Jump to content

Recommended Posts

Posted (edited)

Good Morning.


It's a friend-of-a-friends laptop, and the user has been complaining that the laptop has been running slow.


I have installed Microsoft Security Essentials, run an update and did a full scan - nothing was found. I then ran MBAM which was interesting, and OTL.


MBAM report below, OTL reports attatched.





Malwarebytes Anti-Malware


Database version: v2013.01.25.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Iain :: IAIN-PC [administrator]

25/01/2013 18:25:01

mbam-log-2013-01-25 (18-25-01).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 537927

Time elapsed: 2 hour(s), 12 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab Music Converter (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 29

C:\Program Files (x86)\FoxTabMusicConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0D6W67MI\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2X34OOTH\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2X34OOTH\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\53MFFA6N\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Z8OS1DZ\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Z8OS1DZ\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5Z8OS1DZ\scandsk107e_8024[3].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LLSTNUI\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LLSTNUI\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8363NPOC\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8363NPOC\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9O42FTEG\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9O42FTEG\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9O42FTEG\scandsk107e_8024[3].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JU4DPHVR\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JU4DPHVR\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LH1PBGFG\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P5NFWZXR\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P5NFWZXR\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R5955ENK\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R6TG9C92\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R6TG9C92\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RFJ8G517\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RFJ8G517\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RFJ8G517\scandsk107e_8024[3].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJMEF67D\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJMEF67D\scandsk107e_8024[2].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.

C:\Users\Jackie Scarfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YV64AS32\scandsk107e_8024[1].bat (Rogue.InternetSecurityGuard) -> Quarantined and deleted successfully.





OTL logfile created on: 31/01/2013 08:01:37 - Run 1

OTL by OldTimer - Version Folder = C:\Users\Iain\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy


2.93 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 43.80% Memory free

5.86 Gb Paging File | 4.02 Gb Available in Paging File | 68.52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.78 Gb Total Space | 152.70 Gb Free Space | 69.16% Space Free | Partition Type: NTFS


Computer Name: IAIN-PC | User Name: Iain | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


========== Processes (SafeList) ==========


PRC - C:\Users\Iain\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe (Visicom Media Inc.)

PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)



========== Modules (No Company Name) ==========


MOD - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll ()

MOD - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()



========== Services (SafeList) ==========


SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)



========== Driver Services (SafeList) ==========


DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========


IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=d422f0a8000000000000f07bcb0ef619

IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB399GB399

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{B863BE4E-02B2-4A9E-B139-30AC2BE2EFC0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=649DB339-EC0F-4997-B862-36F816898F34&apn_sauid=DD706B50-91B6-44E4-A3D3-357E1A2C2EFF

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files (x86)\Panda Security\Panda ID Protect\Firefox [2010/11/30 13:34:34 | 000,000,000 | ---D | M]



========== Chrome ==========


CHR - homepage: http://www.google.com

CHR - default_search_provider: Ask (Enabled)

CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=649DB339-EC0F-4997-B862-36F816898F34&apn_ptnrs=U4&apn_sauid=DD706B50-91B6-44E4-A3D3-357E1A2C2EFF&apn_dtid=OSJ000YYUK&q={searchTerms}

CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [Panda Security Toolbar Antiphishing] C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe (Visicom Media Inc.)

O4 - HKCU..\Run: [Allmyapps] C:\Program Files (x86)\Allmyapps\AllmyappsNotifier.exe (Allmyapps)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E8197FE-1447-4B60-9413-2298ECCA4308}: DhcpNameServer =

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



MsConfig:64bit - StartUpReg: Acer ePower Management - hkey= - key= - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

MsConfig:64bit - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe ()

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

MsConfig:64bit - State: "startup" - Reg Error: Key error.



Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========


[2013/01/31 08:00:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Iain\Desktop\OTL.scr

[2013/01/31 01:08:07 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{C2D8DA9A-34C4-4CE3-B639-5711313FAC4A}

[2013/01/30 16:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2013/01/30 16:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/01/30 13:07:32 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{4D861D4E-DA50-4A02-ACBA-974ABDEB5EAA}

[2013/01/25 18:23:35 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\Programs

[2013/01/25 18:20:36 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{E6AA4C24-296A-4C0E-A1FD-20D60A2EF10A}

[2013/01/11 13:28:58 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{FFB2D376-5985-4650-8354-AE4E4CC0D83D}

[2013/01/11 13:24:46 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{7B40FC97-B95C-48E0-9E1D-33971AC67B1D}

[2013/01/10 17:11:33 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/01/10 17:11:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/01/10 17:11:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/01/10 17:11:02 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/01/10 17:10:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/01/10 17:10:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/01/10 17:10:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/01/10 17:10:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/01/10 17:10:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/01/10 17:10:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/01/10 17:10:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/01/10 17:10:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/01/10 17:10:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/01/10 17:10:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/01/10 17:10:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/01/10 17:10:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/01/10 17:10:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/01/10 17:10:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/01/10 17:10:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/01/10 17:10:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/01/10 17:10:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/01/10 17:10:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/01/10 17:10:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/01/10 17:10:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/01/10 17:10:45 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/01/10 17:10:44 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/01/10 17:10:44 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/01/10 17:10:44 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/01/10 17:10:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/01/10 17:10:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/01/10 17:10:41 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/01/10 17:10:41 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/01/10 17:10:41 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/01/10 17:10:41 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/01/10 17:10:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/01/10 17:10:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/01/10 17:09:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/01/10 17:09:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/01/10 17:09:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/01/10 17:09:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/01/10 17:09:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/01/10 17:09:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/01/10 17:09:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/01/10 17:09:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/01/10 17:09:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/01/10 17:09:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/01/10 17:09:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/10 17:09:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/10 17:09:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/10 17:09:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/10 17:09:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/10 17:09:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/10 17:09:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/10 17:09:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/10 17:09:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/10 17:09:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/10 17:09:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/10 17:09:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/10 17:09:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/10 17:09:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/10 17:09:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/10 17:09:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/10 17:09:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/10 17:09:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/10 17:09:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/10 17:09:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/10 17:09:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/10 17:09:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/10 17:09:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/10 17:09:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/10 17:09:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/01/10 17:09:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/01/10 17:09:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/10 17:09:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/10 17:09:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/10 17:09:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/10 17:09:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/10 17:09:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/01/10 17:08:41 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

[2013/01/10 16:54:48 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{5A165E3C-C452-40EA-BC64-C0025DA957DF}

[2013/01/09 17:57:23 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{E87412D8-5978-4A4C-B070-75F7240A72BD}

[2013/01/08 22:19:59 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{02A8C73A-6B99-4CEF-B028-B69E3D0F0A59}

[2013/01/08 21:34:09 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{6A95E278-6749-4DA7-BAAC-AADEE5653EB2}

[2013/01/08 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{2CFCB0C4-E876-464C-AC7C-4D48E2481836}

[2013/01/08 21:22:16 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{34DB199A-2D84-4B67-8BF2-41F1B5503ABF}

[2013/01/06 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{8BB3632D-C663-4CA8-9316-6947BD63F086}

[2013/01/05 14:18:14 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{54775E80-C3ED-4F01-B944-05BC59FF2F75}

[2013/01/04 10:00:36 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{CF72EA5F-383D-40F8-AE44-C359DF213527}

[2013/01/03 11:51:51 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{67E263D0-F6A5-467F-A389-DDCBE6256EEF}

