:54.0468 4064 WwanSvc - ok
18:33:54.0521 4064 ================ Scan global ===============================
18:33:54.0546 4064 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
18:33:54.0589 4064 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
18:33:54.0611 4064 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
18:33:54.0681 4064 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
18:33:54.0705 4064 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
18:33:54.0714 4064 [Global] - ok
18:33:54.0715 4064 ================ Scan MBR ==================================
18:33:54.0736 4064 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:33:55.0123 4064 \Device\Harddisk0\DR0 - ok
18:33:55.0127 4064 ================ Scan VBR ==================================
18:33:55.0129 4064 Boot (0x1200) (3f629adeed51f0269c6a24ba634c17cc) \Device\Harddisk0\DR0\Partition1
18:33:55.0131 4064 \Device\Harddisk0\DR0\Partition1 - ok
18:33:55.0160 4064 Boot (0x1200) (b41528c07130e1e8a31b9fd2281678ea) \Device\Harddisk0\DR0\Partition2
18:33:55.0162 4064 \Device\Harddisk0\DR0\Partition2 - ok
18:33:55.0163 4064 ============================================================
18:33:55.0163 4064 Scan finished
18:33:55.0163 4064 ============================================================
18:33:55.0179 5244 Detected object count: 0
18:33:55.0180 5244 Actual detected object count: 0
redheartlove
Active Member
 
Posts: 12
Joined: August 2nd, 2012, 9:42 pm

Re: Redirects & odd ads coming from bottom of window

Unread postby Cypher » August 15th, 2012, 5:23 am

Hi Holly,
I have the setting in FF that states: "Prevent pages from redirecting" checked, so whatever is causing my 'puter to redirect, gets sorta stopped & FF gives me the warning at the top that says "FF has prevented this page from redirecting. To allow <hit the x>"

Do you have any problems using Internet Explorer, or is it only FireFox?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 277 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware