Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange re-directs online. [Solved]

Started by Megan1994 , Nov 27 2012 09:27 AM

  • This topic is locked This topic is locked

#1
Megan1994
Posted 27 November 2012 - 09:27 AM

Megan1994

    New Member

  • Member
  • Pip
  • 7 posts
Hi guys,

My computer started freezing a few weeks ago and loading up fake anti-virus software. It stopped doing that recently but now when I try and go online it redirects me to websites I didn't click to view.

I ran an OTL check and it gave this:

-------------
OTL logfile created on: 11/27/2012 2:52:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Caroline Butterwick\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.47% Memory free
6.00 Gb Paging File | 4.82 Gb Available in Paging File | 80.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 24.26 Gb Free Space | 48.53% Space Free | Partition Type: NTFS
Drive D: | 248.09 Gb Total Space | 233.24 Gb Free Space | 94.01% Space Free | Partition Type: NTFS

Computer Name: WIN-Z9EN9CK0WFA | User Name: Caroline Butterwick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/27 14:51:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Caroline Butterwick\Downloads\OTL.exe
PRC - [2012/09/10 14:05:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/27 14:16:09 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 05:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/05/21 05:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/11 10:26:50 | 000,274,432 | ---- | M] (Dolphin Oceanic Ltd.) -- C:\Windows\System32\dolsrvcbar2.exe
PRC - [2010/04/30 10:56:58 | 000,106,496 | R--- | M] (Dolphin Oceanic Ltd.) -- C:\ProgramData\Dolphin\Dolphin Autostart.exe
PRC - [2009/11/02 02:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/09/08 21:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/11/21 17:27:56 | 000,143,360 | ---- | M] (Impacct) -- C:\Program Files\Plustek\OpticBook 3600\Am32Plus.exe
PRC - [2007/05/23 18:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/10 14:05:11 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/28 13:43:00 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/09/09 15:33:14 | 000,307,200 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\ScanApi.dll
MOD - [2008/09/18 11:23:58 | 000,024,576 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\FineReader.dll
MOD - [2007/06/04 16:57:22 | 000,036,864 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\MaxReader.dll
MOD - [2007/05/30 15:48:06 | 000,167,936 | ---- | M] () -- C:\Program Files\Common Files\iMpacct\ControlFunc.dll
MOD - [2006/11/30 09:58:50 | 000,061,440 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\TWAINAPP.dll
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006/05/15 14:24:18 | 000,122,938 | ---- | M] () -- C:\Program Files\Common Files\iMpacct\CommonFunc.dll
MOD - [2005/11/21 16:10:30 | 000,483,328 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\bmp2tiff.dll
MOD - [2005/09/21 13:38:54 | 000,081,920 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Web Utility.dll
MOD - [2005/09/21 13:38:46 | 000,090,112 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Wallpaper.dll
MOD - [2005/09/21 13:38:32 | 000,077,824 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Scan Utility.dll
MOD - [2005/09/21 13:38:28 | 000,045,056 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Power Save.dll
MOD - [2005/09/21 13:38:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Positive Utility.dll
MOD - [2005/09/21 13:38:16 | 000,065,536 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\OCR Utility.dll
MOD - [2005/09/21 13:38:12 | 000,069,632 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Negative Utility.dll
MOD - [2005/09/21 13:37:52 | 000,077,824 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\File Utility.dll
MOD - [2005/09/21 13:37:48 | 000,069,632 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Fax Utility.dll
MOD - [2005/09/21 13:37:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Email Utility.dll
MOD - [2005/09/21 13:37:36 | 000,073,728 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Copy Utility.dll
MOD - [2005/09/21 13:37:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Button Config.dll
MOD - [2005/09/21 13:37:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\BCR Utility.dll
MOD - [2005/09/21 13:36:54 | 000,061,440 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Prndriver.dll
MOD - [2004/01/07 12:47:34 | 000,045,056 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\FzOCR.dll
MOD - [2004/01/07 12:47:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\PenPower.dll


========== Services (SafeList) ==========

SRV - [2012/09/10 14:05:11 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/10/18 15:26:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/11 10:26:50 | 000,274,432 | ---- | M] (Dolphin Oceanic Ltd.) [Auto | Running] -- C:\Windows\System32\dolsrvcbar2.exe -- (DolphinCBarSrv2)
SRV - [2009/09/08 21:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/23 18:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2B85FDB-BE35-488B-9633-8569B4055A41}\MpKsl8801e2ec.sys -- (MpKsl8801e2ec)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56331053-A773-44EA-8564-A8A1ACB6C080}\MpKsl0937d042.sys -- (MpKsl0937d042)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CAROLI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Ai2Mmpd.sys -- (Ai2Mmpd)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\Ai2Chroniker.sys -- (Ai2Chroniker)
DRV - [2011/05/21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 22:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/13 18:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007/05/01 21:15:54 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNQN_enGB459
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.8
FF - prefs.js..extensions.enabledAddons: [email protected]:3.1.7
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Caroline Butterwick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Caroline Butterwick\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/27 14:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 14:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/28 13:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Extensions
[2012/11/27 14:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Firefox\Profiles\taeh6aao.default\extensions
[2012/11/27 14:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Firefox\Profiles\taeh6aao.default\extensions\staged
[2012/07/18 08:15:42 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Firefox\Profiles\taeh6aao.default\extensions\[email protected]
[2012/05/14 12:39:02 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Firefox\Profiles\taeh6aao.default\extensions\[email protected]
[2011/10/28 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/10 14:05:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/10 14:05:09 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/10 14:05:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/10 14:05:09 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/09/10 14:05:09 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/10 14:05:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/10 14:05:09 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/28 01:20:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [Dolphin USB Autostart] C:\ProgramData\Dolphin\Dolphin Autostart.exe (Dolphin Oceanic Ltd.)
O4 - HKCU..\Run: [edliSTAT] C:\Users\Caroline Butterwick\AppData\Local\Temp\getmfmon.dll (FRISK Software International)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Caroline Butterwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Colour Explorer 9,0.lnk = C:\Program Files\MicrolinkPC\CXLOADER.exe (MicrolinkPC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B072F3AC-1B61-47AC-90DF-486936A7BF73}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E23D5084-BDEA-4BEB-865D-CB8472124A84}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========

[2012/11/27 14:53:16 | 000,009,920 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 14:53:15 | 000,009,920 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 14:42:02 | 000,643,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/27 14:42:02 | 000,118,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/27 14:37:55 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/27 14:37:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/27 14:37:46 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys

========== Files Created - No Company Name ==========

[2012/01/28 01:14:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/28 01:14:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/28 01:14:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/28 01:14:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/28 01:14:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 23:49:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/09 10:51:24 | 000,001,809 | ---- | C] () -- C:\Windows\if42le.ini
[2011/02/09 10:51:24 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini
[2010/09/21 10:47:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\IyfSpCIt.dat
[2010/09/21 10:47:37 | 000,000,031 | ---- | C] () -- C:\ProgramData\msdesksw_default.theme
[1648/10/07 19:02:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\hnEIlj.theme

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 37 bytes -> C:\Windows\System32\desktop.ini:WIN64
@Alternate Data Stream - 33 bytes -> C:\Windows\win.ini:WINDOWS
@Alternate Data Stream - 28 bytes -> C:\ProgramData\hnEIlj.theme:NTOSCHK

< End of report >




Thanks very much to anyone who would be able to help a damsel in distress.

xx
  • 0

Advertisements

#2
Essexboy
Posted 27 November 2012 - 09:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Clippety clop, clippety clop... Here I am :rofl:

OK first I will need to check a separate area of your computer

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#3
Megan1994
Posted 29 November 2012 - 09:29 AM

Megan1994

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi there,

Thanks very much for your quick reply :-)

Here are the RKreports;

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Caroline Butterwick [Admin rights]
Mode : Scan -- Date : 11/29/2012 15:13:46

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Dolphin Autostart.exe -- C:\ProgramData\Dolphin\Dolphin Autostart.exe -> KILLED [TermProc]
[][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\CAROLI~1\AppData\Local\Temp\getmfmon.dll -> UNLOADED

¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Dolphin USB Autostart ("C:\ProgramData\Dolphin\Dolphin Autostart.exe") -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : edliSTAT (rundll32 "C:\Users\CAROLI~1\AppData\Local\Temp\getmfmon.dll",CreateProcessNotify) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-414615470-3974890165-1303099587-1000[...]\Run : Dolphin USB Autostart ("C:\ProgramData\Dolphin\Dolphin Autostart.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-414615470-3974890165-1303099587-1000[...]\Run : edliSTAT (rundll32 "C:\Users\CAROLI~1\AppData\Local\Temp\getmfmon.dll",CreateProcessNotify) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-00L7A0 ATA Device +++++
--- User ---
[MBR] a3872e16707736a3d7a942683613a2b7
[BSP] 214affb49023c25b34a7dfc1b4808125 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 51200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104859648 | Size: 254043 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11292012_02d1513.txt >>
RKreport[1]_S_11292012_02d1513.txt



RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Caroline Butterwick [Admin rights]
Mode : Remove -- Date : 11/29/2012 15:15:18

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Dolphin Autostart.exe -- C:\ProgramData\Dolphin\Dolphin Autostart.exe -> KILLED [TermProc]
[][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\CAROLI~1\AppData\Local\Temp\getmfmon.dll -> UNLOADED

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Dolphin USB Autostart ("C:\ProgramData\Dolphin\Dolphin Autostart.exe") -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : edliSTAT (rundll32 "C:\Users\CAROLI~1\AppData\Local\Temp\getmfmon.dll",CreateProcessNotify) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-00L7A0 ATA Device +++++
--- User ---
[MBR] a3872e16707736a3d7a942683613a2b7
[BSP] 214affb49023c25b34a7dfc1b4808125 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 51200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 104859648 | Size: 254043 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11292012_02d1515.txt >>
RKreport[1]_S_11292012_02d1513.txt ; RKreport[2]_D_11292012_02d1515.txt



RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Caroline Butterwick [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/29/2012 15:17:46

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Dolphin Autostart.exe -- C:\ProgramData\Dolphin\Dolphin Autostart.exe -> KILLED [TermProc]
[][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\CAROLI~1\AppData\Local\Temp\getmfmon.dll -> UNLOADED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 101 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 77 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_11292012_02d1517.txt >>
RKreport[1]_S_11292012_02d1513.txt ; RKreport[2]_D_11292012_02d1515.txt ; RKreport[3]_SC_11292012_02d1517.txt



And the report for the TDSSKiller;

15:21:39.0078 0696 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:21:39.0624 0696 ============================================================
15:21:39.0624 0696 Current date / time: 2012/11/29 15:21:39.0624
15:21:39.0624 0696 SystemInfo:
15:21:39.0624 0696
15:21:39.0624 0696 OS Version: 6.1.7601 ServicePack: 1.0
15:21:39.0624 0696 Product type: Workstation
15:21:39.0624 0696 ComputerName: WIN-Z9EN9CK0WFA
15:21:39.0624 0696 UserName: Caroline Butterwick
15:21:39.0624 0696 Windows directory: C:\Windows
15:21:39.0624 0696 System windows directory: C:\Windows
15:21:39.0624 0696 Processor architecture: Intel x86
15:21:39.0624 0696 Number of processors: 2
15:21:39.0624 0696 Page size: 0x1000
15:21:39.0624 0696 Boot type: Normal boot
15:21:39.0624 0696 ============================================================
15:21:40.0388 0696 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:21:40.0404 0696 ============================================================
15:21:40.0404 0696 \Device\Harddisk0\DR0:
15:21:40.0404 0696 MBR partitions:
15:21:40.0404 0696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6400000
15:21:40.0404 0696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6400800, BlocksNum 0x1F02D800
15:21:40.0404 0696 ============================================================
15:21:40.0419 0696 C: <-> \Device\Harddisk0\DR0\Partition1
15:21:40.0450 0696 D: <-> \Device\Harddisk0\DR0\Partition2
15:21:40.0450 0696 ============================================================
15:21:40.0450 0696 Initialize success
15:21:40.0450 0696 ============================================================
15:22:36.0704 0652 ============================================================
15:22:36.0704 0652 Scan started
15:22:36.0704 0652 Mode: Manual; SigCheck; TDLFS;
15:22:36.0704 0652 ============================================================
15:22:37.0843 0652 ================ Scan system memory ========================
15:22:37.0843 0652 System memory - ok
15:22:37.0843 0652 ================ Scan services =============================
15:22:37.0983 0652 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:22:38.0092 0652 1394ohci - ok
15:22:38.0139 0652 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:22:38.0155 0652 ACPI - ok
15:22:38.0186 0652 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:22:38.0217 0652 AcpiPmi - ok
15:22:38.0280 0652 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:22:38.0295 0652 adp94xx - ok
15:22:38.0311 0652 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:22:38.0326 0652 adpahci - ok
15:22:38.0342 0652 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:22:38.0342 0652 adpu320 - ok
15:22:38.0373 0652 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:22:38.0404 0652 AeLookupSvc - ok
15:22:38.0451 0652 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:22:38.0482 0652 AFD - ok
15:22:38.0514 0652 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:22:38.0529 0652 agp440 - ok
15:22:38.0560 0652 Ai2Chroniker - ok
15:22:38.0560 0652 Ai2Mmpd - ok
15:22:38.0592 0652 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
15:22:38.0607 0652 aic78xx - ok
15:22:38.0638 0652 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:22:38.0654 0652 ALG - ok
15:22:38.0685 0652 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:22:38.0701 0652 aliide - ok
15:22:38.0716 0652 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:22:38.0732 0652 amdagp - ok
15:22:38.0748 0652 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:22:38.0763 0652 amdide - ok
15:22:38.0779 0652 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:22:38.0810 0652 AmdK8 - ok
15:22:38.0826 0652 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:22:38.0872 0652 AmdPPM - ok
15:22:38.0904 0652 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:22:38.0919 0652 amdsata - ok
15:22:38.0966 0652 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:22:38.0982 0652 amdsbs - ok
15:22:38.0997 0652 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:22:39.0013 0652 amdxata - ok
15:22:39.0028 0652 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:22:39.0106 0652 AppID - ok
15:22:39.0153 0652 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:22:39.0184 0652 AppIDSvc - ok
15:22:39.0200 0652 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:22:39.0262 0652 Appinfo - ok
15:22:39.0294 0652 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
15:22:39.0309 0652 arc - ok
15:22:39.0325 0652 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:22:39.0340 0652 arcsas - ok
15:22:39.0356 0652 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:39.0403 0652 AsyncMac - ok
15:22:39.0418 0652 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:22:39.0434 0652 atapi - ok
15:22:39.0465 0652 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
15:22:39.0512 0652 athr - ok
15:22:39.0559 0652 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:22:39.0606 0652 AudioEndpointBuilder - ok
15:22:39.0621 0652 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:22:39.0637 0652 Audiosrv - ok
15:22:39.0668 0652 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:22:39.0699 0652 AxInstSV - ok
15:22:39.0715 0652 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
15:22:39.0746 0652 b06bdrv - ok
15:22:39.0777 0652 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:22:39.0793 0652 b57nd60x - ok
15:22:39.0824 0652 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:22:39.0855 0652 BDESVC - ok
15:22:39.0871 0652 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:22:39.0918 0652 Beep - ok
15:22:39.0980 0652 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:22:40.0042 0652 BFE - ok
15:22:40.0074 0652 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
15:22:40.0120 0652 BITS - ok
15:22:40.0136 0652 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:22:40.0152 0652 blbdrive - ok
15:22:40.0183 0652 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:22:40.0198 0652 bowser - ok
15:22:40.0230 0652 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:22:40.0261 0652 BrFiltLo - ok
15:22:40.0292 0652 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:22:40.0308 0652 BrFiltUp - ok
15:22:40.0323 0652 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:22:40.0354 0652 BridgeMP - ok
15:22:40.0386 0652 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:22:40.0417 0652 Browser - ok
15:22:40.0432 0652 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:22:40.0448 0652 Brserid - ok
15:22:40.0464 0652 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:22:40.0479 0652 BrSerWdm - ok
15:22:40.0526 0652 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:22:40.0542 0652 BrUsbMdm - ok
15:22:40.0588 0652 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:22:40.0604 0652 BrUsbSer - ok
15:22:40.0635 0652 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:22:40.0651 0652 BTHMODEM - ok
15:22:40.0698 0652 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:22:40.0729 0652 bthserv - ok
15:22:40.0807 0652 catchme - ok
15:22:40.0838 0652 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:22:40.0885 0652 cdfs - ok
15:22:40.0932 0652 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:22:40.0947 0652 cdrom - ok
15:22:40.0978 0652 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:22:41.0025 0652 CertPropSvc - ok
15:22:41.0041 0652 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:22:41.0056 0652 circlass - ok
15:22:41.0088 0652 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:22:41.0103 0652 CLFS - ok
15:22:41.0150 0652 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:41.0181 0652 clr_optimization_v2.0.50727_32 - ok
15:22:41.0353 0652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:22:41.0384 0652 clr_optimization_v4.0.30319_32 - ok
15:22:41.0400 0652 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:22:41.0431 0652 CmBatt - ok
15:22:41.0462 0652 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:22:41.0478 0652 cmdide - ok
15:22:41.0509 0652 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
15:22:41.0540 0652 CNG - ok
15:22:41.0556 0652 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:22:41.0556 0652 Compbatt - ok
15:22:41.0571 0652 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:22:41.0602 0652 CompositeBus - ok
15:22:41.0618 0652 COMSysApp - ok
15:22:41.0634 0652 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:22:41.0634 0652 crcdisk - ok
15:22:41.0649 0652 Crypkey License - ok
15:22:41.0680 0652 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:22:41.0712 0652 CryptSvc - ok
15:22:41.0727 0652 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:22:41.0774 0652 DcomLaunch - ok
15:22:41.0790 0652 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:22:41.0821 0652 defragsvc - ok
15:22:41.0836 0652 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:22:41.0852 0652 DfsC - ok
15:22:41.0899 0652 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:22:41.0946 0652 Dhcp - ok
15:22:41.0961 0652 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:22:42.0008 0652 discache - ok
15:22:42.0039 0652 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:22:42.0055 0652 Disk - ok
15:22:42.0070 0652 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:22:42.0086 0652 Dnscache - ok
15:22:42.0133 0652 [ E16175756D0CC720BAB790CB846CB7CA ] DolphinCBarSrv2 C:\Windows\system32\dolsrvcbar2.exe
15:22:42.0148 0652 DolphinCBarSrv2 ( UnsignedFile.Multi.Generic ) - warning
15:22:42.0148 0652 DolphinCBarSrv2 - detected UnsignedFile.Multi.Generic (1)
15:22:42.0164 0652 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:22:42.0211 0652 dot3svc - ok
15:22:42.0242 0652 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:22:42.0289 0652 DPS - ok
15:22:42.0320 0652 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:22:42.0336 0652 drmkaud - ok
15:22:42.0367 0652 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:22:42.0382 0652 DXGKrnl - ok
15:22:42.0414 0652 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:22:42.0445 0652 EapHost - ok
15:22:42.0538 0652 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
15:22:42.0585 0652 ebdrv - ok
15:22:42.0616 0652 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:22:42.0632 0652 EFS - ok
15:22:42.0663 0652 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:22:42.0694 0652 ehRecvr - ok
15:22:42.0710 0652 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:22:42.0726 0652 ehSched - ok
15:22:42.0757 0652 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:22:42.0772 0652 elxstor - ok
15:22:42.0804 0652 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:22:42.0819 0652 ErrDev - ok
15:22:42.0850 0652 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:22:42.0882 0652 EventSystem - ok
15:22:42.0897 0652 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:22:42.0913 0652 exfat - ok
15:22:42.0944 0652 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:22:42.0975 0652 fastfat - ok
15:22:43.0006 0652 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:22:43.0022 0652 Fax - ok
15:22:43.0053 0652 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:22:43.0069 0652 fdc - ok
15:22:43.0084 0652 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:22:43.0116 0652 fdPHost - ok
15:22:43.0131 0652 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:22:43.0162 0652 FDResPub - ok
15:22:43.0178 0652 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:22:43.0194 0652 FileInfo - ok
15:22:43.0209 0652 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:22:43.0240 0652 Filetrace - ok
15:22:43.0256 0652 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:22:43.0272 0652 flpydisk - ok
15:22:43.0303 0652 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:22:43.0303 0652 FltMgr - ok
15:22:43.0350 0652 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
15:22:43.0412 0652 FontCache - ok
15:22:43.0474 0652 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:22:43.0474 0652 FontCache3.0.0.0 - ok
15:22:43.0506 0652 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:22:43.0521 0652 FsDepends - ok
15:22:43.0537 0652 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:22:43.0552 0652 Fs_Rec - ok
15:22:43.0599 0652 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:22:43.0615 0652 fvevol - ok
15:22:43.0646 0652 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:22:43.0662 0652 gagp30kx - ok
15:22:43.0693 0652 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:22:43.0755 0652 gpsvc - ok
15:22:43.0864 0652 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:22:43.0880 0652 gupdate - ok
15:22:43.0911 0652 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:22:43.0927 0652 gupdatem - ok
15:22:43.0974 0652 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:22:43.0989 0652 gusvc - ok
15:22:44.0005 0652 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:22:44.0020 0652 hcw85cir - ok
15:22:44.0052 0652 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:22:44.0083 0652 HDAudBus - ok
15:22:44.0098 0652 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:22:44.0130 0652 HidBatt - ok
15:22:44.0145 0652 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:22:44.0161 0652 HidBth - ok
15:22:44.0176 0652 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:22:44.0192 0652 HidIr - ok
15:22:44.0239 0652 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
15:22:44.0270 0652 hidserv - ok
15:22:44.0317 0652 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:22:44.0332 0652 HidUsb - ok
15:22:44.0348 0652 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:22:44.0395 0652 hkmsvc - ok
15:22:44.0426 0652 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:22:44.0426 0652 HomeGroupListener - ok
15:22:44.0457 0652 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:22:44.0473 0652 HomeGroupProvider - ok
15:22:44.0504 0652 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:22:44.0520 0652 HpSAMD - ok
15:22:44.0566 0652 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:22:44.0598 0652 HTTP - ok
15:22:44.0629 0652 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:22:44.0629 0652 hwpolicy - ok
15:22:44.0676 0652 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:22:44.0707 0652 i8042prt - ok
15:22:44.0738 0652 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:22:44.0754 0652 iaStorV - ok
15:22:44.0800 0652 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:22:44.0847 0652 idsvc - ok
15:22:44.0863 0652 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:22:44.0878 0652 iirsp - ok
15:22:44.0925 0652 [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
15:22:44.0941 0652 IJPLMSVC - ok
15:22:44.0988 0652 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:22:45.0066 0652 IKEEXT - ok
15:22:45.0128 0652 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:22:46.0704 0652 IntcAzAudAddService - ok
15:22:46.0735 0652 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:22:46.0750 0652 intelide - ok
15:22:46.0766 0652 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:22:46.0782 0652 intelppm - ok
15:22:46.0813 0652 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:22:46.0828 0652 IPBusEnum - ok
15:22:46.0844 0652 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:46.0875 0652 IpFilterDriver - ok
15:22:46.0906 0652 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:22:46.0922 0652 iphlpsvc - ok
15:22:46.0938 0652 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:22:46.0969 0652 IPMIDRV - ok
15:22:46.0969 0652 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:22:47.0000 0652 IPNAT - ok
15:22:47.0047 0652 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:22:47.0078 0652 IRENUM - ok
15:22:47.0094 0652 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:22:47.0109 0652 isapnp - ok
15:22:47.0125 0652 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:22:47.0140 0652 iScsiPrt - ok
15:22:47.0156 0652 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:22:47.0172 0652 kbdclass - ok
15:22:47.0203 0652 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:22:47.0218 0652 kbdhid - ok
15:22:47.0250 0652 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:22:47.0250 0652 KeyIso - ok
15:22:47.0281 0652 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:22:47.0281 0652 KSecDD - ok
15:22:47.0312 0652 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:22:47.0328 0652 KSecPkg - ok
15:22:47.0359 0652 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:22:47.0390 0652 KtmRm - ok
15:22:47.0406 0652 [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys
15:22:47.0421 0652 L1E - ok
15:22:47.0452 0652 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
15:22:47.0484 0652 LanmanServer - ok
15:22:47.0499 0652 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:22:47.0530 0652 LanmanWorkstation - ok
15:22:47.0577 0652 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:22:47.0608 0652 lltdio - ok
15:22:47.0624 0652 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:22:47.0671 0652 lltdsvc - ok
15:22:47.0686 0652 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:22:47.0718 0652 lmhosts - ok
15:22:47.0749 0652 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:22:47.0749 0652 LSI_FC - ok
15:22:47.0780 0652 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:22:47.0796 0652 LSI_SAS - ok
15:22:47.0811 0652 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:22:47.0827 0652 LSI_SAS2 - ok
15:22:47.0842 0652 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:22:47.0842 0652 LSI_SCSI - ok
15:22:47.0874 0652 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:22:47.0905 0652 luafv - ok
15:22:47.0936 0652 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:22:47.0936 0652 Mcx2Svc - ok
15:22:47.0952 0652 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:22:47.0967 0652 megasas - ok
15:22:47.0983 0652 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:22:47.0998 0652 MegaSR - ok
15:22:48.0061 0652 Microsoft SharePoint Workspace Audit Service - ok
15:22:48.0123 0652 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:22:48.0154 0652 MMCSS - ok
15:22:48.0154 0652 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:22:48.0186 0652 Modem - ok
15:22:48.0217 0652 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:22:48.0232 0652 monitor - ok
15:22:48.0248 0652 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:22:48.0264 0652 mouclass - ok
15:22:48.0295 0652 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:22:48.0295 0652 mouhid - ok
15:22:48.0326 0652 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:22:48.0342 0652 mountmgr - ok
15:22:48.0404 0652 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:22:48.0420 0652 MozillaMaintenance - ok
15:22:48.0451 0652 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:22:48.0466 0652 mpio - ok
15:22:48.0529 0652 MpKsl0937d042 - ok
15:22:48.0544 0652 MpKsl8801e2ec - ok
15:22:48.0560 0652 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:22:48.0607 0652 mpsdrv - ok
15:22:48.0638 0652 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:22:48.0716 0652 MpsSvc - ok
15:22:48.0732 0652 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:22:48.0763 0652 MRxDAV - ok
15:22:48.0810 0652 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:48.0841 0652 mrxsmb - ok
15:22:48.0872 0652 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:48.0888 0652 mrxsmb10 - ok
15:22:48.0919 0652 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:48.0950 0652 mrxsmb20 - ok
15:22:48.0966 0652 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:22:48.0981 0652 msahci - ok
15:22:48.0997 0652 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:22:49.0012 0652 msdsm - ok
15:22:49.0012 0652 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:22:49.0044 0652 MSDTC - ok
15:22:49.0090 0652 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:22:49.0106 0652 Msfs - ok
15:22:49.0122 0652 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:22:49.0137 0652 mshidkmdf - ok
15:22:49.0153 0652 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:22:49.0153 0652 msisadrv - ok
15:22:49.0184 0652 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:22:49.0215 0652 MSiSCSI - ok
15:22:49.0215 0652 msiserver - ok
15:22:49.0246 0652 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:22:49.0262 0652 MSKSSRV - ok
15:22:49.0278 0652 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:49.0293 0652 MSPCLOCK - ok
15:22:49.0309 0652 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:22:49.0324 0652 MSPQM - ok
15:22:49.0340 0652 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:22:49.0340 0652 MsRPC - ok
15:22:49.0387 0652 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:22:49.0402 0652 mssmbios - ok
15:22:49.0418 0652 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:22:49.0434 0652 MSTEE - ok
15:22:49.0449 0652 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:22:49.0465 0652 MTConfig - ok
15:22:49.0480 0652 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:22:49.0496 0652 MTsensor - ok
15:22:49.0512 0652 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:22:49.0512 0652 Mup - ok
15:22:49.0543 0652 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:22:49.0590 0652 napagent - ok
15:22:49.0621 0652 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:22:49.0652 0652 NativeWifiP - ok
15:22:49.0699 0652 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:22:49.0730 0652 NDIS - ok
15:22:49.0746 0652 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:22:49.0777 0652 NdisCap - ok
15:22:49.0808 0652 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:49.0839 0652 NdisTapi - ok
15:22:49.0855 0652 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:49.0886 0652 Ndisuio - ok
15:22:49.0917 0652 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:49.0933 0652 NdisWan - ok
15:22:49.0980 0652 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:22:50.0026 0652 NDProxy - ok
15:22:50.0058 0652 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:22:50.0136 0652 NetBIOS - ok
15:22:50.0198 0652 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:22:50.0260 0652 NetBT - ok
15:22:50.0276 0652 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:22:50.0276 0652 Netlogon - ok
15:22:50.0385 0652 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:22:50.0463 0652 Netman - ok
15:22:50.0572 0652 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:22:50.0635 0652 netprofm - ok
15:22:50.0682 0652 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:50.0682 0652 NetTcpPortSharing - ok
15:22:50.0760 0652 [ EA37EEA0E124DCE821BC71173DA033AD ] NetworkX C:\Windows\system32\ckldrv.sys
15:22:50.0760 0652 NetworkX ( UnsignedFile.Multi.Generic ) - warning
15:22:50.0760 0652 NetworkX - detected UnsignedFile.Multi.Generic (1)
15:22:50.0791 0652 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:22:50.0806 0652 nfrd960 - ok
15:22:50.0822 0652 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:22:50.0853 0652 NlaSvc - ok
15:22:50.0853 0652 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:22:50.0900 0652 Npfs - ok
15:22:50.0916 0652 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:22:50.0947 0652 nsi - ok
15:22:50.0947 0652 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:22:50.0978 0652 nsiproxy - ok
15:22:51.0009 0652 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:22:51.0056 0652 Ntfs - ok
15:22:51.0072 0652 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:22:51.0103 0652 Null - ok
15:22:51.0321 0652 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:22:51.0462 0652 nvlddmkm - ok
15:22:51.0602 0652 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:22:51.0618 0652 nvraid - ok
15:22:51.0633 0652 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:22:51.0649 0652 nvstor - ok
15:22:51.0696 0652 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:22:51.0727 0652 nvsvc - ok
15:22:51.0805 0652 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:22:51.0836 0652 nvUpdatusService - ok
15:22:51.0867 0652 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:22:51.0883 0652 nv_agp - ok
15:22:51.0898 0652 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:22:51.0930 0652 ohci1394 - ok
15:22:51.0961 0652 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:22:51.0976 0652 ose - ok
15:22:52.0101 0652 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:22:52.0164 0652 osppsvc - ok
15:22:52.0179 0652 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:22:52.0210 0652 p2pimsvc - ok
15:22:52.0226 0652 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:22:52.0257 0652 p2psvc - ok
15:22:52.0273 0652 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:22:52.0288 0652 Parport - ok
15:22:52.0304 0652 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:22:52.0320 0652 partmgr - ok
15:22:52.0320 0652 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:22:52.0335 0652 Parvdm - ok
15:22:52.0335 0652 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:22:52.0351 0652 PcaSvc - ok
15:22:52.0382 0652 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:22:52.0382 0652 pci - ok
15:22:52.0413 0652 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:22:52.0413 0652 pciide - ok
15:22:52.0444 0652 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:22:52.0444 0652 pcmcia - ok
15:22:52.0460 0652 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:22:52.0460 0652 pcw - ok
15:22:52.0507 0652 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:22:52.0538 0652 PEAUTH - ok
15:22:52.0600 0652 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:22:52.0663 0652 pla - ok
15:22:52.0694 0652 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:22:52.0725 0652 PlugPlay - ok
15:22:52.0725 0652 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:22:52.0741 0652 PNRPAutoReg - ok
15:22:52.0772 0652 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:22:52.0772 0652 PNRPsvc - ok
15:22:52.0803 0652 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:22:52.0834 0652 PolicyAgent - ok
15:22:52.0866 0652 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:22:52.0897 0652 Power - ok
15:22:52.0928 0652 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:22:52.0975 0652 PptpMiniport - ok
15:22:52.0990 0652 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:22:53.0022 0652 Processor - ok
15:22:53.0053 0652 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:22:53.0084 0652 ProfSvc - ok
15:22:53.0100 0652 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:22:53.0115 0652 ProtectedStorage - ok
15:22:53.0131 0652 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:22:53.0146 0652 Psched - ok
15:22:53.0178 0652 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:22:53.0209 0652 ql2300 - ok
15:22:53.0240 0652 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:22:53.0240 0652 ql40xx - ok
15:22:53.0271 0652 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:22:53.0302 0652 QWAVE - ok
15:22:53.0318 0652 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:22:53.0318 0652 QWAVEdrv - ok
15:22:53.0334 0652 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:22:53.0349 0652 RasAcd - ok
15:22:53.0396 0652 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:22:53.0427 0652 RasAgileVpn - ok
15:22:53.0458 0652 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:22:53.0474 0652 RasAuto - ok
15:22:53.0474 0652 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:22:53.0505 0652 Rasl2tp - ok
15:22:53.0552 0652 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:22:53.0583 0652 RasMan - ok
15:22:53.0599 0652 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:22:53.0614 0652 RasPppoe - ok
15:22:53.0630 0652 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:22:53.0661 0652 RasSstp - ok
15:22:53.0692 0652 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:22:53.0724 0652 rdbss - ok
15:22:53.0739 0652 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:22:53.0755 0652 rdpbus - ok
15:22:53.0786 0652 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:22:53.0802 0652 RDPCDD - ok
15:22:53.0817 0652 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:22:53.0848 0652 RDPENCDD - ok
15:22:53.0848 0652 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:22:53.0880 0652 RDPREFMP - ok
15:22:53.0911 0652 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:22:53.0926 0652 RDPWD - ok
15:22:53.0958 0652 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:22:53.0958 0652 rdyboost - ok
15:22:53.0989 0652 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:22:54.0004 0652 RemoteAccess - ok
15:22:54.0036 0652 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:22:54.0067 0652 RemoteRegistry - ok
15:22:54.0082 0652 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:22:54.0098 0652 RpcEptMapper - ok
15:22:54.0114 0652 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:22:54.0129 0652 RpcLocator - ok
15:22:54.0160 0652 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:22:54.0176 0652 RpcSs - ok
15:22:54.0207 0652 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:22:54.0238 0652 rspndr - ok
15:22:54.0238 0652 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:22:54.0254 0652 SamSs - ok
15:22:54.0285 0652 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:22:54.0301 0652 sbp2port - ok
15:22:54.0316 0652 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:22:54.0363 0652 SCardSvr - ok
15:22:54.0379 0652 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:22:54.0394 0652 scfilter - ok
15:22:54.0426 0652 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:22:54.0488 0652 Schedule - ok
15:22:54.0519 0652 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:22:54.0550 0652 SCPolicySvc - ok
15:22:54.0566 0652 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:22:54.0597 0652 SDRSVC - ok
15:22:54.0628 0652 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:22:54.0660 0652 secdrv - ok
15:22:54.0675 0652 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:22:54.0722 0652 seclogon - ok
15:22:54.0753 0652 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
15:22:54.0769 0652 SENS - ok
15:22:54.0816 0652 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:22:54.0831 0652 SensrSvc - ok
15:22:54.0847 0652 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:22:54.0847 0652 Serenum - ok
15:22:54.0878 0652 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:22:54.0894 0652 Serial - ok
15:22:54.0925 0652 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:22:54.0925 0652 sermouse - ok
15:22:54.0956 0652 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:22:54.0972 0652 SessionEnv - ok
15:22:55.0003 0652 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:22:55.0003 0652 sffdisk - ok
15:22:55.0018 0652 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:22:55.0034 0652 sffp_mmc - ok
15:22:55.0050 0652 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:22:55.0065 0652 sffp_sd - ok
15:22:55.0096 0652 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:22:55.0112 0652 sfloppy - ok
15:22:55.0143 0652 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:22:55.0190 0652 SharedAccess - ok
15:22:55.0237 0652 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:22:55.0299 0652 ShellHWDetection - ok
15:22:55.0330 0652 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:22:55.0330 0652 sisagp - ok
15:22:55.0346 0652 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:22:55.0362 0652 SiSRaid2 - ok
15:22:55.0393 0652 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:22:55.0393 0652 SiSRaid4 - ok
15:22:55.0424 0652 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:22:55.0440 0652 Smb - ok
15:22:55.0471 0652 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:22:55.0486 0652 SNMPTRAP - ok
15:22:55.0502 0652 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:22:55.0502 0652 spldr - ok
15:22:55.0549 0652 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:22:55.0580 0652 Spooler - ok
15:22:55.0658 0652 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:22:55.0767 0652 sppsvc - ok
15:22:55.0798 0652 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:22:55.0814 0652 sppuinotify - ok
15:22:55.0845 0652 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:22:55.0861 0652 srv - ok
15:22:55.0892 0652 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:22:55.0908 0652 srv2 - ok
15:22:55.0939 0652 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:22:55.0954 0652 srvnet - ok
15:22:55.0986 0652 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:22:56.0032 0652 SSDPSRV - ok
15:22:56.0032 0652 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:22:56.0064 0652 SstpSvc - ok
15:22:56.0110 0652 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:22:56.0142 0652 Stereo Service - ok
15:22:56.0157 0652 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:22:56.0173 0652 stexstor - ok
15:22:56.0204 0652 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:22:56.0266 0652 StiSvc - ok
15:22:56.0282 0652 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
15:22:56.0282 0652 swenum - ok
15:22:56.0313 0652 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:22:56.0344 0652 swprv - ok
15:22:56.0376 0652 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:22:56.0422 0652 SysMain - ok
15:22:56.0454 0652 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:22:56.0469 0652 TabletInputService - ok
15:22:56.0500 0652 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:22:56.0547 0652 TapiSrv - ok
15:22:56.0563 0652 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:22:56.0578 0652 TBS - ok
15:22:56.0703 0652 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:22:56.0750 0652 Tcpip - ok
15:22:56.0812 0652 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:22:56.0859 0652 TCPIP6 - ok
15:22:56.0890 0652 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:22:56.0906 0652 tcpipreg - ok
15:22:56.0953 0652 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:22:56.0984 0652 TDPIPE - ok
15:22:57.0000 0652 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:22:57.0015 0652 TDTCP - ok
15:22:57.0031 0652 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:22:57.0046 0652 tdx - ok
15:22:57.0078 0652 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:22:57.0078 0652 TermDD - ok
15:22:57.0109 0652 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:22:57.0156 0652 TermService - ok
15:22:57.0187 0652 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:22:57.0218 0652 Themes - ok
15:22:57.0234 0652 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:22:57.0249 0652 THREADORDER - ok
15:22:57.0280 0652 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:22:57.0312 0652 TrkWks - ok
15:22:57.0343 0652 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:22:57.0390 0652 TrustedInstaller - ok
15:22:57.0421 0652 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:22:57.0436 0652 tssecsrv - ok
15:22:57.0468 0652 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:22:57.0483 0652 TsUsbFlt - ok
15:22:57.0514 0652 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:22:57.0546 0652 tunnel - ok
15:22:57.0561 0652 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:22:57.0577 0652 uagp35 - ok
15:22:57.0592 0652 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:22:57.0639 0652 udfs - ok
15:22:57.0670 0652 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:22:57.0686 0652 UI0Detect - ok
15:22:57.0702 0652 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:22:57.0717 0652 uliagpkx - ok
15:22:57.0748 0652 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
15:22:57.0764 0652 umbus - ok
15:22:57.0780 0652 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:22:57.0795 0652 UmPass - ok
15:22:57.0811 0652 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:22:57.0858 0652 upnphost - ok
15:22:57.0873 0652 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:22:57.0873 0652 usbccgp - ok
15:22:57.0904 0652 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:22:57.0904 0652 usbcir - ok
15:22:57.0936 0652 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:22:57.0936 0652 usbehci - ok
15:22:57.0967 0652 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:22:57.0982 0652 usbhub - ok
15:22:58.0014 0652 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:22:58.0014 0652 usbohci - ok
15:22:58.0060 0652 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:22:58.0060 0652 usbprint - ok
15:22:58.0092 0652 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:22:58.0123 0652 usbscan - ok
15:22:58.0138 0652 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:22:58.0154 0652 USBSTOR - ok
15:22:58.0170 0652 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:22:58.0185 0652 usbuhci - ok
15:22:58.0201 0652 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:22:58.0232 0652 UxSms - ok
15:22:58.0232 0652 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:22:58.0248 0652 VaultSvc - ok
15:22:58.0263 0652 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:22:58.0279 0652 vdrvroot - ok
15:22:58.0310 0652 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:22:58.0341 0652 vds - ok
15:22:58.0372 0652 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:22:58.0372 0652 vga - ok
15:22:58.0388 0652 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:22:58.0404 0652 VgaSave - ok
15:22:58.0435 0652 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:22:58.0450 0652 vhdmp - ok
15:22:58.0466 0652 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:22:58.0482 0652 viaagp - ok
15:22:58.0497 0652 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
15:22:58.0513 0652 ViaC7 - ok
15:22:58.0544 0652 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:22:58.0560 0652 viaide - ok
15:22:58.0575 0652 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:22:58.0591 0652 volmgr - ok
15:22:58.0606 0652 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:22:58.0606 0652 volmgrx - ok
15:22:58.0622 0652 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:22:58.0638 0652 volsnap - ok
15:22:58.0669 0652 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:22:58.0684 0652 vsmraid - ok
15:22:58.0716 0652 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:22:58.0762 0652 VSS - ok
15:22:58.0778 0652 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:22:58.0794 0652 vwifibus - ok
15:22:58.0809 0652 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:22:58.0825 0652 vwififlt - ok
15:22:58.0840 0652 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:22:58.0856 0652 vwifimp - ok
15:22:58.0872 0652 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:22:58.0903 0652 W32Time - ok
15:22:58.0934 0652 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:22:58.0934 0652 WacomPen - ok
15:22:58.0965 0652 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:22:58.0981 0652 WANARP - ok
15:22:58.0981 0652 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:22:59.0012 0652 Wanarpv6 - ok
15:22:59.0059 0652 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:22:59.0090 0652 WatAdminSvc - ok
15:22:59.0121 0652 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:22:59.0168 0652 wbengine - ok
15:22:59.0184 0652 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:22:59.0215 0652 WbioSrvc - ok
15:22:59.0230 0652 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:22:59.0262 0652 wcncsvc - ok
15:22:59.0277 0652 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:22:59.0293 0652 WcsPlugInService - ok
15:22:59.0324 0652 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:22:59.0324 0652 Wd - ok
15:22:59.0355 0652 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:22:59.0386 0652 Wdf01000 - ok
15:22:59.0402 0652 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:22:59.0433 0652 WdiServiceHost - ok
15:22:59.0433 0652 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:22:59.0449 0652 WdiSystemHost - ok
15:22:59.0464 0652 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:22:59.0496 0652 WebClient - ok
15:22:59.0511 0652 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:22:59.0527 0652 Wecsvc - ok
15:22:59.0542 0652 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:22:59.0574 0652 wercplsupport - ok
15:22:59.0574 0652 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:22:59.0605 0652 WerSvc - ok
15:22:59.0636 0652 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:22:59.0667 0652 WfpLwf - ok
15:22:59.0683 0652 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:22:59.0683 0652 WIMMount - ok
15:22:59.0730 0652 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:22:59.0776 0652 WinDefend - ok
15:22:59.0792 0652 WinHttpAutoProxySvc - ok
15:22:59.0823 0652 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:22:59.0870 0652 Winmgmt - ok
15:22:59.0901 0652 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:22:59.0979 0652 WinRM - ok
15:23:00.0026 0652 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:23:00.0042 0652 WinUsb - ok
15:23:00.0073 0652 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:23:00.0104 0652 Wlansvc - ok
15:23:00.0120 0652 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:23:00.0135 0652 WmiAcpi - ok
15:23:00.0166 0652 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:23:00.0198 0652 wmiApSrv - ok
15:23:00.0276 0652 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:23:00.0322 0652 WMPNetworkSvc - ok
15:23:00.0354 0652 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:23:00.0369 0652 WPCSvc - ok
15:23:00.0385 0652 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:23:00.0400 0652 WPDBusEnum - ok
15:23:00.0432 0652 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:23:00.0463 0652 ws2ifsl - ok
15:23:00.0478 0652 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
15:23:00.0494 0652 wscsvc - ok
15:23:00.0494 0652 WSearch - ok
15:23:00.0556 0652 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:23:00.0603 0652 wuauserv - ok
15:23:00.0634 0652 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:23:00.0634 0652 WudfPf - ok
15:23:00.0666 0652 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:23:00.0681 0652 WUDFRd - ok
15:23:00.0697 0652 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:23:00.0712 0652 wudfsvc - ok
15:23:00.0728 0652 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:23:00.0744 0652 WwanSvc - ok
15:23:00.0775 0652 ================ Scan global ===============================
15:23:00.0790 0652 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:23:00.0822 0652 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
15:23:00.0837 0652 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
15:23:00.0853 0652 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:23:00.0884 0652 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:23:00.0884 0652 [Global] - ok
15:23:00.0884 0652 ================ Scan MBR ==================================
15:23:00.0900 0652 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:23:01.0165 0652 \Device\Harddisk0\DR0 - ok
15:23:01.0165 0652 ================ Scan VBR ==================================
15:23:01.0165 0652 [ 12D956860C93E60638D734745000F6C4 ] \Device\Harddisk0\DR0\Partition1
15:23:01.0165 0652 \Device\Harddisk0\DR0\Partition1 - ok
15:23:01.0196 0652 [ 37FFE534B7C561DA6C5F28DF26CE85C8 ] \Device\Harddisk0\DR0\Partition2
15:23:01.0196 0652 \Device\Harddisk0\DR0\Partition2 - ok
15:23:01.0196 0652 ============================================================
15:23:01.0196 0652 Scan finished
15:23:01.0196 0652 ============================================================
15:23:01.0212 2656 Detected object count: 2
15:23:01.0212 2656 Actual detected object count: 2
15:24:42.0347 2656 DolphinCBarSrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:42.0347 2656 DolphinCBarSrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:42.0347 2656 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:42.0347 2656 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip


Thank you

xxx
  • 0

#4
Essexboy
Posted 29 November 2012 - 09:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ta the RogueKiller run confirmed a suspicion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKCU..\Run: [edliSTAT] C:\Users\Caroline Butterwick\AppData\Local\Temp\getmfmon.dll (FRISK Software International)

:Files 
C:\Users\Caroline Butterwick\AppData\Local\Temp\getmfmon.dll 

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Megan1994
Posted 29 November 2012 - 10:18 AM

Megan1994

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,

It looks like it got something!

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\edliSTAT not found.
C:\Users\Caroline Butterwick\AppData\Local\Temp\getmfmon.dll moved successfully.
========== FILES ==========
File\Folder C:\Users\Caroline Butterwick\AppData\Local\Temp\getmfmon.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Caroline Butterwick
->Temp folder emptied: 83668598 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1970490 bytes
->FireFox cache emptied: 808385158 bytes
->Flash cache emptied: 97155 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105749999 bytes
RecycleBin emptied: 106644980 bytes

Total Files Cleaned = 1,055.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11292012_161236

Files\Folders moved on Reboot...
File\Folder C:\Users\Caroline Butterwick\AppData\Local\Temp\Temporary Internet Files\Content.IE5\T5G2FAM5\Beob_WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,vHzm0NPWKXgYTGJVzDvuPUdJuizokKpKvSsPQEB2hSomm9r27PufbCrQf1nrIV4DZfJWbanUdXeAVNYXHO717-2W6pvGtCvaRJKtiQiFl7KrY-L6xT6rbee8IOIWPw6tRaEEuQ[1].gif not found!
File\Folder C:\Users\Caroline Butterwick\AppData\Local\Temp\Temporary Internet Files\Content.IE5\T5G2FAM5\NiZUucgTNFgplm4,vHzm0NPWKXgYTGJVzDvuPUdJuizokKpKvSsPQEB2hSomm9r27PufbCrQf1nrIV4DZfJWbanUdXeAVNYXHO717-2W6pvGtCvaRJKtiQiFl7KrY-L6xT6rbee8IOIWPw6tRaEEuQ&callback=google.LU[1].js not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
Essexboy
Posted 29 November 2012 - 12:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you check for redirects now and run a fresh OTL quickscan please
  • 0

#7
Megan1994
Posted 29 November 2012 - 03:39 PM

Megan1994

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 11/29/2012 9:35:22 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Caroline Butterwick\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 73.18% Memory free
6.00 Gb Paging File | 5.21 Gb Available in Paging File | 86.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 23.15 Gb Free Space | 46.30% Space Free | Partition Type: NTFS
Drive D: | 248.09 Gb Total Space | 233.34 Gb Free Space | 94.05% Space Free | Partition Type: NTFS