[2013/01/02 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{86AD2B9E-8904-4FA9-A578-767EE5DCE010}

[2013/01/01 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{6F328FE9-9A6F-4629-890B-427B31FB4535}

[2009/11/03 04:04:33 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


========== Files - Modified Within 30 Days ==========


[2013/01/31 08:00:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Iain\Desktop\OTL.scr

[2013/01/30 20:57:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/30 16:44:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/30 16:44:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/30 16:41:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/01/30 16:33:39 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/30 13:32:05 | 000,751,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/30 13:32:05 | 000,627,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/30 13:32:05 | 000,114,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/01/25 18:23:54 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/12 21:22:47 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/12 21:22:28 | 000,425,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/01/11 13:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/11 13:21:23 | 238,459,467 | ---- | M] () -- C:\Windows\MEMORY.DMP

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


========== Files Created - No Company Name ==========


[2013/01/30 16:41:02 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/01/30 16:40:51 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/01/25 18:23:54 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/12 19:27:18 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat

[2012/12/12 19:27:18 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat

[2010/10/11 15:49:35 | 000,000,000 | ---- | C] () -- C:\Users\Iain\AppData\Roaming\wklnhst.dat


========== ZeroAccess Check ==========


[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64




[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64




[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment



"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free



"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both




========== LOP Check ==========


[2010/10/11 15:27:10 | 000,000,000 | -HSD | M] -- C:\Users\Iain\AppData\Roaming\.#

[2012/09/24 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\Allmyapps

[2012/01/09 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\Babylon

[2010/10/05 21:12:11 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\GameConsole

[2010/12/06 17:03:52 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\LEGO Company

[2010/11/30 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\Panda Security

[2010/11/30 13:34:28 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\SurfSecret Privacy Suite

[2011/04/19 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\Windows Live Writer


========== Purity Check ==========




========== Custom Scans ==========


========== Drive Information ==========


Physical Drives



Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: Hitachi HTS545025B9A300

Partitions: 3

Status: OK

Status Info: 0





DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 12.00GB

Starting Offset: 32256

Hidden sectors: 0



DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 102.00MB

Starting Offset: 12889013760

Hidden sectors: 0



DeviceID: Disk #0, Partition #2

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 221.00GB

Starting Offset: 12995942400

Hidden sectors: 0




[2009/11/03 03:45:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/01/30 16:33:39 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/30 16:33:43 | 3147,800,576 | -HS- | M] () -- C:\pagefile.sys

[2009/11/03 03:59:49 | 000,002,881 | ---- | M] () -- C:\RHDSetup.log

[2012/01/09 17:31:43 | 000,001,491 | ---- | M] () -- C:\user.js


< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >


< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >


< %systemroot%\Tasks\*.job /lockedfiles >


< %systemroot%\system32\drivers\*.sys /lockedfiles >


< %systemroot%\system32\*.exe /lockedfiles >


< %systemroot%\System32\config\*.sav >



[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini


< %USERPROFILE%\..|smtmp;true;true;true /FP >


< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >


< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/21 17:59:55 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/21 17:59:55 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/21 17:59:55 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)


< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/12/05 01:15:17 | 001,242,728 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/03/21 17:59:47 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/03/21 17:59:47 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/03/21 17:59:47 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)


========== Alternate Data Streams ==========


@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE



< End of report >

OTL.TxtFetching info...

Extras.TxtFetching info...

Edited by etavares
  • Replies 15
  • Created
  • Last Reply

Top Posters In This Topic


Hello, BreatGritain.


My name is etavares and I will be helping you with this log.



Here are some guidelines to ensure we are able to get your machine back under your control.



  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!







Step 1



Install ERUNT

This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.



The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:

  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.







Step 2





Please uninstall these programs from Add/Remove Programs:



1. Ask Toolbar Updater

2. Babylon Toolbar







Step 3



We need run an OTL Script

  1. Please download OTL from one of the following mirrors if you do not still have it.

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Paste the following code under the Custom Scans/Fixes box at the bottom.

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=d42 2f0a8000000000000f07bcb0ef619
IE - HKCU\..\SearchScopes\{B863BE4E-02B2-4A9E-B139-30AC2BE2EFC0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms }&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid =649DB339-EC0F-4997-B862-36F816898F34&apn_sauid=DD706B50-91B6-44E4-A3D3-357E1A2C2EFF
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\bh\Ba bylonToolbar.dll (Babylon BHO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\Babyl onToolbarTlbr.dll (Babylon Ltd.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

[*]Click the Run Fix button at the top.

[*]let the program run unhindered and reboot when it is done.

[*]You will get a log when it is done, please post that in your reply.

[*]Please then create a new OTL report....

[*]Click the "Scan All Users" checkbox.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.

[*]A report will open, copy and paste it in a reply here.







Step 4



I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

    [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

    [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png





Hi Etavares,


Thanks for your help, it's really appreciated.


Step One


Completed, no issues.


Step Two


Babylon has been removed,

Ask Toolbar Updater gives a message "Sucessfully stopped the updater" - but the program still remains on the list. It doesn't appear to be even trying to remove the program, the message pops up pretty much straight away.


Would you like me to proceed with steps 3 & 4 anyway, or does the ask updater need a little more attention first?


Thank you,





I ran the fix with OTL, and then rebooted. I failed to save the text file before rebooting, and it's gone now i'm afraid. I hope that's not too inconvenient. The report that was produced said a couple of items could not be found, but most were "sucessful" (or something like that, from memory).


I then ran the full scan on OTL with "All users" checked. The report from that has been attatched.


I then ran ESET, and the result is here...



C:\Users\Iain\AppData\Local\Temp\is1438683437\YontooSetup-DropDownDeals-SilentInstaller.exe multiple threats cleaned by deleting - quarantined



OTL.TxtFetching info...


Hello, BreatGritain.


None of these infections appear to be active, which is the good news. Is it still running slow? When? Slow to boot up? Slows down after using it for a while?


Let's run TDSSKiller to be sure there are no rootkits.




  1. Download TDSSKiller.exe and save it to your desktop.
  2. Double-click TDSSKiller.exe to run it.
  3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  4. Click Start scan and allow it to scan for Malicious objects.
  5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the logfile in your next reply







Heres the result of the latest scan:



22:33:26.0463 4560 TDSS rootkit removing tool Oct 31 2012 21:47:35

22:33:26.0657 4560 ============================================================

22:33:26.0657 4560 Current date / time: 2013/02/01 22:33:26.0657

22:33:26.0657 4560 SystemInfo:

22:33:26.0657 4560

22:33:26.0657 4560 OS Version: 6.1.7601 ServicePack: 1.0

22:33:26.0657 4560 Product type: Workstation

22:33:26.0657 4560 ComputerName: IAIN-PC

22:33:26.0658 4560 UserName: Iain

22:33:26.0658 4560 Windows directory: C:\Windows

22:33:26.0658 4560 System windows directory: C:\Windows

22:33:26.0658 4560 Running under WOW64

22:33:26.0658 4560 Processor architecture: Intel x64

22:33:26.0658 4560 Number of processors: 2

22:33:26.0658 4560 Page size: 0x1000

22:33:26.0658 4560 Boot type: Normal boot

22:33:26.0658 4560 ============================================================

22:33:29.0220 4560 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:33:29.0248 4560 ============================================================

22:33:29.0248 4560 \Device\Harddisk0\DR0:

22:33:29.0248 4560 MBR partitions:

22:33:29.0248 4560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD

22:33:29.0248 4560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x1B990244

22:33:29.0248 4560 ============================================================

22:33:29.0290 4560 C: <-> \Device\Harddisk0\DR0\Partition2

22:33:29.0290 4560 ============================================================

22:33:29.0290 4560 Initialize success

22:33:29.0290 4560 ============================================================

22:34:19.0588 3944 ============================================================

22:34:19.0588 3944 Scan started

22:34:19.0588 3944 Mode: Manual;

22:34:19.0588 3944 ============================================================

22:34:20.0793 3944 ================ Scan system memory ========================

22:34:20.0793 3944 System memory - ok

22:34:20.0794 3944 ================ Scan services =============================

22:34:20.0962 3944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

22:34:20.0967 3944 1394ohci - ok

22:34:21.0000 3944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

22:34:21.0004 3944 ACPI - ok

22:34:21.0027 3944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

22:34:21.0028 3944 AcpiPmi - ok

22:34:21.0177 3944 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:34:21.0178 3944 AdobeARMservice - ok

22:34:21.0237 3944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

22:34:21.0244 3944 adp94xx - ok

22:34:21.0264 3944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

22:34:21.0269 3944 adpahci - ok

22:34:21.0277 3944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

22:34:21.0280 3944 adpu320 - ok

22:34:21.0332 3944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:34:21.0334 3944 AeLookupSvc - ok

22:34:21.0384 3944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

22:34:21.0389 3944 AFD - ok

22:34:21.0432 3944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

22:34:21.0434 3944 agp440 - ok

22:34:21.0480 3944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

22:34:21.0481 3944 ALG - ok

22:34:21.0518 3944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

22:34:21.0519 3944 aliide - ok

22:34:21.0560 3944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

22:34:21.0584 3944 amdide - ok

22:34:21.0619 3944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:34:21.0621 3944 AmdK8 - ok

22:34:21.0627 3944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

22:34:21.0629 3944 AmdPPM - ok

22:34:21.0672 3944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:34:21.0674 3944 amdsata - ok

22:34:21.0717 3944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

22:34:21.0720 3944 amdsbs - ok

22:34:21.0757 3944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:34:21.0758 3944 amdxata - ok

22:34:21.0822 3944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

22:34:21.0824 3944 AppID - ok

22:34:21.0865 3944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:34:21.0866 3944 AppIDSvc - ok

22:34:21.0903 3944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

22:34:21.0905 3944 Appinfo - ok

22:34:21.0943 3944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

22:34:21.0945 3944 arc - ok

22:34:21.0953 3944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

22:34:21.0955 3944 arcsas - ok

22:34:21.0990 3944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:34:21.0991 3944 AsyncMac - ok

22:34:22.0035 3944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

22:34:22.0036 3944 atapi - ok

22:34:22.0089 3944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:34:22.0096 3944 AudioEndpointBuilder - ok

22:34:22.0107 3944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:34:22.0112 3944 AudioSrv - ok

22:34:22.0197 3944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:34:22.0199 3944 AxInstSV - ok

22:34:22.0254 3944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

22:34:22.0260 3944 b06bdrv - ok

22:34:22.0304 3944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

22:34:22.0307 3944 b57nd60a - ok

22:34:22.0407 3944 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

22:34:22.0410 3944 BBSvc - ok

22:34:22.0510 3944 [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

22:34:22.0528 3944 BCM43XX - ok

22:34:22.0551 3944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

22:34:22.0554 3944 BDESVC - ok

22:34:22.0581 3944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

22:34:22.0582 3944 Beep - ok

22:34:22.0658 3944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

22:34:22.0669 3944 BFE - ok

22:34:22.0705 3944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

22:34:22.0716 3944 BITS - ok

22:34:22.0755 3944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:34:22.0757 3944 blbdrive - ok

22:34:22.0815 3944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:34:22.0817 3944 bowser - ok

22:34:22.0839 3944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:34:22.0840 3944 BrFiltLo - ok

22:34:22.0847 3944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:34:22.0848 3944 BrFiltUp - ok

22:34:22.0889 3944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

22:34:22.0891 3944 Browser - ok

22:34:22.0916 3944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:34:22.0934 3944 Brserid - ok

22:34:22.0943 3944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:34:22.0944 3944 BrSerWdm - ok

22:34:22.0950 3944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:34:22.0952 3944 BrUsbMdm - ok

22:34:22.0961 3944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:34:22.0962 3944 BrUsbSer - ok

22:34:22.0969 3944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

22:34:22.0972 3944 BTHMODEM - ok

22:34:23.0001 3944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

22:34:23.0003 3944 bthserv - ok

22:34:23.0046 3944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:34:23.0049 3944 cdfs - ok

22:34:23.0097 3944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

22:34:23.0100 3944 cdrom - ok

22:34:23.0150 3944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

22:34:23.0152 3944 CertPropSvc - ok

22:34:23.0192 3944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

22:34:23.0194 3944 circlass - ok

22:34:23.0258 3944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

22:34:23.0264 3944 CLFS - ok

22:34:23.0356 3944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:34:23.0359 3944 clr_optimization_v2.0.50727_32 - ok

22:34:23.0415 3944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:34:23.0417 3944 clr_optimization_v2.0.50727_64 - ok

22:34:23.0523 3944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:34:23.0555 3944 clr_optimization_v4.0.30319_32 - ok

22:34:23.0592 3944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:34:23.0594 3944 clr_optimization_v4.0.30319_64 - ok

22:34:23.0633 3944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

22:34:23.0634 3944 CmBatt - ok

22:34:23.0680 3944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:34:23.0681 3944 cmdide - ok

22:34:23.0755 3944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

22:34:23.0762 3944 CNG - ok

22:34:23.0796 3944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

22:34:23.0797 3944 Compbatt - ok

22:34:23.0846 3944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

22:34:23.0847 3944 CompositeBus - ok

22:34:23.0865 3944 COMSysApp - ok

22:34:23.0887 3944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

22:34:23.0889 3944 crcdisk - ok

22:34:23.0943 3944 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:34:23.0946 3944 CryptSvc - ok

22:34:24.0003 3944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:34:24.0009 3944 DcomLaunch - ok

22:34:24.0047 3944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

22:34:24.0052 3944 defragsvc - ok

22:34:24.0094 3944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:34:24.0096 3944 DfsC - ok

22:34:24.0148 3944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

22:34:24.0153 3944 Dhcp - ok

22:34:24.0193 3944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

22:34:24.0195 3944 discache - ok

22:34:24.0215 3944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

22:34:24.0216 3944 Disk - ok

22:34:24.0316 3944 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys

22:34:24.0317 3944 DKbFltr - ok

22:34:24.0345 3944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:34:24.0348 3944 Dnscache - ok

22:34:24.0396 3944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

22:34:24.0400 3944 dot3svc - ok

22:34:24.0439 3944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

22:34:24.0441 3944 DPS - ok

22:34:24.0473 3944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:34:24.0474 3944 drmkaud - ok

22:34:24.0528 3944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:34:24.0534 3944 DXGKrnl - ok

22:34:24.0577 3944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

22:34:24.0579 3944 EapHost - ok

22:34:24.0669 3944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

22:34:24.0795 3944 ebdrv - ok

22:34:24.0836 3944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

22:34:24.0837 3944 EFS - ok

22:34:24.0918 3944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:34:24.0926 3944 ehRecvr - ok

22:34:24.0960 3944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

22:34:24.0962 3944 ehSched - ok

22:34:24.0998 3944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

22:34:25.0005 3944 elxstor - ok

22:34:25.0067 3944 [ 8E910F796F5F30281CDD24ABA47DDEA2 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

22:34:25.0076 3944 ePowerSvc - ok

22:34:25.0114 3944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:34:25.0116 3944 ErrDev - ok

22:34:25.0176 3944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

22:34:25.0181 3944 EventSystem - ok

22:34:25.0199 3944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

22:34:25.0202 3944 exfat - ok

22:34:25.0231 3944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:34:25.0234 3944 fastfat - ok

22:34:25.0295 3944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

22:34:25.0303 3944 Fax - ok

22:34:25.0325 3944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:34:25.0327 3944 fdc - ok

22:34:25.0361 3944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

22:34:25.0362 3944 fdPHost - ok

22:34:25.0368 3944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

22:34:25.0370 3944 FDResPub - ok

22:34:25.0399 3944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:34:25.0401 3944 FileInfo - ok

22:34:25.0419 3944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:34:25.0420 3944 Filetrace - ok

22:34:25.0426 3944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:34:25.0428 3944 flpydisk - ok

22:34:25.0471 3944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:34:25.0474 3944 FltMgr - ok

22:34:25.0526 3944 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

22:34:25.0538 3944 FontCache - ok

22:34:25.0623 3944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:34:25.0624 3944 FontCache3.0.0.0 - ok

22:34:25.0660 3944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:34:25.0661 3944 FsDepends - ok

22:34:25.0711 3944 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

22:34:25.0713 3944 fssfltr - ok

22:34:25.0829 3944 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

22:34:25.0845 3944 fsssvc - ok

22:34:25.0875 3944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:34:25.0876 3944 Fs_Rec - ok

22:34:25.0935 3944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:34:25.0937 3944 fvevol - ok

22:34:25.0982 3944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

22:34:25.0984 3944 gagp30kx - ok

22:34:26.0036 3944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

22:34:26.0046 3944 gpsvc - ok

22:34:26.0117 3944 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

22:34:26.0130 3944 Greg_Service - ok

22:34:26.0222 3944 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:34:26.0225 3944 gupdate - ok

22:34:26.0259 3944 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:34:26.0261 3944 gupdatem - ok

22:34:26.0297 3944 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:34:26.0300 3944 gusvc - ok

22:34:26.0343 3944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:34:26.0345 3944 hcw85cir - ok

22:34:26.0402 3944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

22:34:26.0407 3944 HdAudAddService - ok

22:34:26.0446 3944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

22:34:26.0447 3944 HDAudBus - ok

22:34:26.0466 3944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

22:34:26.0468 3944 HidBatt - ok

22:34:26.0476 3944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

22:34:26.0479 3944 HidBth - ok

22:34:26.0485 3944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

22:34:26.0511 3944 HidIr - ok

22:34:26.0535 3944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

22:34:26.0537 3944 hidserv - ok

22:34:26.0589 3944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

22:34:26.0591 3944 HidUsb - ok

22:34:26.0652 3944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:34:26.0655 3944 hkmsvc - ok

22:34:26.0686 3944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:34:26.0690 3944 HomeGroupListener - ok

22:34:26.0726 3944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:34:26.0731 3944 HomeGroupProvider - ok

22:34:26.0789 3944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

22:34:26.0792 3944 HpSAMD - ok

22:34:26.0861 3944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:34:26.0870 3944 HTTP - ok

22:34:26.0914 3944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:34:26.0915 3944 hwpolicy - ok

22:34:27.0018 3944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

22:34:27.0028 3944 i8042prt - ok

22:34:27.0145 3944 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

22:34:27.0170 3944 IAANTMON - ok

22:34:27.0233 3944 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

22:34:27.0237 3944 iaStor - ok

22:34:27.0338 3944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:34:27.0354 3944 iaStorV - ok

22:34:27.0464 3944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:34:27.0483 3944 idsvc - ok

22:34:28.0170 3944 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

22:34:28.0400 3944 igfx - ok

22:34:28.0454 3944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

22:34:28.0467 3944 iirsp - ok

22:34:28.0538 3944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

22:34:28.0549 3944 IKEEXT - ok

22:34:28.0648 3944 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

22:34:28.0662 3944 IntcAzAudAddService - ok

22:34:28.0723 3944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

22:34:28.0724 3944 intelide - ok

22:34:28.0769 3944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:34:28.0770 3944 intelppm - ok

22:34:28.0802 3944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:34:28.0804 3944 IPBusEnum - ok

22:34:28.0842 3944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:34:28.0844 3944 IpFilterDriver - ok

22:34:28.0884 3944 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:34:28.0890 3944 iphlpsvc - ok

22:34:28.0928 3944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

22:34:28.0929 3944 IPMIDRV - ok

22:34:28.0962 3944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:34:28.0964 3944 IPNAT - ok

22:34:29.0000 3944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:34:29.0002 3944 IRENUM - ok

22:34:29.0014 3944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:34:29.0015 3944 isapnp - ok

22:34:29.0041 3944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

22:34:29.0044 3944 iScsiPrt - ok

22:34:29.0083 3944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

22:34:29.0084 3944 kbdclass - ok

22:34:29.0107 3944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

22:34:29.0109 3944 kbdhid - ok

22:34:29.0126 3944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

22:34:29.0127 3944 KeyIso - ok

22:34:29.0173 3944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:34:29.0175 3944 KSecDD - ok

22:34:29.0214 3944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:34:29.0216 3944 KSecPkg - ok

22:34:29.0256 3944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:34:29.0257 3944 ksthunk - ok

22:34:29.0296 3944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

22:34:29.0301 3944 KtmRm - ok

22:34:29.0353 3944 [ 2377EC4CC3E356655B996F39B43486B6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

22:34:29.0355 3944 L1C - ok

22:34:29.0396 3944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

22:34:29.0400 3944 LanmanServer - ok

22:34:29.0438 3944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:34:29.0442 3944 LanmanWorkstation - ok

22:34:29.0483 3944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:34:29.0485 3944 lltdio - ok

22:34:29.0519 3944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:34:29.0524 3944 lltdsvc - ok

22:34:29.0546 3944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:34:29.0548 3944 lmhosts - ok

22:34:29.0584 3944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

22:34:29.0586 3944 LSI_FC - ok

22:34:29.0595 3944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

22:34:29.0598 3944 LSI_SAS - ok

22:34:29.0605 3944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:34:29.0608 3944 LSI_SAS2 - ok

22:34:29.0615 3944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:34:29.0618 3944 LSI_SCSI - ok

22:34:29.0658 3944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

22:34:29.0660 3944 luafv - ok

22:34:29.0703 3944 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

22:34:29.0704 3944 MBAMProtector - ok

22:34:29.0786 3944 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

22:34:29.0791 3944 MBAMScheduler - ok

22:34:29.0815 3944 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:34:29.0823 3944 MBAMService - ok

22:34:29.0921 3944 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

22:34:29.0924 3944 McComponentHostService - ok

22:34:29.0965 3944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:34:29.0968 3944 Mcx2Svc - ok

22:34:30.0004 3944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

22:34:30.0006 3944 megasas - ok

22:34:30.0024 3944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

22:34:30.0028 3944 MegaSR - ok

22:34:30.0047 3944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

22:34:30.0049 3944 MMCSS - ok

22:34:30.0057 3944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

22:34:30.0058 3944 Modem - ok

22:34:30.0081 3944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:34:30.0082 3944 monitor - ok

22:34:30.0137 3944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

22:34:30.0138 3944 mouclass - ok

22:34:30.0182 3944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:34:30.0183 3944 mouhid - ok

22:34:30.0224 3944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:34:30.0226 3944 mountmgr - ok

22:34:30.0277 3944 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

22:34:30.0280 3944 MpFilter - ok

22:34:30.0315 3944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

22:34:30.0317 3944 mpio - ok

22:34:30.0352 3944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:34:30.0354 3944 mpsdrv - ok

22:34:30.0401 3944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:34:30.0411 3944 MpsSvc - ok

22:34:30.0448 3944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:34:30.0451 3944 MRxDAV - ok

22:34:30.0487 3944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:34:30.0489 3944 mrxsmb - ok

22:34:30.0539 3944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:34:30.0544 3944 mrxsmb10 - ok

22:34:30.0591 3944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:34:30.0593 3944 mrxsmb20 - ok

22:34:30.0638 3944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

22:34:30.0640 3944 msahci - ok

22:34:30.0686 3944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:34:30.0688 3944 msdsm - ok

22:34:30.0712 3944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

22:34:30.0715 3944 MSDTC - ok

22:34:30.0788 3944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:34:30.0789 3944 Msfs - ok

22:34:30.0806 3944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:34:30.0807 3944 mshidkmdf - ok

22:34:30.0829 3944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:34:30.0830 3944 msisadrv - ok

22:34:30.0865 3944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:34:30.0869 3944 MSiSCSI - ok

22:34:30.0875 3944 msiserver - ok

22:34:30.0901 3944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:34:30.0902 3944 MSKSSRV - ok

22:34:30.0970 3944 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

22:34:30.0971 3944 MsMpSvc - ok

22:34:30.0977 3944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:34:30.0979 3944 MSPCLOCK - ok

22:34:31.0018 3944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:34:31.0020 3944 MSPQM - ok

22:34:31.0060 3944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:34:31.0064 3944 MsRPC - ok

22:34:31.0104 3944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

22:34:31.0105 3944 mssmbios - ok

22:34:31.0132 3944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:34:31.0133 3944 MSTEE - ok

22:34:31.0139 3944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

22:34:31.0142 3944 MTConfig - ok

22:34:31.0167 3944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

22:34:31.0168 3944 Mup - ok

22:34:31.0208 3944 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

22:34:31.0209 3944 mwlPSDFilter - ok

22:34:31.0216 3944 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

22:34:31.0217 3944 mwlPSDNServ - ok

22:34:31.0233 3944 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

22:34:31.0234 3944 mwlPSDVDisk - ok

22:34:31.0286 3944 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

22:34:31.0291 3944 MWLService - ok

22:34:31.0334 3944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

22:34:31.0341 3944 napagent - ok

22:34:31.0387 3944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:34:31.0391 3944 NativeWifiP - ok

22:34:31.0457 3944 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

22:34:31.0468 3944 NDIS - ok

22:34:31.0513 3944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:34:31.0514 3944 NdisCap - ok

22:34:31.0541 3944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:34:31.0542 3944 NdisTapi - ok

22:34:31.0578 3944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:34:31.0580 3944 Ndisuio - ok

22:34:31.0621 3944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:34:31.0623 3944 NdisWan - ok

22:34:31.0661 3944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:34:31.0662 3944 NDProxy - ok

22:34:31.0707 3944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:34:31.0708 3944 NetBIOS - ok

22:34:31.0747 3944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:34:31.0750 3944 NetBT - ok

22:34:31.0759 3944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

22:34:31.0760 3944 Netlogon - ok

22:34:31.0806 3944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

22:34:31.0813 3944 Netman - ok

22:34:31.0834 3944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

22:34:31.0840 3944 netprofm - ok

22:34:31.0877 3944 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:34:31.0880 3944 NetTcpPortSharing - ok

22:34:31.0915 3944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

22:34:31.0917 3944 nfrd960 - ok

22:34:31.0965 3944 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:34:31.0966 3944 NisDrv - ok

22:34:32.0009 3944 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

22:34:32.0014 3944 NisSrv - ok

22:34:32.0058 3944 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:34:32.0062 3944 NlaSvc - ok

22:34:32.0084 3944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:34:32.0085 3944 Npfs - ok

22:34:32.0109 3944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

22:34:32.0111 3944 nsi - ok

22:34:32.0134 3944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:34:32.0135 3944 nsiproxy - ok

22:34:32.0210 3944 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:34:32.0227 3944 Ntfs - ok

22:34:32.0287 3944 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

22:34:32.0289 3944 NTIBackupSvc - ok

22:34:32.0338 3944 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys

22:34:32.0339 3944 NTIDrvr - ok

22:34:32.0381 3944 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

22:34:32.0400 3944 NTISchedulerSvc - ok

22:34:32.0425 3944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

22:34:32.0425 3944 Null - ok

22:34:32.0469 3944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:34:32.0472 3944 nvraid - ok

22:34:32.0491 3944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:34:32.0494 3944 nvstor - ok

22:34:32.0519 3944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:34:32.0521 3944 nv_agp - ok

22:34:32.0595 3944 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:34:32.0601 3944 odserv - ok

22:34:32.0635 3944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:34:32.0637 3944 ohci1394 - ok

22:34:32.0720 3944 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:34:32.0723 3944 ose - ok

22:34:32.0765 3944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:34:32.0771 3944 p2pimsvc - ok

22:34:32.0813 3944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

22:34:32.0820 3944 p2psvc - ok

22:34:32.0845 3944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

22:34:32.0847 3944 Parport - ok

22:34:32.0882 3944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:34:32.0884 3944 partmgr - ok

22:34:32.0898 3944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:34:32.0902 3944 PcaSvc - ok

22:34:32.0922 3944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

22:34:32.0924 3944 pci - ok

22:34:32.0951 3944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

22:34:32.0952 3944 pciide - ok

22:34:32.0970 3944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

22:34:32.0973 3944 pcmcia - ok

22:34:32.0995 3944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

22:34:32.0996 3944 pcw - ok

22:34:33.0017 3944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:34:33.0025 3944 PEAUTH - ok

22:34:33.0088 3944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:34:33.0090 3944 PerfHost - ok

22:34:33.0155 3944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

22:34:33.0170 3944 pla - ok

22:34:33.0218 3944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:34:33.0224 3944 PlugPlay - ok

22:34:33.0249 3944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:34:33.0251 3944 PNRPAutoReg - ok

22:34:33.0276 3944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:34:33.0279 3944 PNRPsvc - ok

22:34:33.0328 3944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:34:33.0335 3944 PolicyAgent - ok

22:34:33.0365 3944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

22:34:33.0368 3944 Power - ok

22:34:33.0395 3944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:34:33.0397 3944 PptpMiniport - ok

22:34:33.0429 3944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

22:34:33.0431 3944 Processor - ok

22:34:33.0471 3944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

22:34:33.0476 3944 ProfSvc - ok

22:34:33.0492 3944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:34:33.0494 3944 ProtectedStorage - ok

22:34:33.0550 3944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:34:33.0551 3944 Psched - ok

22:34:33.0609 3944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

22:34:33.0663 3944 ql2300 - ok

22:34:33.0670 3944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

22:34:33.0673 3944 ql40xx - ok

22:34:33.0711 3944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

22:34:33.0715 3944 QWAVE - ok

22:34:33.0751 3944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:34:33.0753 3944 QWAVEdrv - ok

22:34:33.0758 3944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:34:33.0761 3944 RasAcd - ok

22:34:33.0794 3944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:34:33.0796 3944 RasAgileVpn - ok

22:34:33.0825 3944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

22:34:33.0828 3944 RasAuto - ok

22:34:33.0875 3944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:34:33.0877 3944 Rasl2tp - ok

22:34:33.0939 3944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

22:34:33.0944 3944 RasMan - ok

22:34:33.0981 3944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:34:33.0983 3944 RasPppoe - ok

22:34:34.0007 3944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:34:34.0008 3944 RasSstp - ok

22:34:34.0028 3944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:34:34.0031 3944 rdbss - ok

22:34:34.0054 3944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:34:34.0055 3944 rdpbus - ok

22:34:34.0076 3944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:34:34.0077 3944 RDPCDD - ok

22:34:34.0093 3944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:34:34.0094 3944 RDPENCDD - ok

22:34:34.0110 3944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:34:34.0111 3944 RDPREFMP - ok

22:34:34.0142 3944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:34:34.0146 3944 RDPWD - ok

22:34:34.0206 3944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:34:34.0209 3944 rdyboost - ok

22:34:34.0237 3944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:34:34.0239 3944 RemoteAccess - ok

22:34:34.0269 3944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:34:34.0273 3944 RemoteRegistry - ok

22:34:34.0288 3944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:34:34.0291 3944 RpcEptMapper - ok

22:34:34.0302 3944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

22:34:34.0304 3944 RpcLocator - ok

22:34:34.0346 3944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

22:34:34.0353 3944 RpcSs - ok

22:34:34.0396 3944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:34:34.0398 3944 rspndr - ok

22:34:34.0445 3944 [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

22:34:34.0449 3944 RSUSBSTOR - ok

22:34:34.0470 3944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

22:34:34.0471 3944 SamSs - ok

22:34:34.0515 3944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:34:34.0517 3944 sbp2port - ok

22:34:34.0551 3944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:34:34.0555 3944 SCardSvr - ok

22:34:34.0585 3944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:34:34.0586 3944 scfilter - ok

22:34:34.0646 3944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

22:34:34.0659 3944 Schedule - ok

22:34:34.0695 3944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:34:34.0696 3944 SCPolicySvc - ok

22:34:34.0720 3944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:34:34.0724 3944 SDRSVC - ok

22:34:34.0807 3944 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

22:34:34.0810 3944 SeaPort - ok

22:34:34.0838 3944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:34:34.0840 3944 secdrv - ok

22:34:34.0876 3944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

22:34:34.0878 3944 seclogon - ok

22:34:34.0908 3944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

22:34:34.0910 3944 SENS - ok

22:34:34.0931 3944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:34:34.0933 3944 SensrSvc - ok

22:34:34.0951 3944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:34:34.0952 3944 Serenum - ok

22:34:34.0966 3944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:34:34.0968 3944 Serial - ok

22:34:35.0005 3944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

22:34:35.0007 3944 sermouse - ok

22:34:35.0051 3944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

22:34:35.0055 3944 SessionEnv - ok

22:34:35.0094 3944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

22:34:35.0096 3944 sffdisk - ok

22:34:35.0114 3944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:34:35.0115 3944 sffp_mmc - ok

22:34:35.0126 3944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

22:34:35.0127 3944 sffp_sd - ok

22:34:35.0157 3944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

22:34:35.0158 3944 sfloppy - ok

22:34:35.0182 3944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:34:35.0187 3944 SharedAccess - ok

22:34:35.0232 3944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:34:35.0238 3944 ShellHWDetection - ok

22:34:35.0244 3944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:34:35.0246 3944 SiSRaid2 - ok

22:34:35.0255 3944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

22:34:35.0257 3944 SiSRaid4 - ok

22:34:35.0267 3944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:34:35.0269 3944 Smb - ok

22:34:35.0313 3944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:34:35.0316 3944 SNMPTRAP - ok

22:34:35.0332 3944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

22:34:35.0333 3944 spldr - ok

22:34:35.0383 3944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

22:34:35.0390 3944 Spooler - ok

22:34:35.0486 3944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

22:34:35.0566 3944 sppsvc - ok

22:34:35.0615 3944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:34:35.0618 3944 sppuinotify - ok

22:34:35.0670 3944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

22:34:35.0675 3944 srv - ok

22:34:35.0710 3944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:34:35.0715 3944 srv2 - ok

22:34:35.0729 3944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:34:35.0732 3944 srvnet - ok

22:34:35.0762 3944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:34:35.0766 3944 SSDPSRV - ok

22:34:35.0779 3944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:34:35.0782 3944 SstpSvc - ok

22:34:35.0818 3944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

22:34:35.0820 3944 stexstor - ok

22:34:35.0866 3944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

22:34:35.0874 3944 stisvc - ok

22:34:35.0912 3944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

22:34:35.0912 3944 swenum - ok

22:34:35.0951 3944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

22:34:35.0958 3944 swprv - ok

22:34:36.0007 3944 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

22:34:36.0009 3944 SynTP - ok

22:34:36.0079 3944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

22:34:36.0099 3944 SysMain - ok

22:34:36.0133 3944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:34:36.0136 3944 TabletInputService - ok

22:34:36.0163 3944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

22:34:36.0168 3944 TapiSrv - ok

22:34:36.0196 3944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

22:34:36.0198 3944 TBS - ok

22:34:36.0263 3944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:34:36.0283 3944 Tcpip - ok

22:34:36.0326 3944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:34:36.0337 3944 TCPIP6 - ok

22:34:36.0376 3944 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:34:36.0377 3944 tcpipreg - ok

22:34:36.0413 3944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:34:36.0414 3944 TDPIPE - ok

22:34:36.0454 3944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:34:36.0456 3944 TDTCP - ok

22:34:36.0492 3944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:34:36.0494 3944 tdx - ok

22:34:36.0511 3944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

22:34:36.0512 3944 TermDD - ok

22:34:36.0544 3944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

22:34:36.0555 3944 TermService - ok

22:34:36.0584 3944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

22:34:36.0587 3944 Themes - ok

22:34:36.0636 3944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

22:34:36.0638 3944 THREADORDER - ok

22:34:36.0653 3944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

22:34:36.0656 3944 TrkWks - ok

22:34:36.0719 3944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:34:36.0722 3944 TrustedInstaller - ok

22:34:36.0767 3944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:34:36.0768 3944 tssecsrv - ok

22:34:36.0826 3944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

22:34:36.0828 3944 TsUsbFlt - ok

22:34:36.0899 3944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:34:36.0900 3944 tunnel - ok

22:34:36.0921 3944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

22:34:36.0923 3944 uagp35 - ok

22:34:36.0951 3944 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

22:34:36.0952 3944 UBHelper - ok

22:34:36.0997 3944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:34:37.0001 3944 udfs - ok

22:34:37.0042 3944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:34:37.0045 3944 UI0Detect - ok

22:34:37.0065 3944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:34:37.0067 3944 uliagpkx - ok

22:34:37.0110 3944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

22:34:37.0112 3944 umbus - ok

22:34:37.0131 3944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

22:34:37.0133 3944 UmPass - ok

22:34:37.0216 3944 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe

22:34:37.0221 3944 Updater Service - ok

22:34:37.0261 3944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

22:34:37.0267 3944 upnphost - ok

22:34:37.0298 3944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:34:37.0300 3944 usbccgp - ok

22:34:37.0329 3944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:34:37.0331 3944 usbcir - ok

22:34:37.0347 3944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:34:37.0348 3944 usbehci - ok

22:34:37.0365 3944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:34:37.0369 3944 usbhub - ok

22:34:37.0384 3944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:34:37.0385 3944 usbohci - ok

22:34:37.0411 3944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:34:37.0413 3944 usbprint - ok

22:34:37.0434 3944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:34:37.0436 3944 USBSTOR - ok

22:34:37.0461 3944 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:34:37.0462 3944 usbuhci - ok

22:34:37.0510 3944 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

22:34:37.0513 3944 usbvideo - ok

22:34:37.0546 3944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

22:34:37.0548 3944 UxSms - ok

22:34:37.0559 3944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

22:34:37.0560 3944 VaultSvc - ok

22:34:37.0593 3944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

22:34:37.0594 3944 vdrvroot - ok

22:34:37.0645 3944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

22:34:37.0652 3944 vds - ok

22:34:37.0677 3944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:34:37.0679 3944 vga - ok

22:34:37.0699 3944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

22:34:37.0701 3944 VgaSave - ok

22:34:37.0730 3944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

22:34:37.0733 3944 vhdmp - ok

22:34:37.0753 3944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

22:34:37.0754 3944 viaide - ok

22:34:37.0775 3944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:34:37.0776 3944 volmgr - ok

22:34:37.0825 3944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:34:37.0830 3944 volmgrx - ok

22:34:37.0844 3944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:34:37.0848 3944 volsnap - ok

22:34:37.0885 3944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

22:34:37.0887 3944 vsmraid - ok

22:34:37.0948 3944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

22:34:37.0966 3944 VSS - ok

22:34:37.0979 3944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

22:34:37.0980 3944 vwifibus - ok

22:34:37.0992 3944 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

22:34:37.0994 3944 vwififlt - ok

22:34:38.0032 3944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

22:34:38.0038 3944 W32Time - ok

22:34:38.0063 3944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

22:34:38.0065 3944 WacomPen - ok

22:34:38.0123 3944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:34:38.0125 3944 WANARP - ok

22:34:38.0130 3944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:34:38.0131 3944 Wanarpv6 - ok

22:34:38.0201 3944 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:34:38.0214 3944 WatAdminSvc - ok

22:34:38.0265 3944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

22:34:38.0283 3944 wbengine - ok

22:34:38.0331 3944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:34:38.0335 3944 WbioSrvc - ok

22:34:38.0368 3944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:34:38.0374 3944 wcncsvc - ok

22:34:38.0401 3944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:34:38.0404 3944 WcsPlugInService - ok

22:34:38.0446 3944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

22:34:38.0448 3944 Wd - ok

22:34:38.0503 3944 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:34:38.0511 3944 Wdf01000 - ok

22:34:38.0545 3944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:34:38.0550 3944 WdiServiceHost - ok

22:34:38.0555 3944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:34:38.0558 3944 WdiSystemHost - ok

22:34:38.0595 3944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

22:34:38.0600 3944 WebClient - ok

22:34:38.0667 3944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:34:38.0672 3944 Wecsvc - ok

22:34:38.0683 3944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:34:38.0687 3944 wercplsupport - ok

22:34:38.0716 3944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

22:34:38.0719 3944 WerSvc - ok

22:34:38.0741 3944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:34:38.0742 3944 WfpLwf - ok

22:34:38.0776 3944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:34:38.0777 3944 WIMMount - ok

22:34:38.0799 3944 WinDefend - ok

22:34:38.0806 3944 WinHttpAutoProxySvc - ok

22:34:38.0857 3944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:34:38.0861 3944 Winmgmt - ok

22:34:38.0933 3944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

22:34:38.0955 3944 WinRM - ok

22:34:39.0022 3944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

22:34:39.0035 3944 Wlansvc - ok

22:34:39.0078 3944 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

22:34:39.0080 3944 wlcrasvc - ok

22:34:39.0229 3944 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:34:39.0253 3944 wlidsvc - ok

22:34:39.0291 3944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:34:39.0292 3944 WmiAcpi - ok

22:34:39.0332 3944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:34:39.0335 3944 wmiApSrv - ok

22:34:39.0370 3944 WMPNetworkSvc - ok

22:34:39.0404 3944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:34:39.0407 3944 WPCSvc - ok

22:34:39.0449 3944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:34:39.0453 3944 WPDBusEnum - ok

22:34:39.0484 3944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:34:39.0486 3944 ws2ifsl - ok

22:34:39.0508 3944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

22:34:39.0512 3944 wscsvc - ok

22:34:39.0517 3944 WSearch - ok

22:34:39.0613 3944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

22:34:39.0639 3944 wuauserv - ok

22:34:39.0673 3944 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:34:39.0675 3944 WudfPf - ok

22:34:39.0720 3944 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:34:39.0723 3944 WUDFRd - ok

22:34:39.0754 3944 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:34:39.0757 3944 wudfsvc - ok

22:34:39.0783 3944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

22:34:39.0788 3944 WwanSvc - ok

22:34:39.0813 3944 ================ Scan global ===============================

22:34:39.0846 3944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

22:34:39.0886 3944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

22:34:39.0896 3944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

22:34:39.0920 3944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

22:34:39.0957 3944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

22:34:39.0962 3944 [Global] - ok

22:34:39.0963 3944 ================ Scan MBR ==================================

22:34:39.0980 3944 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

22:34:40.0137 3944 \Device\Harddisk0\DR0 - ok

22:34:40.0137 3944 ================ Scan VBR ==================================

22:34:40.0141 3944 [ 70D8ACFC778603D869915AEB4FC069A3 ] \Device\Harddisk0\DR0\Partition1

22:34:40.0143 3944 \Device\Harddisk0\DR0\Partition1 - ok

22:34:40.0171 3944 [ D2F1021481EDBE6B89C52BB402739E6D ] \Device\Harddisk0\DR0\Partition2

22:34:40.0172 3944 \Device\Harddisk0\DR0\Partition2 - ok

22:34:40.0172 3944 ============================================================

22:34:40.0172 3944 Scan finished

22:34:40.0172 3944 ============================================================

22:34:40.0186 3844 Detected object count: 0

22:34:40.0186 3844 Actual detected object count: 0

22:34:47.0995 4716 Deinitialize success


It said nothing was found, which is great.


the laptop seems fine now. The only thing that concerns me is a program called "AllMyApps Manager" keeps trying to open on every boot and requests permission to open itself. If that makes sense?


But apart from that all seems great.


Thanks for your help.


I ha a look in add/remove programs, it doesn't show on the list.


If its just an annoyance rather than anything malicious then it can stay, it's not my laptop after all.


What would you suggest?





The fact that it doesn't have an uninstall makes me want to remove it. Nothing good would not let you uninstall it you so chose. Copy/Paste the following into the OTL Custom Scan/Fix text field and then press Run Fix.

[color=#333333]O4 - HKCU..\Run: [Allmyapps] C:\Program Files (x86)\Allmyapps\AllmyappsNotifier.exe (Allmyapps)
[/color][color=#333333]C:\Program Files (x86)\Allmyapps\


Once it's done running, please run an OTL quick scan and post the resulting log into your reply. Let me know if there are any more issues. If not, we'll clean up in my final set of instructions.




Hi etavares,


Ran the OTL fix for AllMyApps, then rebooted. AllMyApps appears to be gone, which is great. a log was produced:


========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Allmyapps deleted successfully.

C:\Program Files (x86)\Allmyapps\AllmyappsNotifier.exe moved successfully.

========== FILES ==========

Folder move failed. C:\Program Files (x86)\Allmyapps scheduled to be moved on reboot.


OTL by OldTimer - Version log created on 02032013_193933



Files\Folders moved on Reboot...

C:\Program Files (x86)\Allmyapps folder moved successfully.



PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Also ran a quick scan on OTL as requested :



OTL logfile created on: 03/02/2013 19:45:44 - Run 3

OTL by OldTimer - Version Folder = C:\Users\Iain\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy


2.93 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 58.90% Memory free

5.86 Gb Paging File | 4.33 Gb Available in Paging File | 73.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.78 Gb Total Space | 152.45 Gb Free Space | 69.05% Space Free | Partition Type: NTFS


Computer Name: IAIN-PC | User Name: Iain | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


========== Processes (SafeList) ==========


PRC - C:\Users\Iain\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe (Visicom Media Inc.)

PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)



========== Modules (No Company Name) ==========


MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()



========== Services (SafeList) ==========


SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)



========== Driver Services (SafeList) ==========


DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========


IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5732z&r=27360910f105l0494z175t44l2d41s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB399GB399

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files (x86)\Panda Security\Panda ID Protect\Firefox [2010/11/30 13:34:34 | 000,000,000 | ---D | M]



========== Chrome ==========


CHR - homepage: http://www.google.com

CHR - default_search_provider: Ask (Enabled)

CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=649DB339-EC0F-4997-B862-36F816898F34&apn_ptnrs=U4&apn_sauid=DD706B50-91B6-44E4-A3D3-357E1A2C2EFF&apn_dtid=OSJ000YYUK&q={searchTerms}

CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [Panda Security Toolbar Antiphishing] C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe (Visicom Media Inc.)

O4 - Startup: C:\Users\Iain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E8197FE-1447-4B60-9413-2298ECCA4308}: DhcpNameServer =

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========


[2013/02/03 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{793298ED-0F88-450F-8042-6EE4FA81CDBB}

[2013/02/01 22:32:30 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{E5CFD061-190D-43B8-A8D7-E9B3EFCA908E}

[2013/01/31 16:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/01/31 15:46:54 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/01/31 14:28:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2013/01/31 14:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2013/01/31 14:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2013/01/31 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{42BB9FFA-1DE5-42E6-89F1-17BC1FD6ED00}

[2013/01/31 08:00:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Iain\Desktop\OTL.scr

[2013/01/31 01:08:07 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{C2D8DA9A-34C4-4CE3-B639-5711313FAC4A}

[2013/01/30 16:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2013/01/30 16:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/01/30 13:07:32 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{4D861D4E-DA50-4A02-ACBA-974ABDEB5EAA}

[2013/01/25 18:23:35 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\Programs

[2013/01/25 18:20:36 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{E6AA4C24-296A-4C0E-A1FD-20D60A2EF10A}

[2013/01/11 13:28:58 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{FFB2D376-5985-4650-8354-AE4E4CC0D83D}

[2013/01/11 13:24:46 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{7B40FC97-B95C-48E0-9E1D-33971AC67B1D}

[2013/01/10 16:54:48 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{5A165E3C-C452-40EA-BC64-C0025DA957DF}

[2013/01/09 17:57:23 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{E87412D8-5978-4A4C-B070-75F7240A72BD}

[2013/01/08 22:19:59 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{02A8C73A-6B99-4CEF-B028-B69E3D0F0A59}

[2013/01/08 21:34:09 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{6A95E278-6749-4DA7-BAAC-AADEE5653EB2}

[2013/01/08 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{2CFCB0C4-E876-464C-AC7C-4D48E2481836}

[2013/01/08 21:22:16 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{34DB199A-2D84-4B67-8BF2-41F1B5503ABF}

[2013/01/06 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{8BB3632D-C663-4CA8-9316-6947BD63F086}

[2013/01/05 14:18:14 | 000,000,000 | ---D | C] -- C:\Users\Iain\AppData\Local\{54775E80-C3ED-4F01-B944-05BC59FF2F75}

[2009/11/03 04:04:33 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe


========== Files - Modified Within 30 Days ==========


[2013/02/03 19:49:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/03 19:49:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/03 19:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/03 19:40:18 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/31 14:27:45 | 000,001,112 | ---- | M] () -- C:\Users\Iain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2013/01/31 08:00:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Iain\Desktop\OTL.scr

[2013/01/30 16:41:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/01/30 13:32:05 | 000,751,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/30 13:32:05 | 000,627,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/30 13:32:05 | 000,114,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/01/25 18:23:54 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/12 21:22:47 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/12 21:22:28 | 000,425,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/01/11 13:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/11 13:21:23 | 238,459,467 | ---- | M] () -- C:\Windows\MEMORY.DMP


========== Files Created - No Company Name ==========


[2013/01/31 14:27:45 | 000,001,112 | ---- | C] () -- C:\Users\Iain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2013/01/30 16:41:02 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/01/30 16:40:51 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/01/25 18:23:54 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/12 19:27:18 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat

[2012/12/12 19:27:18 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat

[2010/10/11 15:49:35 | 000,000,000 | ---- | C] () -- C:\Users\Iain\AppData\Roaming\wklnhst.dat


========== ZeroAccess Check ==========


[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64




[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64




[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment



"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free



"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both




========== LOP Check ==========


[2010/10/11 15:27:10 | 000,000,000 | -HSD | M] -- C:\Users\Iain\AppData\Roaming\.#

[2012/09/24 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\Allmyapps

[2010/10/05 21:12:11 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\GameConsole

[2010/12/06 17:03:52 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\LEGO Company

[2010/11/30 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\Panda Security

[2010/11/30 13:34:28 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\SurfSecret Privacy Suite

[2011/04/19 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Iain\AppData\Roaming\Windows Live Writer


========== Purity Check ==========





< End of report >


I don't have any other concerns with the machine, it seems fine to me, and I really appreciate your time.





Hello, BreatGritain.



In that case, let's clean up our mess.





Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!







Step 1



Next, we need to remove the other tools we have used.

  • Please download OTC by OldTimer and save it to you desktop
  • Doubleclick the http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpg icon to start the program.
  • Then, click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.







Step 2



We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.

  1. Go to Start and type in SystemPropertiesProtection and run that program.
  2. Select the System Protection tab.
  3. Press Create.
  4. Give the restore point a name and press create.
  5. You'll see it work, then say that it was created sucessfully.





Now, we need to remove the old, infected points using DiskCleanup.

  1. Click on Start --> My Computer
  2. Right-click on C: and select Properties.
  3. Click on Disk Cleanup.
  4. Double-click Files from all users on this computer.
  5. Click Clean System Files button. It will scan more more. A More Options tab will appear when done.
  6. Click on More Options tab and press Clean Up... under System Restore and Shadow Copies.
  7. Click OK.
  8. You'll get a couple of prompts asking if you're sure you want do to this, select Yes for them.
  9. Disk cleanup will remove those restore points and close itself.



If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.





Optional Items



Please take the time to read below to secure your machine and take the necessary steps to keep it that way.





System Still Slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware



Protect yourself from malicious sites



The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.









Keep Windows Up to Date

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.







Update your AntiVirus Software



It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.





Make sure your applications have all of their updates



It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.













Update all these programs regularly

Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.



Follow this list and your potential for being infected again will reduce dramatically.



Good luck!




Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...