Computer Name: WIN-Z9EN9CK0WFA | User Name: Caroline Butterwick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/29 16:09:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caroline Butterwick\Desktop\OTL(1).exe
PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 19:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/02 19:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/11/27 14:16:09 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/11 10:26:50 | 000,274,432 | ---- | M] (Dolphin Oceanic Ltd.) -- C:\Windows\System32\dolsrvcbar2.exe
PRC - [2009/11/02 02:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/09/08 21:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/11/21 17:27:56 | 000,143,360 | ---- | M] (Impacct) -- C:\Program Files\Plustek\OpticBook 3600\Am32Plus.exe
PRC - [2007/05/23 18:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/09/09 15:33:14 | 000,307,200 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\ScanApi.dll
MOD - [2008/09/18 11:23:58 | 000,024,576 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\FineReader.dll
MOD - [2007/06/04 16:57:22 | 000,036,864 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\MaxReader.dll
MOD - [2007/05/30 15:48:06 | 000,167,936 | ---- | M] () -- C:\Program Files\Common Files\iMpacct\ControlFunc.dll
MOD - [2006/11/30 09:58:50 | 000,061,440 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\TWAINAPP.dll
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006/05/15 14:24:18 | 000,122,938 | ---- | M] () -- C:\Program Files\Common Files\iMpacct\CommonFunc.dll
MOD - [2005/11/21 16:10:30 | 000,483,328 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\bmp2tiff.dll
MOD - [2005/09/21 13:38:54 | 000,081,920 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Web Utility.dll
MOD - [2005/09/21 13:38:46 | 000,090,112 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Wallpaper.dll
MOD - [2005/09/21 13:38:32 | 000,077,824 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Scan Utility.dll
MOD - [2005/09/21 13:38:28 | 000,045,056 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Power Save.dll
MOD - [2005/09/21 13:38:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Positive Utility.dll
MOD - [2005/09/21 13:38:16 | 000,065,536 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\OCR Utility.dll
MOD - [2005/09/21 13:38:12 | 000,069,632 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Negative Utility.dll
MOD - [2005/09/21 13:37:52 | 000,077,824 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\File Utility.dll
MOD - [2005/09/21 13:37:48 | 000,069,632 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Fax Utility.dll
MOD - [2005/09/21 13:37:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Email Utility.dll
MOD - [2005/09/21 13:37:36 | 000,073,728 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Copy Utility.dll
MOD - [2005/09/21 13:37:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Button Config.dll
MOD - [2005/09/21 13:37:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\BCR Utility.dll
MOD - [2005/09/21 13:36:54 | 000,061,440 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\Prndriver.dll
MOD - [2004/01/07 12:47:34 | 000,045,056 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\FzOCR.dll
MOD - [2004/01/07 12:47:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Plustek\OpticBook 3600\PenPower.dll


========== Services (SafeList) ==========

SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/10 14:05:11 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/10/18 15:26:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/11 10:26:50 | 000,274,432 | ---- | M] (Dolphin Oceanic Ltd.) [Auto | Running] -- C:\Windows\System32\dolsrvcbar2.exe -- (DolphinCBarSrv2)
SRV - [2009/09/08 21:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/23 18:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2B85FDB-BE35-488B-9633-8569B4055A41}\MpKsl8801e2ec.sys -- (MpKsl8801e2ec)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56331053-A773-44EA-8564-A8A1ACB6C080}\MpKsl0937d042.sys -- (MpKsl0937d042)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CAROLI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Ai2Mmpd.sys -- (Ai2Mmpd)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\Ai2Chroniker.sys -- (Ai2Chroniker)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 22:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/13 18:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007/05/01 21:15:54 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNQN_enGB459
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.11
FF - prefs.js..extensions.enabledAddons: [email protected]:3.1.9
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Caroline Butterwick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Caroline Butterwick\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/27 14:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 14:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/28 13:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Extensions
[2012/11/29 15:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Firefox\Profiles\taeh6aao.default\extensions
[2012/11/29 15:08:32 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Firefox\Profiles\taeh6aao.default\extensions\[email protected]
[2012/11/29 15:08:33 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Caroline Butterwick\AppData\Roaming\Mozilla\Firefox\Profiles\taeh6aao.default\extensions\[email protected]
[2011/10/28 13:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/10 14:05:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/10 14:05:09 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/10 14:05:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/10 14:05:09 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/09/10 14:05:09 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/10 14:05:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/10 14:05:09 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/11/29 16:12:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - Startup: C:\Users\Caroline Butterwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Colour Explorer 9,0.lnk = C:\Program Files\MicrolinkPC\CXLOADER.exe (MicrolinkPC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B072F3AC-1B61-47AC-90DF-486936A7BF73}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E23D5084-BDEA-4BEB-865D-CB8472124A84}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/29 16:12:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/29 16:09:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caroline Butterwick\Desktop\OTL(1).exe
[2012/11/29 15:19:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Caroline Butterwick\Desktop\tdsskiller.exe
[2012/11/29 15:12:49 | 000,000,000 | ---D | C] -- C:\Users\Caroline Butterwick\Desktop\RK_Quarantine
[2012/11/29 15:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

========== Files - Modified Within 30 Days ==========

[2012/11/29 21:34:35 | 000,643,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/29 21:34:35 | 000,118,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/29 21:32:43 | 000,009,920 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/29 21:32:43 | 000,009,920 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/29 21:30:53 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/29 21:30:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/29 21:29:50 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/29 16:41:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/29 16:12:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/11/29 16:09:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caroline Butterwick\Desktop\OTL(1).exe
[2012/11/29 15:20:21 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Caroline Butterwick\Desktop\tdsskiller.exe
[2012/11/29 15:11:04 | 000,752,128 | ---- | M] () -- C:\Users\Caroline Butterwick\Desktop\RogueKiller.exe
[2012/11/29 15:07:42 | 000,409,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/11/29 15:10:55 | 000,752,128 | ---- | C] () -- C:\Users\Caroline Butterwick\Desktop\RogueKiller.exe
[2012/11/27 21:34:11 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/27 21:33:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/01/28 01:14:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/28 01:14:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/28 01:14:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/28 01:14:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/28 01:14:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 23:49:04 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/09 10:51:24 | 000,001,809 | ---- | C] () -- C:\Windows\if42le.ini
[2011/02/09 10:51:24 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini
[2010/09/21 10:47:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\IyfSpCIt.dat
[2010/09/21 10:47:37 | 000,000,031 | ---- | C] () -- C:\ProgramData\msdesksw_default.theme
[1648/10/07 19:02:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\hnEIlj.theme

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/09/21 07:52:48 | 000,000,000 | ---D | M] -- C:\Users\Caroline Butterwick\AppData\Roaming\Appinstaller_2
[2010/09/21 10:38:51 | 000,000,000 | ---D | M] -- C:\Users\Caroline Butterwick\AppData\Roaming\dolphin
[2011/09/24 19:14:06 | 000,000,000 | ---D | M] -- C:\Users\Caroline Butterwick\AppData\Roaming\Electronic Arts
[2011/09/16 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\Caroline Butterwick\AppData\Roaming\NewSoft
[2012/01/28 02:02:48 | 000,000,000 | ---D | M] -- C:\Users\Caroline Butterwick\AppData\Roaming\Systweak
[2010/10/18 15:39:30 | 000,000,000 | ---D | M] -- C:\Users\Caroline Butterwick\AppData\Roaming\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 37 bytes -> C:\Windows\System32\desktop.ini:WIN64
@Alternate Data Stream - 33 bytes -> C:\Windows\win.ini:WINDOWS
@Alternate Data Stream - 28 bytes -> C:\ProgramData\hnEIlj.theme:NTOSCHK

< End of report >


The redirects seem to have completely stopped.

Is the computer now safe to use passwords on, Facebook and banking etc?
  • 0

#8
Essexboy
Posted 29 November 2012 - 05:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I believe it should be good now

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Essexboy
Posted 02 December 2012 - 06:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP