Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chome, Microsoft Word and others won't start


  • This topic is locked This topic is locked
13 replies to this topic

#1 niamh808

niamh808

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 11 January 2013 - 05:19 AM

Hi,
My computer won't start a lot of programmes on my computer and I'm not sure what's wrong. They were all working fine yesterday but when I turned on my computer today, they wouldn't start. No error box comes up when I start the pogrammes. They show in the proccess box of task manager but they aren't running.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Niamh at 9:59:35 on 2013-01-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3000.1527 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Niamh\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\GfxUI.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Niamh\AppData\Local\Akamai\netsession_win.exe
C:\Users\Niamh\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://isearch.avg.com/?cid={D4179D91-FB1D-4A29-91FA-F699E6AF7EC9}&mid=475485069bca541e4b2a899b442c283b-8ddfb59deeaf357e4d1a50c6fb62e7c2963feaca&lang=en&ds=ft011&pr=sa&d=2012-05-20 17:36:05&v=12.2.5.32&sap=hp
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&s=2&o=vp32&d=0709&m=travelmate_5730
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\users\niamh\appdata\roaming\media finder\extensions\gencrawler_gc.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\users\niamh\appdata\roaming\free download manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: smartdownloader Class: {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - c:\program files\putlockerdownloader\smarterdownloader.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\utorrentbar\prxtbuTor.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "c:\users\niamh\appdata\local\akamai\netsession_win.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\niamh\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - c:\users\niamh\appdata\roaming\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\users\niamh\appdata\roaming\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\users\niamh\appdata\roaming\free download manager\dlfvideo.htm
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Download with Free Download Manager - c:\users\niamh\appdata\roaming\free download manager\dllink.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0A28F1EB-0E67-4570-9FB8-4CA4C692B4A2} : DHCPNameServer = 89.19.64.36 89.19.64.164
TCP: Interfaces\{29F92B77-AE94-4EF1-90DB-95C0A497A103} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{53847FFA-4770-4F32-B02F-D520082521F5} : DHCPNameServer = 89.19.64.36 89.19.64.164
TCP: Interfaces\{BDD047B0-6708-4CD0-9078-8DD9665FDB80} : DHCPNameServer = 89.19.64.36 89.19.64.164
TCP: Interfaces\{CEA7D3BF-D8FF-4C67-80D2-1E52F99EC23D} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-29 26984]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-29 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2010-5-26 74752]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 NETwNv32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwNv32.sys [2011-10-31 7346176]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-4-8 43736]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2010-11-19 6144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca25c6e81dde29;Google Update Service (gupdate1ca25c6e81dde29);c:\program files\google\update\GoogleUpdate.exe [2009-8-25 133104]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\drivers\ACTIVhidmini.sys [2010-11-19 84864]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-7-21 29472]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-9-18 112640]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-25 30192]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-9-18 101120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2008-5-7 17968]
.
=============== Created Last 30 ================
.
2013-01-11 09:52:31 -------- d-----w- c:\users\niamh\appdata\local\{22D53DC3-D71C-4BC8-B7CB-FE15D8BC7EC4}
2013-01-10 14:07:43 -------- d-----w- c:\users\niamh\appdata\local\{FCE07B81-2FA2-45CE-AB98-A04A0D6741CA}
2013-01-10 11:20:23 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0650e462-85f1-440d-bf3b-4513f62ad2a5}\mpengine.dll
2013-01-09 23:33:08 -------- d-----w- c:\users\niamh\appdata\local\{44865B02-77F1-4E07-9E4D-1F0BE7D8CB21}
2013-01-09 10:26:26 6812136 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-09 10:22:13 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 10:21:39 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 10:21:37 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 20:28:26 -------- d-----w- c:\users\niamh\appdata\local\{8DBEE1CA-6636-4FB3-86E6-B95648A58BCA}
2013-01-06 17:54:00 -------- d-----w- c:\users\niamh\appdata\local\temp
2013-01-06 17:53:09 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-06 12:40:00 98816 ----a-w- c:\windows\sed.exe
2013-01-06 12:40:00 256000 ----a-w- c:\windows\PEV.exe
2013-01-06 12:40:00 208896 ----a-w- c:\windows\MBR.exe
2013-01-06 12:15:24 -------- d-----w- c:\users\niamh\appdata\roaming\PeerNetworking
2013-01-06 12:00:04 -------- d-----w- c:\users\niamh\appdata\local\{7D04DF31-943B-483A-B1B8-629D4536B6DC}
2013-01-04 12:26:28 -------- d-----w- c:\users\niamh\appdata\local\{7EE29208-368F-462C-B063-F7D99E183FAF}
2013-01-03 22:59:40 -------- d-----w- c:\users\niamh\appdata\local\{6FD0E408-49DE-4930-9B80-D7A1F6DEB53B}
2013-01-02 12:50:31 -------- d-----w- c:\users\niamh\appdata\local\{CC3AA885-67D5-4670-BA8E-8DC7A6ADD620}
2012-12-30 23:46:01 -------- d-----w- c:\users\niamh\appdata\local\{C8FE5444-CC49-4A12-8502-18AD7914306B}
2012-12-30 11:45:58 -------- d-----w- c:\users\niamh\appdata\local\{2A9D8307-710E-4C2C-B3C2-7F6A57A8BFFB}
2012-12-27 18:24:41 -------- d-----w- c:\users\niamh\appdata\local\{ED6F93FE-0FA1-4EA4-BE45-44D1854D98D5}
2012-12-23 12:52:07 -------- d-----w- c:\users\niamh\appdata\local\{9CE38C6B-FE11-470F-82A5-29FAF6F9F2C2}
2012-12-22 16:20:00 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 16:19:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 16:18:57 -------- d-----w- c:\users\niamh\appdata\local\{0C01A678-FD2E-4759-AB93-17A896D4461A}
2012-12-19 18:19:41 -------- d-----w- c:\users\niamh\appdata\local\{408F2371-BD5F-4F0F-B360-B434575BF4CC}
2012-12-18 12:49:25 -------- d-----w- c:\users\niamh\appdata\local\{A748B671-26B3-4596-90AE-364BBADBDBF0}
2012-12-17 20:15:33 -------- d-----w- c:\program files\iPod
2012-12-17 20:15:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-17 19:49:34 -------- d-----w- c:\users\niamh\appdata\local\{24565E0F-96AE-4D1E-B1A3-A36FF9D6A5FD}
2012-12-16 18:26:10 -------- d-----w- c:\users\niamh\appdata\local\{F4EFAE65-CEC9-4B65-AFE7-741BA0D9A496}
2012-12-14 16:28:58 -------- d-----w- c:\users\niamh\appdata\local\{10167815-1F9C-41D1-B883-426857FC96B6}
2012-12-12 15:49:34 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 15:49:26 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 15:49:26 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 15:49:26 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 15:49:25 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 15:49:25 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 15:49:23 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 15:49:22 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 15:49:21 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 15:49:21 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 15:49:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 15:43:49 -------- d-----w- c:\users\niamh\appdata\local\{579FDB42-78CE-4413-BB13-06879EC4FC82}
.
==================== Find3M ====================
.
2013-01-08 21:32:42 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 21:32:42 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-07 17:52:33 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-12-05 13:04:51 66560 ----a-w- c:\windows\system32\drivers\SMB.SYS
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 19:18:00 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 10:00:50.45 ===============

Sorry for the multiple attach uploads.... I didn't think they had uploaded.
Thanks
-Niamh

Attached Files


Edited by Oh My, 15 January 2013 - 09:46 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 AM

Posted 15 January 2013 - 09:36 PM

Greetings Niamh and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this for me.


===================================================


Obtaining Current ComboFix.txt

--------------------

It appears Combofix was run on 1-6-13. Please copy and paste the contents of the following file in your reply.

C:\ComboFix.txt


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    Posted Image
  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • TDSSKiller log
  • aswMBR log

Edited by Oh My, 15 January 2013 - 09:46 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 niamh808

niamh808
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 January 2013 - 06:18 AM

Hi Gary,
Since my last post I restarted my computer a couple of times and my programmes are working again. This problem has happened me once before and the only way I could fix it then was using combofix. I'm not sure what caused either problems or how they were fixed and because there is no "problem" with my computer now, I'm not sure if you can figure it out. I ran the tests you asked for and I'll post the results below- I am unsure whether there is an underlying problem and realise that you have a lot of people to help so if you can't do anything for me, it's okay.

Combofix.txt
ComboFix 13-01-05.01 - Niamh 06/01/2013 17:35:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3000.1969 [GMT 0:00]
Running from: f:\desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 17:46 . 2013-01-06 17:47 -------- d-----w- c:\users\Niamh\AppData\Local\temp
2013-01-06 17:46 . 2013-01-06 17:46 -------- d-----w- c:\users\Main\AppData\Local\temp
2013-01-06 17:46 . 2013-01-06 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-06 17:21 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EE94079-6FB2-4B52-B2A2-36AB208A2EC0}\mpengine.dll
2013-01-06 12:15 . 2013-01-06 12:15 -------- d-----w- c:\users\Niamh\AppData\Roaming\PeerNetworking
2013-01-05 15:17 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-28 11:20 . 2012-12-28 11:20 -------- d-----w- c:\users\Niamh\AppData\Roaming\dvdcss
2012-12-22 16:20 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 16:19 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-17 20:15 . 2012-12-17 20:15 -------- d-----w- c:\program files\iPod
2012-12-17 20:15 . 2012-12-17 20:16 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-12 15:49 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 15:49 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 15:49 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 15:49 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 15:49 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 15:49 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 15:49 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 15:49 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 15:49 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 15:49 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 15:49 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-11 18:30 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-11 18:30 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 18:30 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-11 18:30 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-11 18:30 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-30 11:55 . 2009-08-25 13:49 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-12-11 19:32 . 2012-10-06 17:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 19:32 . 2011-05-17 12:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-05 13:04 . 2009-10-31 00:04 66560 ----a-w- c:\windows\system32\drivers\SMB.SYS
2012-11-29 17:09 . 2012-11-29 17:10 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60A1681C-196A-4842-8150-76C2BAB7D070}\gapaengine.dll
2012-11-09 19:18 . 2012-08-29 14:23 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-03 23:26 . 2012-11-03 23:26 161792 ----a-w- c:\windows\system32\msls31.dll
2012-11-03 23:26 . 2012-11-03 23:26 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-03 23:26 . 2012-11-03 23:26 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-03 23:26 . 2012-11-03 23:26 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-03 23:26 . 2012-11-03 23:26 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-11-03 23:26 . 2012-11-03 23:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-03 23:26 . 2012-11-03 23:26 367104 ----a-w- c:\windows\system32\html.iec
2012-11-03 23:26 . 2012-11-03 23:26 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-11-03 23:26 . 2012-11-03 23:26 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-03 23:26 . 2012-11-03 23:26 152064 ----a-w- c:\windows\system32\wextract.exe
2012-11-03 23:26 . 2012-11-03 23:26 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-11-03 23:26 . 2012-11-03 23:26 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-11-03 23:26 . 2012-11-03 23:26 11776 ----a-w- c:\windows\system32\mshta.exe
2012-11-03 23:26 . 2012-11-03 23:26 101888 ----a-w- c:\windows\system32\admparse.dll
2012-11-03 23:26 . 2012-11-03 23:26 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 19:17 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19 244328 ----a-w- c:\program files\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Akamai NetSession Interface"="c:\users\Niamh\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-25 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Niamh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-12-17 13:41 1094000 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 06:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 17:27 138096 ----atw- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2012-05-14 10:28 6149120 ----a-w- c:\users\Niamh\AppData\Roaming\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-16 19:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-25 13:06 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HF_G_Jul]
2012-07-18 21:58 36960 ----a-w- c:\program files\AVG Secure Search\HF_G_Jul.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 19:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 13:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_JULY_P1]
2012-08-29 14:25 1022048 ----a-w- c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-25 12:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-10-04 16:08 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-11-09 19:17 997320 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\DRIVERS\ACTIVhidmini.sys [x]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 19:32]
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2341527237-2102622955-2869244792-1003Core.job
- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-12 17:27]
.
2013-01-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2341527237-2102622955-2869244792-1003UA.job
- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-12 17:27]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 20:58]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 20:58]
.
2013-01-06 c:\windows\Tasks\ReclaimerUpdateFiles_Niamh.job
- c:\users\Niamh\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 20:39]
.
2013-01-02 c:\windows\Tasks\ReclaimerUpdateXML_Niamh.job
- c:\users\Niamh\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 20:39]
.
2013-01-06 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Niamh.job
- c:\users\Niamh\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-17 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={D4179D91-FB1D-4A29-91FA-F699E6AF7EC9}&mid=475485069bca541e4b2a899b442c283b-8ddfb59deeaf357e4d1a50c6fb62e7c2963feaca&lang=en&ds=ft011&pr=sa&d=2012-05-20 17:36&v=12.2.5.32&sap=hp
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&s=2&o=vp32&d=0709&m=travelmate_5730
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlfvideo.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Download with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 17:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%]*ø*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%]*ø*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\SecuROM\License information*]
"datasecu"=hex:2a,a8,9c,20,2f,56,cb,c2,98,b7,f7,da,68,e7,11,55,f5,ee,1e,a8,77,
60,3b,81,5c,c8,bd,76,7c,d2,6f,d5,03,83,97,d0,f0,f9,af,59,8a,d5,0d,e2,1e,c6,\
"rkeysecu"=hex:4c,bd,6b,8a,23,2b,8b,2d,73,d1,17,5b,b9,ca,05,3b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4308)
c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\System32\SysHook.dll
.
Completion time: 2013-01-06 17:53:51
ComboFix-quarantined-files.txt 2013-01-06 17:53
ComboFix2.txt 2013-01-06 13:20
.
Pre-Run: 24,874,893,312 bytes free
Post-Run: 24,656,809,984 bytes free
.
- - End Of File - - 06910691E3171A6AC12479D6D9EDD7E8

#4 niamh808

niamh808
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 January 2013 - 06:22 AM

TDSSKiller (there were 4 of these so I copied the most recent: They were all saved just a few minutes apart and I only ran it once)

09:58:39.0396 3316 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:58:39.0723 3316 ============================================================
09:58:39.0723 3316 Current date / time: 2013/01/16 09:58:39.0723
09:58:39.0723 3316 SystemInfo:
09:58:39.0723 3316
09:58:39.0723 3316 OS Version: 6.0.6002 ServicePack: 2.0
09:58:39.0723 3316 Product type: Workstation
09:58:39.0723 3316 ComputerName: NIAMH-PC
09:58:39.0723 3316 UserName: Niamh
09:58:39.0723 3316 Windows directory: C:\Windows
09:58:39.0723 3316 System windows directory: C:\Windows
09:58:39.0723 3316 Processor architecture: Intel x86
09:58:39.0723 3316 Number of processors: 2
09:58:39.0723 3316 Page size: 0x1000
09:58:39.0723 3316 Boot type: Normal boot
09:58:39.0723 3316 ============================================================
09:58:41.0658 3316 BG loaded
09:58:42.0141 3316 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:58:42.0141 3316 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:58:42.0297 3316 ============================================================
09:58:42.0297 3316 \Device\Harddisk0\DR0:
09:58:42.0297 3316 MBR partitions:
09:58:42.0297 3316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
09:58:42.0297 3316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
09:58:42.0297 3316 \Device\Harddisk1\DR1:
09:58:42.0297 3316 MBR partitions:
09:58:42.0297 3316 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
09:58:42.0297 3316 ============================================================
09:58:42.0453 3316 C: <-> \Device\Harddisk0\DR0\Partition1
09:58:43.0998 3316 D: <-> \Device\Harddisk0\DR0\Partition2
09:58:43.0998 3316 F: <-> \Device\Harddisk1\DR1\Partition1
09:58:44.0013 3316 ============================================================
09:58:44.0013 3316 Initialize success
09:58:44.0013 3316 ============================================================
09:58:54.0930 1652 ============================================================
09:58:54.0930 1652 Scan started
09:58:54.0930 1652 Mode: Manual;
09:58:54.0930 1652 ============================================================
09:59:00.0504 1652 ================ Scan system memory ========================
09:59:00.0504 1652 System memory - ok
09:59:00.0505 1652 ================ Scan services =============================
09:59:01.0060 1652 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:59:01.0064 1652 ACPI - ok
09:59:01.0171 1652 [ DD3B5BF2633FF510E9B5C8B0BFA1745D ] ACTIVhidmini C:\Windows\system32\DRIVERS\ACTIVhidmini.sys
09:59:01.0173 1652 ACTIVhidmini - ok
09:59:01.0250 1652 [ 975E7BB16739D09D0F565E3923361BB2 ] ActivHidSerMini C:\Windows\system32\DRIVERS\activhidsermini.sys
09:59:01.0251 1652 ActivHidSerMini - ok
09:59:01.0694 1652 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:59:01.0696 1652 AdobeARMservice - ok
09:59:01.0840 1652 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:59:01.0845 1652 AdobeFlashPlayerUpdateSvc - ok
09:59:01.0953 1652 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:59:01.0961 1652 adp94xx - ok
09:59:02.0017 1652 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:59:02.0026 1652 adpahci - ok
09:59:02.0054 1652 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:59:02.0056 1652 adpu160m - ok
09:59:02.0104 1652 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:59:02.0107 1652 adpu320 - ok
09:59:02.0197 1652 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:59:02.0197 1652 AeLookupSvc - ok
09:59:02.0265 1652 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:59:02.0266 1652 AFD - ok
09:59:02.0294 1652 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:59:02.0296 1652 agp440 - ok
09:59:02.0370 1652 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:59:02.0372 1652 aic78xx - ok
09:59:02.0571 1652 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
09:59:02.0571 1652 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
09:59:02.0580 1652 Akamai ( HiddenFile.Multi.Generic ) - warning
09:59:02.0580 1652 Akamai - detected HiddenFile.Multi.Generic (1)
09:59:02.0592 1652 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:59:02.0592 1652 ALG - ok
09:59:02.0650 1652 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
09:59:02.0651 1652 aliide - ok
09:59:02.0671 1652 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:59:02.0673 1652 amdagp - ok
09:59:02.0693 1652 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
09:59:02.0694 1652 amdide - ok
09:59:02.0715 1652 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:59:02.0716 1652 AmdK7 - ok
09:59:02.0735 1652 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:59:02.0737 1652 AmdK8 - ok
09:59:02.0825 1652 [ E8885F571251A058DCA0F058341B04C1 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
09:59:02.0827 1652 ApfiltrService - ok
09:59:02.0854 1652 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:59:02.0854 1652 Appinfo - ok
09:59:03.0024 1652 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:59:03.0027 1652 Apple Mobile Device - ok
09:59:03.0090 1652 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
09:59:03.0092 1652 arc - ok
09:59:03.0107 1652 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:59:03.0109 1652 arcsas - ok
09:59:03.0277 1652 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:59:03.0321 1652 aspnet_state - ok
09:59:03.0347 1652 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:59:03.0348 1652 AsyncMac - ok
09:59:03.0440 1652 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
09:59:03.0441 1652 atapi - ok
09:59:03.0561 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:59:03.0563 1652 AudioEndpointBuilder - ok
09:59:03.0572 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:59:03.0574 1652 Audiosrv - ok
09:59:03.0735 1652 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
09:59:03.0735 1652 avgtp - ok
09:59:03.0801 1652 [ 7D0F2BFA273831124FA08526AF48AF18 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:59:03.0802 1652 b57nd60x - ok
09:59:03.0986 1652 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
09:59:03.0989 1652 BBSvc - ok
09:59:04.0042 1652 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:59:04.0045 1652 BcmSqlStartupSvc - ok
09:59:04.0135 1652 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:59:04.0136 1652 Beep - ok
09:59:04.0188 1652 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:59:04.0190 1652 BFE - ok
09:59:04.0273 1652 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
09:59:04.0280 1652 BITS - ok
09:59:04.0312 1652 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:59:04.0313 1652 blbdrive - ok
09:59:04.0445 1652 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:59:04.0452 1652 Bonjour Service - ok
09:59:04.0570 1652 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:59:04.0570 1652 bowser - ok
09:59:04.0623 1652 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:59:04.0624 1652 BrFiltLo - ok
09:59:04.0683 1652 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:59:04.0684 1652 BrFiltUp - ok
09:59:04.0723 1652 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:59:04.0724 1652 Browser - ok
09:59:04.0768 1652 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:59:04.0770 1652 Brserid - ok
09:59:04.0790 1652 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:59:04.0792 1652 BrSerWdm - ok
09:59:04.0803 1652 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:59:04.0804 1652 BrUsbMdm - ok
09:59:04.0822 1652 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:59:04.0823 1652 BrUsbSer - ok
09:59:04.0880 1652 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
09:59:04.0882 1652 BthEnum - ok
09:59:04.0935 1652 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:59:04.0937 1652 BTHMODEM - ok
09:59:05.0022 1652 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:59:05.0025 1652 BthPan - ok
09:59:05.0122 1652 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
09:59:05.0131 1652 BTHPORT - ok
09:59:05.0201 1652 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
09:59:05.0202 1652 BthServ - ok
09:59:05.0313 1652 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
09:59:05.0314 1652 BTHUSB - ok
09:59:05.0390 1652 [ F97A9C093E79BF117D9F26F2D31DCA5E ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
09:59:05.0392 1652 btwaudio - ok
09:59:05.0427 1652 [ 143C4C1EE6D131ECA8B4AB5F80B3F910 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
09:59:05.0429 1652 btwavdt - ok
09:59:05.0787 1652 [ B6C870EE321AA8678198EA003DCFBB02 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:59:05.0791 1652 btwdins - ok
09:59:05.0869 1652 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
09:59:06.0018 1652 btwl2cap - ok
09:59:06.0136 1652 [ 97CF6C5D3B443344497F1F53E5D0ED50 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
09:59:06.0156 1652 btwrchid - ok
09:59:06.0251 1652 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
09:59:06.0251 1652 BUNAgentSvc - ok
09:59:06.0480 1652 catchme - ok
09:59:06.0539 1652 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:59:06.0541 1652 cdfs - ok
09:59:06.0582 1652 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:59:06.0583 1652 cdrom - ok
09:59:06.0636 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:59:06.0865 1652 CertPropSvc - ok
09:59:07.0002 1652 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
09:59:07.0004 1652 circlass - ok
09:59:07.0160 1652 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:59:07.0164 1652 CLFS - ok
09:59:07.0327 1652 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:59:07.0330 1652 clr_optimization_v2.0.50727_32 - ok
09:59:07.0435 1652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:59:07.0506 1652 clr_optimization_v4.0.30319_32 - ok
09:59:07.0575 1652 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:59:07.0575 1652 CmBatt - ok
09:59:07.0654 1652 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:59:07.0655 1652 cmdide - ok
09:59:07.0711 1652 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:59:07.0712 1652 Compbatt - ok
09:59:07.0718 1652 COMSysApp - ok
09:59:07.0758 1652 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:59:07.0759 1652 crcdisk - ok
09:59:07.0791 1652 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:59:07.0793 1652 Crusoe - ok
09:59:08.0084 1652 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:59:08.0085 1652 CryptSvc - ok
09:59:08.0176 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:59:08.0181 1652 DcomLaunch - ok
09:59:08.0263 1652 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:59:08.0264 1652 DfsC - ok
09:59:08.0339 1652 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:59:08.0416 1652 DFSR - ok
09:59:08.0483 1652 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:59:08.0485 1652 Dhcp - ok
09:59:08.0809 1652 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:59:08.0811 1652 disk - ok
09:59:08.0824 1652 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
09:59:08.0825 1652 DKbFltr - ok
09:59:09.0007 1652 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:59:09.0009 1652 Dnscache - ok
09:59:09.0104 1652 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:59:09.0106 1652 dot3svc - ok
09:59:09.0193 1652 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:59:09.0195 1652 DPS - ok
09:59:09.0213 1652 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:59:09.0214 1652 drmkaud - ok
09:59:09.0260 1652 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:59:09.0264 1652 DXGKrnl - ok
09:59:09.0308 1652 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:59:09.0310 1652 E1G60 - ok
09:59:09.0365 1652 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:59:09.0367 1652 EapHost - ok
09:59:09.0447 1652 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:59:09.0450 1652 Ecache - ok
09:59:09.0562 1652 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:59:09.0564 1652 ehRecvr - ok
09:59:09.0578 1652 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:59:09.0579 1652 ehSched - ok
09:59:09.0603 1652 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:59:09.0604 1652 ehstart - ok
09:59:09.0656 1652 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:59:09.0662 1652 elxstor - ok
09:59:09.0776 1652 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:59:09.0780 1652 EMDMgmt - ok
09:59:09.0824 1652 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:59:09.0826 1652 ErrDev - ok
09:59:09.0920 1652 [ A51FD9DF23720485991F56741BBEFCFB ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
09:59:09.0920 1652 ETService - ok
09:59:10.0012 1652 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:59:10.0014 1652 EventSystem - ok
09:59:10.0309 1652 [ 9D6A019DEA917F305AF23209FEDD5F16 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:59:10.0314 1652 EvtEng - ok
09:59:10.0400 1652 [ 1FC8C55255D197AA3A423624786D090C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
09:59:10.0402 1652 ewusbnet - ok
09:59:10.0462 1652 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:59:10.0466 1652 exfat - ok
09:59:10.0540 1652 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:59:10.0541 1652 fastfat - ok
09:59:10.0687 1652 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:59:10.0688 1652 fdc - ok
09:59:10.0833 1652 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:59:10.0834 1652 fdPHost - ok
09:59:10.0850 1652 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:59:10.0851 1652 FDResPub - ok
09:59:10.0859 1652 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:59:10.0860 1652 FileInfo - ok
09:59:10.0951 1652 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:59:10.0952 1652 Filetrace - ok
09:59:10.0970 1652 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:59:10.0971 1652 flpydisk - ok
09:59:11.0110 1652 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:59:11.0111 1652 FltMgr - ok
09:59:11.0575 1652 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
09:59:11.0580 1652 FontCache - ok
09:59:11.0885 1652 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:59:11.0888 1652 FontCache3.0.0.0 - ok
09:59:12.0026 1652 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:59:12.0028 1652 fssfltr - ok
09:59:12.0248 1652 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:59:12.0381 1652 fsssvc - ok
09:59:12.0438 1652 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:59:12.0438 1652 Fs_Rec - ok
09:59:12.0477 1652 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:59:12.0478 1652 gagp30kx - ok
09:59:12.0564 1652 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:59:12.0565 1652 GEARAspiWDM - ok
09:59:12.0651 1652 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
09:59:12.0652 1652 GoogleDesktopManager-051210-111108 - ok
09:59:12.0776 1652 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:59:12.0780 1652 gpsvc - ok
09:59:12.0832 1652 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca25c6e81dde29 C:\Program Files\Google\Update\GoogleUpdate.exe
09:59:12.0833 1652 gupdate1ca25c6e81dde29 - ok
09:59:12.0841 1652 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:59:12.0842 1652 gupdatem - ok
09:59:12.0930 1652 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:59:12.0934 1652 gusvc - ok
09:59:12.0996 1652 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:59:12.0998 1652 HdAudAddService - ok
09:59:13.0034 1652 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:59:13.0038 1652 HDAudBus - ok
09:59:13.0108 1652 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:59:13.0109 1652 HidBth - ok
09:59:13.0131 1652 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:59:13.0132 1652 HidIr - ok
09:59:13.0215 1652 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
09:59:13.0216 1652 hidserv - ok
09:59:13.0293 1652 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:59:13.0294 1652 HidUsb - ok
09:59:13.0366 1652 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:59:13.0368 1652 hkmsvc - ok
09:59:13.0389 1652 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:59:13.0390 1652 HpCISSs - ok
09:59:13.0428 1652 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:59:13.0432 1652 HSFHWAZL - ok
09:59:13.0556 1652 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:59:13.0562 1652 HSF_DPV - ok
09:59:13.0582 1652 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:59:13.0583 1652 HSXHWAZL - ok
09:59:13.0740 1652 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:59:13.0742 1652 HTTP - ok
09:59:13.0821 1652 [ 0515065A3C7E8869DD01253E987C5BD1 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:59:13.0824 1652 hwdatacard - ok
09:59:13.0858 1652 [ A259D3619AA23D4562581067F85E2006 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
09:59:13.0861 1652 hwusbfake - ok
09:59:13.0887 1652 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:59:13.0888 1652 i2omp - ok
09:59:13.0907 1652 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:59:13.0907 1652 i8042prt - ok
09:59:13.0952 1652 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:59:13.0956 1652 iaStorV - ok
09:59:14.0156 1652 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:59:14.0178 1652 idsvc - ok
09:59:14.0445 1652 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:59:14.0499 1652 igfx - ok
09:59:14.0546 1652 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:59:14.0552 1652 iirsp - ok
09:59:14.0662 1652 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:59:14.0666 1652 IKEEXT - ok
09:59:14.0743 1652 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
09:59:14.0744 1652 int15 - ok
09:59:14.0838 1652 [ 23EBCEE9AAA4D6C88728791FAB462456 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:59:14.0856 1652 IntcAzAudAddService - ok
09:59:14.0861 1652 IntcHdmiAddService - ok
09:59:14.0931 1652 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
09:59:14.0932 1652 intelide - ok
09:59:15.0037 1652 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:59:15.0038 1652 intelppm - ok
09:59:15.0086 1652 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:59:15.0087 1652 IPBusEnum - ok
09:59:15.0121 1652 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:59:15.0123 1652 IpFilterDriver - ok
09:59:15.0202 1652 [ 1998BD97F950680BB55F55A7244679C2 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
09:59:15.0204 1652 IpHlpSvc - ok
09:59:15.0209 1652 IpInIp - ok
09:59:15.0543 1652 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:59:15.0545 1652 IPMIDRV - ok
09:59:15.0620 1652 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:59:15.0623 1652 IPNAT - ok
09:59:15.0716 1652 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:59:15.0736 1652 iPod Service - ok
09:59:15.0832 1652 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
09:59:15.0833 1652 irda - ok
09:59:15.0847 1652 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:59:15.0848 1652 IRENUM - ok
09:59:15.0885 1652 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
09:59:16.0495 1652 Irmon - ok
09:59:16.0593 1652 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:59:16.0594 1652 isapnp - ok
09:59:16.0810 1652 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:59:16.0811 1652 iScsiPrt - ok
09:59:17.0041 1652 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:59:17.0043 1652 iteatapi - ok
09:59:17.0134 1652 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:59:17.0136 1652 iteraid - ok
09:59:17.0302 1652 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:59:17.0354 1652 IviRegMgr - ok
09:59:17.0368 1652 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:59:17.0369 1652 kbdclass - ok
09:59:17.0389 1652 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:59:17.0453 1652 kbdhid - ok
09:59:17.0577 1652 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:59:17.0578 1652 KeyIso - ok
09:59:17.0632 1652 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:59:17.0640 1652 KSecDD - ok
09:59:17.0721 1652 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:59:17.0725 1652 KtmRm - ok
09:59:17.0899 1652 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
09:59:17.0902 1652 LanmanServer - ok
09:59:17.0991 1652 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:59:17.0995 1652 LanmanWorkstation - ok
09:59:18.0100 1652 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:59:18.0101 1652 LightScribeService - ok
09:59:18.0123 1652 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:59:18.0124 1652 lltdio - ok
09:59:18.0150 1652 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:59:18.0155 1652 lltdsvc - ok
09:59:18.0189 1652 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:59:18.0191 1652 lmhosts - ok
09:59:18.0332 1652 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:59:18.0335 1652 LSI_FC - ok
09:59:18.0477 1652 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:59:18.0480 1652 LSI_SAS - ok
09:59:18.0555 1652 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:59:18.0557 1652 LSI_SCSI - ok
09:59:18.0593 1652 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:59:18.0594 1652 luafv - ok
09:59:18.0634 1652 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:59:18.0637 1652 Mcx2Svc - ok
09:59:18.0661 1652 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:59:18.0662 1652 mdmxsdk - ok
09:59:18.0702 1652 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
09:59:18.0703 1652 megasas - ok
09:59:18.0752 1652 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
09:59:18.0758 1652 MegaSR - ok
09:59:18.0775 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:59:18.0778 1652 MMCSS - ok
09:59:18.0824 1652 MobilityService - ok
09:59:18.0867 1652 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:59:18.0868 1652 Modem - ok
09:59:18.0897 1652 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:59:18.0900 1652 monitor - ok
09:59:19.0008 1652 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:59:19.0009 1652 mouclass - ok
09:59:19.0052 1652 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:59:19.0052 1652 mouhid - ok
09:59:19.0094 1652 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:59:19.0096 1652 MountMgr - ok
09:59:19.0135 1652 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:59:19.0137 1652 MpFilter - ok
09:59:19.0159 1652 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
09:59:19.0163 1652 mpio - ok
09:59:19.0193 1652 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:59:19.0194 1652 mpsdrv - ok
09:59:19.0278 1652 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:59:19.0283 1652 MpsSvc - ok
09:59:19.0635 1652 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:59:19.0636 1652 Mraid35x - ok
09:59:19.0677 1652 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:59:19.0678 1652 MRxDAV - ok
09:59:19.0950 1652 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:59:19.0951 1652 mrxsmb - ok
09:59:20.0228 1652 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:59:20.0229 1652 mrxsmb10 - ok
09:59:20.0373 1652 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:59:20.0374 1652 mrxsmb20 - ok
09:59:20.0410 1652 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
09:59:20.0411 1652 msahci - ok
09:59:20.0677 1652 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:59:20.0679 1652 msdsm - ok
09:59:20.0773 1652 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:59:20.0777 1652 MSDTC - ok
09:59:20.0831 1652 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:59:20.0832 1652 Msfs - ok
09:59:20.0839 1652 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:59:20.0841 1652 msisadrv - ok
09:59:20.0883 1652 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:59:20.0887 1652 MSiSCSI - ok
09:59:20.0925 1652 msiserver - ok
09:59:20.0945 1652 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:59:20.0946 1652 MSKSSRV - ok
09:59:21.0106 1652 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:59:21.0107 1652 MsMpSvc - ok
09:59:21.0120 1652 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:59:21.0122 1652 MSPCLOCK - ok
09:59:21.0143 1652 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:59:21.0144 1652 MSPQM - ok
09:59:21.0228 1652 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:59:21.0231 1652 MsRPC - ok
09:59:21.0277 1652 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:59:21.0278 1652 mssmbios - ok
09:59:21.0403 1652 MSSQL$MSSMLBIZ - ok
09:59:21.0651 1652 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:59:21.0653 1652 MSSQLServerADHelper - ok
09:59:21.0672 1652 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:59:21.0673 1652 MSTEE - ok
09:59:21.0895 1652 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:59:21.0897 1652 Mup - ok
09:59:21.0969 1652 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:59:21.0973 1652 napagent - ok
09:59:22.0019 1652 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:59:22.0021 1652 NativeWifiP - ok
09:59:22.0145 1652 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:59:22.0178 1652 NDIS - ok
09:59:22.0211 1652 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:59:22.0212 1652 NdisTapi - ok
09:59:22.0223 1652 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:59:22.0224 1652 Ndisuio - ok
09:59:22.0338 1652 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:59:22.0339 1652 NdisWan - ok
09:59:22.0398 1652 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:59:22.0399 1652 NDProxy - ok
09:59:22.0408 1652 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:59:22.0408 1652 NetBIOS - ok
09:59:22.0465 1652 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:59:22.0466 1652 netbt - ok
09:59:22.0480 1652 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:59:22.0482 1652 Netlogon - ok
09:59:23.0121 1652 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:59:23.0124 1652 Netman - ok
09:59:23.0238 1652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:59:23.0368 1652 NetMsmqActivator - ok
09:59:23.0373 1652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:59:23.0374 1652 NetPipeActivator - ok
09:59:23.0394 1652 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:59:23.0397 1652 netprofm - ok
09:59:23.0403 1652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:59:23.0406 1652 NetTcpActivator - ok
09:59:23.0414 1652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:59:23.0416 1652 NetTcpPortSharing - ok
09:59:23.0537 1652 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
09:59:23.0647 1652 NETw5v32 - ok
09:59:23.0891 1652 [ 383712AEC962B72BF6D368A4A64CFE09 ] NETwNv32 C:\Windows\system32\DRIVERS\NETwNv32.sys
09:59:23.0935 1652 NETwNv32 - ok
09:59:23.0994 1652 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:59:23.0995 1652 nfrd960 - ok
09:59:24.0069 1652 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:59:24.0071 1652 NisDrv - ok
09:59:24.0222 1652 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:59:24.0228 1652 NisSrv - ok
09:59:24.0250 1652 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:59:24.0253 1652 NlaSvc - ok
09:59:24.0383 1652 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:59:24.0384 1652 Npfs - ok
09:59:24.0433 1652 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
09:59:24.0434 1652 NSCIRDA - ok
09:59:24.0472 1652 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:59:24.0474 1652 nsi - ok
09:59:24.0504 1652 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:59:24.0504 1652 nsiproxy - ok
09:59:24.0586 1652 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:59:24.0619 1652 Ntfs - ok
09:59:24.0707 1652 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
09:59:24.0707 1652 NTIBackupSvc - ok
09:59:24.0742 1652 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
09:59:24.0743 1652 NTIDrvr - ok
09:59:24.0789 1652 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
09:59:24.0790 1652 NTISchedulerSvc - ok
09:59:24.0847 1652 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:59:24.0848 1652 ntrigdigi - ok
09:59:24.0869 1652 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:59:24.0870 1652 Null - ok
09:59:24.0885 1652 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:59:24.0888 1652 nvraid - ok
09:59:24.0901 1652 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:59:24.0903 1652 nvstor - ok
09:59:24.0921 1652 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:59:24.0924 1652 nv_agp - ok
09:59:24.0928 1652 NwlnkFlt - ok
09:59:24.0936 1652 NwlnkFwd - ok
09:59:24.0986 1652 [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
09:59:24.0988 1652 o2flash - ok
09:59:25.0023 1652 [ 78575368974962042472F18B24D3CF28 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
09:59:25.0023 1652 O2MDRDR - ok
09:59:25.0038 1652 [ B6DBDA8C79DC4333AD9B0C15067B8247 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys
09:59:25.0039 1652 O2SDRDR - ok
09:59:25.0181 1652 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:59:25.0189 1652 odserv - ok
09:59:25.0237 1652 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:59:25.0238 1652 ohci1394 - ok
09:59:25.0277 1652 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:25.0281 1652 ose - ok
09:59:25.0340 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:59:25.0346 1652 p2pimsvc - ok
09:59:25.0373 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:59:25.0379 1652 p2psvc - ok
09:59:25.0827 1652 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:59:25.0828 1652 Parport - ok
09:59:26.0262 1652 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:59:26.0263 1652 partmgr - ok
09:59:26.0280 1652 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:59:26.0282 1652 Parvdm - ok
09:59:26.0316 1652 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:59:26.0319 1652 PcaSvc - ok
09:59:26.0379 1652 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:59:26.0383 1652 pci - ok
09:59:26.0408 1652 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
09:59:26.0409 1652 pciide - ok
09:59:26.0447 1652 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:59:26.0450 1652 pcmcia - ok
09:59:26.0682 1652 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:59:26.0689 1652 PEAUTH - ok
09:59:26.0997 1652 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:59:27.0009 1652 pla - ok
09:59:27.0581 1652 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:59:27.0586 1652 PlugPlay - ok
09:59:27.0630 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:59:27.0637 1652 PNRPAutoReg - ok
09:59:27.0685 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:59:27.0692 1652 PNRPsvc - ok
09:59:27.0752 1652 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:59:27.0755 1652 PolicyAgent - ok
09:59:27.0871 1652 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:59:27.0942 1652 PptpMiniport - ok
09:59:27.0993 1652 [ 3E55203169A291199AC577636DBD933D ] prmvmouse C:\Windows\system32\DRIVERS\activmouse.sys
09:59:27.0993 1652 prmvmouse - ok
09:59:28.0036 1652 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
09:59:28.0059 1652 Processor - ok
09:59:28.0097 1652 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:59:28.0101 1652 ProfSvc - ok
09:59:28.0116 1652 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:59:28.0119 1652 ProtectedStorage - ok
09:59:28.0149 1652 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:59:28.0150 1652 PSched - ok
09:59:28.0206 1652 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:59:28.0207 1652 PSI_SVC_2 - ok
09:59:28.0253 1652 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:59:28.0287 1652 ql2300 - ok
09:59:28.0338 1652 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:59:28.0341 1652 ql40xx - ok
09:59:28.0383 1652 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:59:28.0388 1652 QWAVE - ok
09:59:28.0427 1652 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:59:28.0428 1652 QWAVEdrv - ok
09:59:28.0444 1652 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:59:28.0444 1652 RasAcd - ok
09:59:28.0503 1652 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:59:28.0506 1652 RasAuto - ok
09:59:28.0613 1652 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:59:28.0613 1652 Rasl2tp - ok
09:59:28.0821 1652 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:59:28.0826 1652 RasMan - ok
09:59:28.0867 1652 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:59:28.0867 1652 RasPppoe - ok
09:59:28.0906 1652 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:59:28.0907 1652 RasSstp - ok
09:59:29.0211 1652 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:59:29.0213 1652 rdbss - ok
09:59:29.0255 1652 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:59:29.0255 1652 RDPCDD - ok
09:59:29.0317 1652 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:59:29.0322 1652 rdpdr - ok
09:59:29.0327 1652 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:59:29.0328 1652 RDPENCDD - ok
09:59:29.0376 1652 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:59:29.0381 1652 RDPWD - ok
09:59:29.0458 1652 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
09:59:29.0459 1652 RealNetworks Downloader Resolver Service - ok
09:59:29.0495 1652 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
09:59:29.0495 1652 regi - ok
09:59:29.0795 1652 [ 6987DC1DD7A7159752DFB1F6AABAE062 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:59:29.0798 1652 RegSrvc - ok
09:59:29.0835 1652 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:59:29.0838 1652 RemoteAccess - ok
09:59:29.0890 1652 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:59:29.0893 1652 RemoteRegistry - ok
09:59:30.0106 1652 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:59:30.0110 1652 RFCOMM - ok
09:59:30.0153 1652 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:59:30.0154 1652 RpcLocator - ok
09:59:30.0222 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:59:30.0229 1652 RpcSs - ok
09:59:30.0284 1652 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:59:30.0285 1652 rspndr - ok
09:59:30.0335 1652 [ 06847AA6F3A9BF7C44134D00A2E578C0 ] s125bus C:\Windows\system32\DRIVERS\s125bus.sys
09:59:30.0337 1652 s125bus - ok
09:59:30.0395 1652 [ F83F88E1B125308FB5015EA0349502B0 ] s125mdfl C:\Windows\system32\DRIVERS\s125mdfl.sys
09:59:30.0396 1652 s125mdfl - ok
09:59:30.0426 1652 [ 402A97756C14940AD6AE5169C2FB105E ] s125mdm C:\Windows\system32\DRIVERS\s125mdm.sys
09:59:30.0429 1652 s125mdm - ok
09:59:30.0460 1652 [ 82B14C51DE76825EC769A6374E4C57D6 ] s125mgmt C:\Windows\system32\DRIVERS\s125mgmt.sys
09:59:30.0462 1652 s125mgmt - ok
09:59:30.0524 1652 [ BEDFC5707C356FD073BF1A4AFE442D91 ] s125obex C:\Windows\system32\DRIVERS\s125obex.sys
09:59:30.0527 1652 s125obex - ok
09:59:30.0540 1652 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:59:30.0542 1652 SamSs - ok
09:59:30.0564 1652 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:59:30.0566 1652 sbp2port - ok
09:59:30.0603 1652 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:59:30.0606 1652 SCardSvr - ok
09:59:30.0662 1652 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:59:30.0670 1652 Schedule - ok
09:59:30.0717 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:59:30.0718 1652 SCPolicySvc - ok
09:59:30.0735 1652 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:59:30.0738 1652 sdbus - ok
09:59:30.0755 1652 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:59:30.0758 1652 SDRSVC - ok
09:59:30.0823 1652 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:59:30.0825 1652 SeaPort - ok
09:59:30.0834 1652 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:59:30.0835 1652 secdrv - ok
09:59:30.0844 1652 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:59:30.0847 1652 seclogon - ok
09:59:30.0866 1652 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
09:59:30.0869 1652 SENS - ok
09:59:30.0897 1652 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:59:30.0898 1652 Serenum - ok
09:59:30.0916 1652 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
09:59:30.0919 1652 Serial - ok
09:59:30.0964 1652 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:59:30.0966 1652 sermouse - ok
09:59:30.0989 1652 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:59:30.0992 1652 SessionEnv - ok
09:59:31.0008 1652 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:59:31.0010 1652 sffdisk - ok
09:59:31.0030 1652 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:59:31.0033 1652 sffp_mmc - ok
09:59:31.0052 1652 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:59:31.0054 1652 sffp_sd - ok
09:59:31.0094 1652 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:59:31.0095 1652 sfloppy - ok
09:59:31.0129 1652 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:59:31.0132 1652 SharedAccess - ok
09:59:31.0346 1652 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:59:31.0350 1652 ShellHWDetection - ok
09:59:31.0461 1652 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:59:31.0463 1652 sisagp - ok
09:59:31.0511 1652 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:59:31.0512 1652 SiSRaid2 - ok
09:59:31.0536 1652 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:59:31.0538 1652 SiSRaid4 - ok
09:59:31.0691 1652 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:59:31.0721 1652 slsvc - ok
09:59:31.0868 1652 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:59:31.0871 1652 SLUINotify - ok
09:59:31.0977 1652 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\SMB.SYS
09:59:31.0978 1652 Smb - ok
09:59:32.0024 1652 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:59:32.0027 1652 SNMPTRAP - ok
09:59:32.0063 1652 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:59:32.0064 1652 spldr - ok
09:59:32.0121 1652 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:59:32.0125 1652 Spooler - ok
09:59:32.0173 1652 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:59:32.0175 1652 SQLBrowser - ok
09:59:32.0215 1652 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:59:32.0216 1652 SQLWriter - ok
09:59:32.0436 1652 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:59:32.0439 1652 srv - ok
09:59:32.0492 1652 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:59:32.0493 1652 srv2 - ok
09:59:32.0742 1652 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:59:32.0743 1652 srvnet - ok
09:59:32.0829 1652 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
09:59:32.0832 1652 ssadbus - ok
09:59:32.0871 1652 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
09:59:32.0873 1652 ssadmdfl - ok
09:59:32.0908 1652 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
09:59:32.0911 1652 ssadmdm - ok
09:59:32.0955 1652 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
09:59:32.0957 1652 ssadserd - ok
09:59:33.0003 1652 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:59:33.0007 1652 SSDPSRV - ok
09:59:33.0239 1652 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:59:33.0242 1652 SstpSvc - ok
09:59:33.0653 1652 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:59:33.0654 1652 StillCam - ok
09:59:34.0057 1652 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:59:34.0063 1652 stisvc - ok
09:59:34.0172 1652 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:59:34.0173 1652 swenum - ok
09:59:34.0213 1652 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:59:34.0217 1652 swprv - ok
09:59:34.0313 1652 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:59:34.0315 1652 Symc8xx - ok
09:59:34.0359 1652 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:59:34.0360 1652 Sym_hi - ok
09:59:34.0374 1652 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:59:34.0376 1652 Sym_u3 - ok
09:59:34.0433 1652 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:59:34.0440 1652 SysMain - ok
09:59:34.0466 1652 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:59:34.0469 1652 TabletInputService - ok
09:59:34.0545 1652 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:59:34.0549 1652 TapiSrv - ok
09:59:34.0565 1652 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:59:34.0568 1652 TBS - ok
09:59:34.0727 1652 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:59:34.0750 1652 Tcpip - ok
09:59:34.0776 1652 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:59:34.0784 1652 Tcpip6 - ok
09:59:34.0838 1652 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:59:34.0839 1652 tcpipreg - ok
09:59:34.0865 1652 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:59:34.0866 1652 TDPIPE - ok
09:59:34.0902 1652 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:59:34.0904 1652 TDTCP - ok
09:59:34.0949 1652 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:59:34.0950 1652 tdx - ok
09:59:35.0205 1652 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:59:35.0206 1652 TermDD - ok
09:59:35.0342 1652 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:59:35.0347 1652 TermService - ok
09:59:35.0482 1652 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:59:35.0486 1652 Themes - ok
09:59:35.0497 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:59:35.0499 1652 THREADORDER - ok
09:59:35.0572 1652 [ 3AFFF25EAE28188FA4ECD292658BE31B ] TpChoice C:\Windows\system32\DRIVERS\TpChoice.sys
09:59:35.0574 1652 TpChoice - ok
09:59:35.0623 1652 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:59:35.0626 1652 TrkWks - ok
09:59:35.0770 1652 [ 746B8CF9CEDEDDD865472544EDF626DA ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
09:59:35.0772 1652 truecrypt - ok
09:59:35.0836 1652 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:35.0836 1652 TrustedInstaller - ok
09:59:35.0872 1652 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:35.0873 1652 tssecsrv - ok
09:59:35.0910 1652 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:59:35.0910 1652 tunmp - ok
09:59:35.0951 1652 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:59:35.0952 1652 tunnel - ok
09:59:36.0112 1652 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:59:36.0114 1652 uagp35 - ok
09:59:36.0168 1652 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
09:59:36.0169 1652 UBHelper - ok
09:59:36.0218 1652 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:59:36.0220 1652 udfs - ok
09:59:36.0250 1652 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:59:36.0253 1652 UI0Detect - ok
09:59:36.0376 1652 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:59:36.0378 1652 uliagpkx - ok
09:59:36.0422 1652 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:59:36.0427 1652 uliahci - ok
09:59:36.0440 1652 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:59:36.0443 1652 UlSata - ok
09:59:36.0470 1652 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:59:36.0472 1652 ulsata2 - ok
09:59:36.0486 1652 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:59:36.0488 1652 umbus - ok
09:59:36.0539 1652 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:59:36.0543 1652 upnphost - ok
09:59:36.0584 1652 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:59:36.0585 1652 USBAAPL - ok
09:59:36.0620 1652 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:36.0621 1652 usbccgp - ok
09:59:36.0634 1652 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:59:36.0637 1652 usbcir - ok
09:59:36.0679 1652 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:59:36.0679 1652 usbehci - ok
09:59:36.0776 1652 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:59:36.0778 1652 usbhub - ok
09:59:36.0797 1652 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:59:36.0799 1652 usbohci - ok
09:59:36.0845 1652 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:59:36.0845 1652 usbprint - ok
09:59:36.0879 1652 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:59:36.0880 1652 usbscan - ok
09:59:36.0927 1652 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:36.0928 1652 USBSTOR - ok
09:59:36.0954 1652 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:59:36.0954 1652 usbuhci - ok
09:59:36.0971 1652 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:59:36.0972 1652 usbvideo - ok
09:59:37.0113 1652 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:59:37.0116 1652 UxSms - ok
09:59:37.0241 1652 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:59:37.0247 1652 vds - ok
09:59:37.0479 1652 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:37.0481 1652 vga - ok
09:59:37.0525 1652 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:59:37.0526 1652 VgaSave - ok
09:59:37.0543 1652 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:59:37.0545 1652 viaagp - ok
09:59:37.0565 1652 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:59:37.0567 1652 ViaC7 - ok
09:59:37.0608 1652 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
09:59:37.0609 1652 viaide - ok
09:59:37.0624 1652 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:59:37.0625 1652 volmgr - ok
09:59:37.0673 1652 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:59:37.0679 1652 volmgrx - ok
09:59:37.0853 1652 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:59:37.0858 1652 volsnap - ok
09:59:37.0884 1652 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:59:37.0886 1652 vsmraid - ok
09:59:37.0939 1652 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:59:37.0951 1652 VSS - ok
09:59:38.0355 1652 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
09:59:38.0379 1652 vToolbarUpdater13.2.0 - ok
09:59:38.0434 1652 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:59:38.0439 1652 W32Time - ok
09:59:38.0497 1652 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:59:38.0498 1652 WacomPen - ok
09:59:38.0518 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:59:38.0519 1652 Wanarp - ok
09:59:38.0523 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:59:38.0524 1652 Wanarpv6 - ok
09:59:38.0563 1652 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:59:38.0569 1652 wcncsvc - ok
09:59:38.0613 1652 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:38.0616 1652 WcsPlugInService - ok
09:59:38.0637 1652 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
09:59:38.0639 1652 Wd - ok
09:59:38.0692 1652 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:59:38.0696 1652 Wdf01000 - ok
09:59:38.0791 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:59:38.0795 1652 WdiServiceHost - ok
09:59:38.0799 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:59:38.0804 1652 WdiSystemHost - ok
09:59:38.0855 1652 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:59:38.0858 1652 WebClient - ok
09:59:38.0919 1652 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:59:38.0923 1652 Wecsvc - ok
09:59:38.0953 1652 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:59:38.0956 1652 wercplsupport - ok
09:59:39.0019 1652 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:59:39.0023 1652 WerSvc - ok
09:59:39.0055 1652 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:59:39.0060 1652 winachsf - ok
09:59:39.0139 1652 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:59:39.0144 1652 WinDefend - ok
09:59:39.0155 1652 WinHttpAutoProxySvc - ok
09:59:39.0688 1652 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:59:39.0702 1652 Winmgmt - ok
09:59:39.0768 1652 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:59:39.0780 1652 WinRM - ok
09:59:39.0838 1652 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:59:39.0845 1652 Wlansvc - ok
09:59:40.0011 1652 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:59:40.0012 1652 wlcrasvc - ok
09:59:40.0078 1652 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:59:40.0089 1652 wlidsvc - ok
09:59:40.0112 1652 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:59:40.0112 1652 WmiAcpi - ok
09:59:40.0189 1652 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:59:40.0190 1652 wmiApSrv - ok
09:59:40.0251 1652 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:40.0258 1652 WMPNetworkSvc - ok
09:59:40.0279 1652 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:59:40.0283 1652 WPCSvc - ok
09:59:40.0469 1652 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:59:40.0472 1652 WPDBusEnum - ok
09:59:40.0592 1652 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:59:40.0593 1652 WpdUsb - ok
09:59:40.0743 1652 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:59:40.0749 1652 WPFFontCache_v0400 - ok
09:59:40.0793 1652 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:59:40.0794 1652 ws2ifsl - ok
09:59:40.0832 1652 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
09:59:40.0836 1652 wscsvc - ok
09:59:40.0840 1652 WSearch - ok
09:59:40.0969 1652 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:59:40.0983 1652 wuauserv - ok
09:59:41.0064 1652 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:59:41.0065 1652 WudfPf - ok
09:59:41.0084 1652 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:41.0085 1652 WUDFRd - ok
09:59:41.0188 1652 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:59:41.0192 1652 wudfsvc - ok
09:59:41.0237 1652 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
09:59:41.0238 1652 XAudio - ok
09:59:41.0264 1652 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
09:59:41.0267 1652 XAudioService - ok
09:59:41.0289 1652 ================ Scan global ===============================
09:59:41.0339 1652 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:59:41.0391 1652 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:59:41.0413 1652 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:59:41.0461 1652 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:59:41.0465 1652 [Global] - ok
09:59:41.0465 1652 ================ Scan MBR ==================================
09:59:41.0484 1652 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
09:59:43.0756 1652 \Device\Harddisk0\DR0 - ok
09:59:43.0761 1652 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:59:44.0127 1652 \Device\Harddisk1\DR1 - ok
09:59:44.0127 1652 ================ Scan VBR ==================================
09:59:44.0138 1652 [ 2E8F701854DF160B1266DCFEDAA2B28C ] \Device\Harddisk0\DR0\Partition1
09:59:44.0140 1652 \Device\Harddisk0\DR0\Partition1 - ok
09:59:44.0167 1652 [ AD912346F5F2AFC8098F20F552FCC525 ] \Device\Harddisk0\DR0\Partition2
09:59:44.0169 1652 \Device\Harddisk0\DR0\Partition2 - ok
09:59:44.0209 1652 [ 575620A400D5FB0052D6DB37D30FB514 ] \Device\Harddisk1\DR1\Partition1
09:59:44.0211 1652 \Device\Harddisk1\DR1\Partition1 - ok
09:59:44.0212 1652 ================ Scan active images ========================
09:59:44.0214 1652 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
09:59:44.0214 1652 C:\Windows\System32\drivers\crashdmp.sys - ok
09:59:44.0220 1652 [ C67EBF9C05531C406E1E079FF669A2E6 ] C:\Windows\System32\drivers\Dumpata.sys
09:59:44.0220 1652 C:\Windows\System32\drivers\Dumpata.sys - ok
09:59:44.0225 1652 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] C:\Windows\System32\drivers\msahci.sys
09:59:44.0225 1652 C:\Windows\System32\drivers\msahci.sys - ok
09:59:44.0230 1652 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
09:59:44.0230 1652 C:\Windows\System32\drivers\tunnel.sys - ok
09:59:44.0237 1652 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
09:59:44.0237 1652 C:\Windows\System32\drivers\TUNMP.SYS - ok
09:59:44.0242 1652 [ DCE0B53570703CCE580D066F89EF58CD ] C:\Windows\System32\drivers\igdkmd32.sys
09:59:44.0242 1652 C:\Windows\System32\drivers\igdkmd32.sys - ok
09:59:44.0247 1652 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
09:59:44.0247 1652 C:\Windows\System32\drivers\dxgkrnl.sys - ok
09:59:44.0254 1652 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
09:59:44.0254 1652 C:\Windows\System32\drivers\watchdog.sys - ok
09:59:44.0259 1652 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
09:59:44.0259 1652 C:\Windows\System32\drivers\usbport.sys - ok
09:59:44.0264 1652 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
09:59:44.0264 1652 C:\Windows\System32\drivers\usbehci.sys - ok
09:59:44.0270 1652 [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys
09:59:44.0270 1652 C:\Windows\System32\drivers\usbuhci.sys - ok
09:59:44.0276 1652 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
09:59:44.0276 1652 C:\Windows\System32\drivers\hdaudbus.sys - ok
09:59:44.0281 1652 [ 7D0F2BFA273831124FA08526AF48AF18 ] C:\Windows\System32\drivers\b57nd60x.sys
09:59:44.0281 1652 C:\Windows\System32\drivers\b57nd60x.sys - ok
09:59:44.0287 1652 [ 383712AEC962B72BF6D368A4A64CFE09 ] C:\Windows\System32\drivers\NETwNv32.sys
09:59:44.0287 1652 C:\Windows\System32\drivers\NETwNv32.sys - ok
09:59:44.0294 1652 [ B6DBDA8C79DC4333AD9B0C15067B8247 ] C:\Windows\System32\drivers\o2sd.sys
09:59:44.0294 1652 C:\Windows\System32\drivers\o2sd.sys - ok
09:59:44.0299 1652 [ 6F5CA34AE885645ACF8A20D564DB976C ] C:\Windows\System32\drivers\scsiport.sys
09:59:44.0299 1652 C:\Windows\System32\drivers\scsiport.sys - ok
09:59:44.0306 1652 [ 78575368974962042472F18B24D3CF28 ] C:\Windows\System32\drivers\o2media.sys
09:59:44.0306 1652 C:\Windows\System32\drivers\o2media.sys - ok
09:59:44.0311 1652 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] C:\Windows\System32\drivers\CmBatt.sys
09:59:44.0311 1652 C:\Windows\System32\drivers\CmBatt.sys - ok
09:59:44.0316 1652 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\Windows\System32\drivers\i8042prt.sys
09:59:44.0316 1652 C:\Windows\System32\drivers\i8042prt.sys - ok
09:59:44.0322 1652 [ 73BAF270D24FE726B9CD7F80BB17A23D ] C:\Windows\System32\drivers\DKbFltr.sys
09:59:44.0323 1652 C:\Windows\System32\drivers\DKbFltr.sys - ok
09:59:44.0327 1652 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
09:59:44.0328 1652 C:\Windows\System32\drivers\kbdclass.sys - ok
09:59:44.0333 1652 [ E8885F571251A058DCA0F058341B04C1 ] C:\Windows\System32\drivers\Apfiltr.sys
09:59:44.0333 1652 C:\Windows\System32\drivers\Apfiltr.sys - ok
09:59:44.0336 1652 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
09:59:44.0336 1652 C:\Windows\System32\drivers\cdrom.sys - ok
09:59:44.0342 1652 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
09:59:44.0342 1652 C:\Windows\System32\drivers\mouclass.sys - ok
09:59:44.0347 1652 [ 185ADA973B5020655CEE342059A86CBB ] C:\Windows\System32\drivers\GEARAspiWDM.sys
09:59:44.0347 1652 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
09:59:44.0355 1652 [ 2757D2BA59AEE155209E24942AB127C9 ] C:\Windows\System32\drivers\NTIDrvr.sys
09:59:44.0355 1652 C:\Windows\System32\drivers\NTIDrvr.sys - ok
09:59:44.0358 1652 [ 2E7255D172DF0B8283CDFB7B433B864E ] C:\Windows\System32\drivers\wmiacpi.sys
09:59:44.0359 1652 C:\Windows\System32\drivers\wmiacpi.sys - ok
09:59:44.0364 1652 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys
09:59:44.0364 1652 C:\Windows\System32\drivers\intelppm.sys - ok
09:59:44.0372 1652 [ 975E7BB16739D09D0F565E3923361BB2 ] C:\Windows\System32\drivers\activhidsermini.sys
09:59:44.0372 1652 C:\Windows\System32\drivers\activhidsermini.sys - ok
09:59:44.0376 1652 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
09:59:44.0376 1652 C:\Windows\System32\drivers\hidclass.sys - ok
09:59:44.0381 1652 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
09:59:44.0381 1652 C:\Windows\System32\drivers\hidparse.sys - ok
09:59:44.0388 1652 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
09:59:44.0389 1652 C:\Windows\System32\drivers\msiscsi.sys - ok
09:59:44.0392 1652 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
09:59:44.0392 1652 C:\Windows\System32\drivers\rasl2tp.sys - ok
09:59:44.0397 1652 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys
09:59:44.0397 1652 C:\Windows\System32\drivers\Storport.sys - ok
09:59:44.0405 1652 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
09:59:44.0405 1652 C:\Windows\System32\drivers\tdi.sys - ok
09:59:44.0409 1652 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys
09:59:44.0409 1652 C:\Windows\System32\drivers\ndistapi.sys - ok
09:59:44.0415 1652 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys
09:59:44.0415 1652 C:\Windows\System32\drivers\ndiswan.sys - ok
09:59:44.0422 1652 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
09:59:44.0422 1652 C:\Windows\System32\drivers\raspppoe.sys - ok
09:59:44.0427 1652 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
09:59:44.0427 1652 C:\Windows\System32\drivers\raspptp.sys - ok
09:59:44.0432 1652 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
09:59:44.0433 1652 C:\Windows\System32\drivers\rassstp.sys - ok
09:59:44.0438 1652 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] C:\Windows\System32\drivers\serscan.sys
09:59:44.0439 1652 C:\Windows\System32\drivers\serscan.sys - ok
09:59:44.0444 1652 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
09:59:44.0444 1652 C:\Windows\System32\drivers\termdd.sys - ok
09:59:44.0449 1652 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
09:59:44.0449 1652 C:\Windows\System32\drivers\ks.sys - ok
09:59:44.0455 1652 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
09:59:44.0455 1652 C:\Windows\System32\drivers\mssmbios.sys - ok
09:59:44.0461 1652 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
09:59:44.0461 1652 C:\Windows\System32\drivers\swenum.sys - ok
09:59:44.0466 1652 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
09:59:44.0466 1652 C:\Windows\System32\drivers\umbus.sys - ok
09:59:44.0473 1652 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
09:59:44.0473 1652 C:\Windows\System32\drivers\usbhub.sys - ok
09:59:44.0479 1652 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
09:59:44.0479 1652 C:\Windows\System32\drivers\mouhid.sys - ok
09:59:44.0484 1652 [ 3E55203169A291199AC577636DBD933D ] C:\Windows\System32\drivers\activmouse.sys
09:59:44.0484 1652 C:\Windows\System32\drivers\activmouse.sys - ok
09:59:44.0491 1652 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys
09:59:44.0491 1652 C:\Windows\System32\drivers\ndproxy.sys - ok
09:59:44.0496 1652 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
09:59:44.0496 1652 C:\Windows\System32\drivers\drmk.sys - ok
09:59:44.0501 1652 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
09:59:44.0501 1652 C:\Windows\System32\drivers\portcls.sys - ok
09:59:44.0507 1652 [ 23EBCEE9AAA4D6C88728791FAB462456 ] C:\Windows\System32\drivers\RTKVHDA.sys
09:59:44.0507 1652 C:\Windows\System32\drivers\RTKVHDA.sys - ok
09:59:44.0513 1652 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] C:\Windows\System32\drivers\HSXHWAZL.sys
09:59:44.0513 1652 C:\Windows\System32\drivers\HSXHWAZL.sys - ok
09:59:44.0518 1652 [ 7BC42C65B5C6281777C1A7605B253BA8 ] C:\Windows\System32\drivers\HSX_DPV.sys
09:59:44.0518 1652 C:\Windows\System32\drivers\HSX_DPV.sys - ok
09:59:44.0524 1652 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] C:\Windows\System32\drivers\HSX_CNXT.sys
09:59:44.0524 1652 C:\Windows\System32\drivers\HSX_CNXT.sys - ok
09:59:44.0529 1652 [ E13B5EA0F51BA5B1512EC671393D09BA ] C:\Windows\System32\drivers\modem.sys
09:59:44.0529 1652 C:\Windows\System32\drivers\modem.sys - ok
09:59:44.0535 1652 [ 3F90E001369A07243763BD5A523D8722 ] C:\Windows\System32\drivers\HdAudio.sys
09:59:44.0535 1652 C:\Windows\System32\drivers\HdAudio.sys - ok
09:59:44.0542 1652 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
09:59:44.0542 1652 C:\Windows\System32\drivers\fs_rec.sys - ok
09:59:44.0548 1652 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys
09:59:44.0548 1652 C:\Windows\System32\drivers\null.sys - ok
09:59:44.0555 1652 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] C:\Windows\System32\drivers\avgtpx86.sys
09:59:44.0555 1652 C:\Windows\System32\drivers\avgtpx86.sys - ok
09:59:44.0559 1652 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
09:59:44.0560 1652 C:\Windows\System32\drivers\beep.sys - ok
09:59:44.0565 1652 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
09:59:44.0565 1652 C:\Windows\System32\drivers\videoprt.sys - ok
09:59:44.0573 1652 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
09:59:44.0573 1652 C:\Windows\System32\drivers\vga.sys - ok
09:59:44.0576 1652 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
09:59:44.0577 1652 C:\Windows\System32\drivers\RDPCDD.sys - ok
09:59:44.0582 1652 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
09:59:44.0582 1652 C:\Windows\System32\drivers\RDPENCDD.sys - ok
09:59:44.0587 1652 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
09:59:44.0587 1652 C:\Windows\System32\drivers\msfs.sys - ok
09:59:44.0591 1652 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys
09:59:44.0591 1652 C:\Windows\System32\drivers\npfs.sys - ok
09:59:44.0597 1652 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
09:59:44.0597 1652 C:\Windows\System32\drivers\rasacd.sys - ok
09:59:44.0602 1652 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\SMB.SYS
09:59:44.0602 1652 C:\Windows\System32\drivers\SMB.SYS - ok
09:59:44.0609 1652 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
09:59:44.0609 1652 C:\Windows\System32\drivers\tdx.sys - ok
09:59:44.0614 1652 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys
09:59:44.0614 1652 C:\Windows\System32\drivers\netbt.sys - ok
09:59:44.0619 1652 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
09:59:44.0619 1652 C:\Windows\System32\drivers\afd.sys - ok
09:59:44.0626 1652 [ E3A3CB253C0EC2494D4A61F5E43A389C ] C:\Windows\System32\drivers\ws2ifsl.sys
09:59:44.0626 1652 C:\Windows\System32\drivers\ws2ifsl.sys - ok
09:59:44.0631 1652 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
09:59:44.0631 1652 C:\Windows\System32\drivers\pacer.sys - ok
09:59:44.0637 1652 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys
09:59:44.0640 1652 C:\Windows\System32\drivers\netbios.sys - ok
09:59:44.0644 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
09:59:44.0644 1652 C:\Windows\System32\drivers\wanarp.sys - ok
09:59:44.0649 1652 [ 746B8CF9CEDEDDD865472544EDF626DA ] C:\Windows\System32\drivers\truecrypt.sys
09:59:44.0649 1652 C:\Windows\System32\drivers\truecrypt.sys - ok
09:59:44.0655 1652 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
09:59:44.0655 1652 C:\Windows\System32\drivers\rdbss.sys - ok
09:59:44.0660 1652 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
09:59:44.0661 1652 C:\Windows\System32\drivers\dfsc.sys - ok
09:59:44.0666 1652 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys
09:59:44.0666 1652 C:\Windows\System32\drivers\nsiproxy.sys - ok
09:59:44.0674 1652 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll
09:59:44.0674 1652 C:\Windows\System32\ntdll.dll - ok
09:59:44.0677 1652 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
09:59:44.0677 1652 C:\Windows\System32\smss.exe - ok
09:59:44.0682 1652 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
09:59:44.0682 1652 C:\Windows\System32\autochk.exe - ok
09:59:44.0690 1652 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
09:59:44.0690 1652 C:\Windows\System32\drivers\usbccgp.sys - ok
09:59:44.0694 1652 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys
09:59:44.0694 1652 C:\Windows\System32\drivers\usbd.sys - ok
09:59:44.0699 1652 [ E67998E8F14CB0627A769F6530BCB352 ] C:\Windows\System32\drivers\usbvideo.sys
09:59:44.0699 1652 C:\Windows\System32\drivers\usbvideo.sys - ok
09:59:44.0707 1652 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys
09:59:44.0707 1652 C:\Windows\System32\drivers\fastfat.sys - ok
09:59:44.0711 1652 [ BE3DA31C191BC222D9AD503C5224F2AD ] C:\Windows\System32\drivers\USBSTOR.SYS
09:59:44.0711 1652 C:\Windows\System32\drivers\USBSTOR.SYS - ok
09:59:44.0716 1652 [ A508C9BD8724980512136B039BBA65E9 ] C:\Windows\System32\drivers\usbscan.sys
09:59:44.0716 1652 C:\Windows\System32\drivers\usbscan.sys - ok
09:59:44.0724 1652 [ D9728AF68C4C7693CB100B8441CBDEC6 ] C:\Windows\System32\drivers\udfs.sys
09:59:44.0724 1652 C:\Windows\System32\drivers\udfs.sys - ok
09:59:44.0728 1652 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] C:\Windows\System32\drivers\usbprint.sys
09:59:44.0728 1652 C:\Windows\System32\drivers\usbprint.sys - ok
09:59:44.0733 1652 [ 420B075CD71AB9E58D15DD258958FBA3 ] C:\Windows\System32\shlwapi.dll
09:59:44.0734 1652 C:\Windows\System32\shlwapi.dll - ok
09:59:44.0741 1652 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
09:59:44.0741 1652 C:\Windows\System32\imagehlp.dll - ok
09:59:44.0745 1652 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
09:59:44.0745 1652 C:\Windows\System32\comdlg32.dll - ok
09:59:44.0750 1652 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
09:59:44.0750 1652 C:\Windows\System32\msctf.dll - ok
09:59:44.0757 1652 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
09:59:44.0758 1652 C:\Windows\System32\clbcatq.dll - ok
09:59:44.0761 1652 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
09:59:44.0762 1652 C:\Windows\System32\advapi32.dll - ok
09:59:44.0767 1652 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll
09:59:44.0767 1652 C:\Windows\System32\normaliz.dll - ok
09:59:44.0773 1652 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll
09:59:44.0773 1652 C:\Windows\System32\nsi.dll - ok
09:59:44.0778 1652 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
09:59:44.0778 1652 C:\Windows\System32\setupapi.dll - ok
09:59:44.0783 1652 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
09:59:44.0783 1652 C:\Windows\System32\user32.dll - ok
09:59:44.0792 1652 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\System32\wininet.dll
09:59:44.0792 1652 C:\Windows\System32\wininet.dll - ok
09:59:44.0795 1652 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
09:59:44.0795 1652 C:\Windows\System32\oleaut32.dll - ok
09:59:44.0800 1652 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
09:59:44.0800 1652 C:\Windows\System32\ole32.dll - ok
09:59:44.0808 1652 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
09:59:44.0808 1652 C:\Windows\System32\usp10.dll - ok
09:59:44.0811 1652 [ DC3105CC925A0D47F61B54E66AB730FC ] C:\Windows\System32\kernel32.dll
09:59:44.0811 1652 C:\Windows\System32\kernel32.dll - ok
09:59:44.0816 1652 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
09:59:44.0816 1652 C:\Windows\System32\gdi32.dll - ok
09:59:44.0825 1652 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\System32\iertutil.dll
09:59:44.0825 1652 C:\Windows\System32\iertutil.dll - ok
09:59:44.0828 1652 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
09:59:44.0828 1652 C:\Windows\System32\imm32.dll - ok
09:59:44.0833 1652 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
09:59:44.0833 1652 C:\Windows\System32\msvcrt.dll - ok
09:59:44.0838 1652 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\System32\urlmon.dll
09:59:44.0838 1652 C:\Windows\System32\urlmon.dll - ok
09:59:44.0842 1652 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
09:59:44.0842 1652 C:\Windows\System32\shell32.dll - ok
09:59:44.0848 1652 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
09:59:44.0848 1652 C:\Windows\System32\lpk.dll - ok
09:59:44.0853 1652 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
09:59:44.0853 1652 C:\Windows\System32\Wldap32.dll - ok
09:59:44.0859 1652 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
09:59:44.0859 1652 C:\Windows\System32\ws2_32.dll - ok
09:59:44.0864 1652 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
09:59:44.0864 1652 C:\Windows\System32\rpcrt4.dll - ok
09:59:44.0869 1652 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
09:59:44.0869 1652 C:\Windows\System32\comctl32.dll - ok
09:59:44.0875 1652 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
09:59:44.0875 1652 C:\Windows\System32\psapi.dll - ok
09:59:44.0880 1652 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
09:59:44.0880 1652 C:\Windows\System32\drivers\dxapi.sys - ok
09:59:44.0885 1652 [ 8D48BB1E33E4861271074788EC750BF3 ] C:\Windows\System32\win32k.sys
09:59:44.0885 1652 C:\Windows\System32\win32k.sys - ok
09:59:44.0891 1652 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
09:59:44.0891 1652 C:\Windows\System32\csrsrv.dll - ok
09:59:44.0897 1652 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
09:59:44.0897 1652 C:\Windows\System32\csrss.exe - ok
09:59:44.0902 1652 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
09:59:44.0902 1652 C:\Windows\System32\basesrv.dll - ok
09:59:44.0908 1652 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
09:59:44.0908 1652 C:\Windows\System32\winsrv.dll - ok
09:59:44.0913 1652 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
09:59:44.0913 1652 C:\Windows\System32\drivers\monitor.sys - ok
09:59:44.0919 1652 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
09:59:44.0919 1652 C:\Windows\System32\tsddd.dll - ok
09:59:44.0925 1652 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
09:59:44.0925 1652 C:\Windows\System32\wininit.exe - ok
09:59:44.0930 1652 [ 77F62F156207E11EC4C1FD03CDE47D6B ] C:\Windows\System32\KBDIR.DLL
09:59:44.0930 1652 C:\Windows\System32\KBDIR.DLL - ok
09:59:44.0935 1652 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
09:59:44.0935 1652 C:\Windows\System32\secur32.dll - ok
09:59:44.0941 1652 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
09:59:44.0941 1652 C:\Windows\System32\userenv.dll - ok
09:59:44.0946 1652 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
09:59:44.0947 1652 C:\Windows\System32\KBDUS.DLL - ok
09:59:44.0951 1652 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
09:59:44.0952 1652 C:\Windows\System32\apphelp.dll - ok
09:59:44.0957 1652 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
09:59:44.0957 1652 C:\Windows\System32\services.exe - ok
09:59:44.0963 1652 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
09:59:44.0963 1652 C:\Windows\System32\WlS0WndH.dll - ok
09:59:44.0968 1652 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
09:59:44.0968 1652 C:\Windows\System32\sxs.dll - ok
09:59:44.0975 1652 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
09:59:44.0975 1652 C:\Windows\System32\lsass.exe - ok
09:59:44.0979 1652 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
09:59:44.0980 1652 C:\Windows\System32\lsm.exe - ok
09:59:44.0984 1652 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
09:59:44.0984 1652 C:\Windows\System32\lsasrv.dll - ok
09:59:44.0991 1652 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
09:59:44.0991 1652 C:\Windows\System32\scesrv.dll - ok
09:59:44.0995 1652 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
09:59:44.0995 1652 C:\Windows\System32\sysntfy.dll - ok
09:59:45.0000 1652 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
09:59:45.0000 1652 C:\Windows\System32\wmsgapi.dll - ok
09:59:45.0005 1652 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
09:59:45.0005 1652 C:\Windows\System32\authz.dll - ok
09:59:45.0011 1652 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
09:59:45.0011 1652 C:\Windows\System32\cdd.dll - ok
09:59:45.0016 1652 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll
09:59:45.0016 1652 C:\Windows\System32\netapi32.dll - ok
09:59:45.0022 1652 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll
09:59:45.0022 1652 C:\Windows\System32\aelupsvc.dll - ok
09:59:45.0029 1652 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll
09:59:45.0029 1652 C:\Windows\System32\ncobjapi.dll - ok
09:59:45.0036 1652 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe
09:59:45.0036 1652 C:\Windows\System32\alg.exe - ok
09:59:45.0043 1652 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
09:59:45.0043 1652 C:\Windows\System32\samsrv.dll - ok
09:59:45.0050 1652 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll
09:59:45.0050 1652 C:\Windows\System32\appinfo.dll - ok
09:59:45.0060 1652 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
09:59:45.0060 1652 C:\Windows\System32\cryptdll.dll - ok
09:59:45.0064 1652 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
09:59:45.0064 1652 C:\Windows\System32\dnsapi.dll - ok
09:59:45.0070 1652 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
09:59:45.0070 1652 C:\Windows\System32\msasn1.dll - ok
09:59:45.0076 1652 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll
09:59:45.0076 1652 C:\Windows\System32\ntdsapi.dll - ok
09:59:45.0081 1652 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
09:59:45.0081 1652 C:\Windows\System32\samlib.dll - ok
09:59:45.0086 1652 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll
09:59:45.0086 1652 C:\Windows\System32\crypt32.dll - ok
09:59:45.0093 1652 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
09:59:45.0093 1652 C:\Windows\System32\feclient.dll - ok
09:59:45.0098 1652 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
09:59:45.0098 1652 C:\Windows\System32\mpr.dll - ok
09:59:45.0103 1652 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
09:59:45.0103 1652 C:\Windows\System32\rascfg.dll - ok
09:59:45.0109 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll
09:59:45.0109 1652 C:\Windows\System32\audiosrv.dll - ok
09:59:45.0114 1652 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL
09:59:45.0114 1652 C:\Windows\System32\BFE.DLL - ok
09:59:45.0119 1652 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll
09:59:45.0119 1652 C:\Windows\System32\qmgr.dll - ok
09:59:45.0126 1652 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
09:59:45.0126 1652 C:\Windows\System32\SLC.dll - ok
09:59:45.0130 1652 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll
09:59:45.0130 1652 C:\Windows\System32\browser.dll - ok
09:59:45.0135 1652 [ A4C8377FA4A994E07075107DBE2E3DCE ] C:\Windows\System32\bthserv.dll
09:59:45.0135 1652 C:\Windows\System32\bthserv.dll - ok
09:59:45.0140 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll
09:59:45.0143 1652 C:\Windows\System32\certprop.dll - ok
09:59:45.0146 1652 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
09:59:45.0146 1652 C:\Windows\System32\wevtapi.dll - ok
09:59:45.0151 1652 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll
09:59:45.0151 1652 C:\Windows\System32\comres.dll - ok
09:59:45.0156 1652 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll
09:59:45.0156 1652 C:\Windows\System32\cryptsvc.dll - ok
09:59:45.0163 1652 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll
09:59:45.0163 1652 C:\Windows\System32\dfsrres.dll - ok
09:59:45.0168 1652 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
09:59:45.0168 1652 C:\Windows\System32\dhcpcsvc.dll - ok
09:59:45.0173 1652 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
09:59:45.0173 1652 C:\Windows\System32\IPHLPAPI.DLL - ok
09:59:45.0179 1652 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
09:59:45.0179 1652 C:\Windows\System32\oleres.dll - ok
09:59:45.0184 1652 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
09:59:45.0184 1652 C:\Windows\System32\cngaudit.dll - ok
09:59:45.0189 1652 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
09:59:45.0189 1652 C:\Windows\System32\dhcpcsvc6.dll - ok
09:59:45.0195 1652 [ 13CC59C1B04E9F20A87987C68CD4BE3F ] C:\Windows\System32\ncrypt.dll
09:59:45.0195 1652 C:\Windows\System32\ncrypt.dll - ok
09:59:45.0200 1652 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
09:59:45.0200 1652 C:\Windows\System32\winnsi.dll - ok
09:59:45.0205 1652 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
09:59:45.0205 1652 C:\Windows\System32\bcrypt.dll - ok
09:59:45.0211 1652 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll
09:59:45.0211 1652 C:\Windows\System32\dot3svc.dll - ok
09:59:45.0217 1652 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
09:59:45.0217 1652 C:\Windows\System32\winlogon.exe - ok
09:59:45.0222 1652 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll
09:59:45.0222 1652 C:\Windows\System32\dps.dll - ok
09:59:45.0228 1652 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
09:59:45.0228 1652 C:\Windows\System32\credssp.dll - ok
09:59:45.0234 1652 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
09:59:45.0234 1652 C:\Windows\System32\msprivs.dll - ok
09:59:45.0239 1652 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
09:59:45.0239 1652 C:\Windows\System32\winsta.dll - ok
09:59:45.0245 1652 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll
09:59:45.0245 1652 C:\Windows\System32\eapsvc.dll - ok
09:59:45.0250 1652 [ 9BE3744D295A7701EB425332014F0797 ] C:\Windows\ehome\ehrecvr.exe
09:59:45.0250 1652 C:\Windows\ehome\ehrecvr.exe - ok
09:59:45.0255 1652 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
09:59:45.0256 1652 C:\Windows\System32\kerberos.dll - ok
09:59:45.0262 1652 [ AD1870C8E5D6DD340C829E6074BF3C3F ] C:\Windows\ehome\ehsched.exe
09:59:45.0262 1652 C:\Windows\ehome\ehsched.exe - ok
09:59:45.0267 1652 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll
09:59:45.0267 1652 C:\Windows\System32\nlasvc.dll - ok
09:59:45.0272 1652 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] C:\Windows\ehome\ehstart.dll
09:59:45.0272 1652 C:\Windows\ehome\ehstart.dll - ok
09:59:45.0278 1652 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll
09:59:45.0278 1652 C:\Windows\System32\emdmgmt.dll - ok
09:59:45.0283 1652 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
09:59:45.0283 1652 C:\Windows\System32\mswsock.dll - ok
09:59:45.0289 1652 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
09:59:45.0289 1652 C:\Windows\System32\NapiNSP.dll - ok
09:59:45.0295 1652 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
09:59:45.0295 1652 C:\Windows\System32\pnrpnsp.dll - ok
09:59:45.0300 1652 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
09:59:45.0300 1652 C:\Windows\System32\WSHTCPIP.DLL - ok
09:59:45.0305 1652 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
09:59:45.0305 1652 C:\Windows\System32\msv1_0.dll - ok
09:59:45.0311 1652 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll
09:59:45.0311 1652 C:\Windows\System32\netlogon.dll - ok
09:59:45.0316 1652 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
09:59:45.0316 1652 C:\Windows\System32\wship6.dll - ok
09:59:45.0321 1652 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
09:59:45.0322 1652 C:\Windows\System32\winbrand.dll - ok
09:59:45.0327 1652 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
09:59:45.0327 1652 C:\Windows\System32\schannel.dll - ok
09:59:45.0333 1652 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
09:59:45.0333 1652 C:\Windows\System32\wdigest.dll - ok
09:59:45.0338 1652 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
09:59:45.0338 1652 C:\Windows\System32\wevtsvc.dll - ok
09:59:45.0344 1652 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll
09:59:45.0344 1652 C:\Windows\System32\fdPHost.dll - ok

09:59:45.0349 1652 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll
09:59:45.0349 1652 C:\Windows\System32\FDResPub.dll - ok
09:59:45.0354 1652 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
09:59:45.0354 1652 C:\Windows\System32\rsaenh.dll - ok
09:59:45.0361 1652 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll
09:59:45.0361 1652 C:\Windows\System32\FntCache.dll - ok
09:59:45.0365 1652 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
09:59:45.0365 1652 C:\Windows\System32\gpapi.dll - ok
09:59:45.0370 1652 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
09:59:45.0370 1652 C:\Windows\System32\TSpkg.dll - ok
09:59:45.0378 1652 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe
09:59:45.0378 1652 C:\Windows\System32\PresentationHost.exe - ok
09:59:45.0381 1652 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll
09:59:45.0381 1652 C:\Windows\System32\hidserv.dll - ok
09:59:45.0386 1652 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL
09:59:45.0386 1652 C:\Windows\System32\KMSVC.DLL - ok
09:59:45.0394 1652 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
09:59:45.0394 1652 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
09:59:45.0398 1652 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL
09:59:45.0398 1652 C:\Windows\System32\IKEEXT.DLL - ok
09:59:45.0403 1652 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
09:59:45.0403 1652 C:\Windows\System32\IPBusEnum.dll - ok
09:59:45.0412 1652 [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll
09:59:45.0412 1652 C:\Windows\System32\iphlpsvc.dll - ok
09:59:45.0415 1652 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] C:\Windows\System32\irmon.dll
09:59:45.0415 1652 C:\Windows\System32\irmon.dll - ok
09:59:45.0420 1652 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll
09:59:45.0420 1652 C:\Windows\System32\keyiso.dll - ok
09:59:45.0425 1652 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll
09:59:45.0425 1652 C:\Windows\System32\srvsvc.dll - ok
09:59:45.0430 1652 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll
09:59:45.0431 1652 C:\Windows\System32\wkssvc.dll - ok
09:59:45.0435 1652 [ 132F6237FA3BF3E9715F63A1CCF72BF1 ] C:\Windows\ehome\ehres.dll
09:59:45.0436 1652 C:\Windows\ehome\ehres.dll - ok
09:59:45.0440 1652 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll
09:59:45.0441 1652 C:\Windows\System32\lltdres.dll - ok
09:59:45.0447 1652 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll
09:59:45.0447 1652 C:\Windows\System32\lmhsvc.dll - ok
09:59:45.0452 1652 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
09:59:45.0452 1652 C:\Windows\System32\FirewallAPI.dll - ok
09:59:45.0457 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll
09:59:45.0457 1652 C:\Windows\System32\mmcss.dll - ok
09:59:45.0463 1652 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll
09:59:45.0463 1652 C:\Windows\System32\iscsidsc.dll - ok
09:59:45.0469 1652 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll
09:59:45.0469 1652 C:\Windows\System32\msimsg.dll - ok
09:59:45.0474 1652 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL
09:59:45.0474 1652 C:\Windows\System32\QAGENTRT.DLL - ok
09:59:45.0481 1652 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll
09:59:45.0481 1652 C:\Windows\System32\netman.dll - ok
09:59:45.0486 1652 [ 4EF5DF1B011B05737ECB8F0B7B171510 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
09:59:45.0486 1652 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll - ok
09:59:45.0491 1652 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll
09:59:45.0492 1652 C:\Windows\System32\netprof.dll - ok
09:59:45.0498 1652 [ CA461A203EF40A98C1C23DE3CBEE68B2 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
09:59:45.0498 1652 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
09:59:45.0503 1652 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll
09:59:45.0503 1652 C:\Windows\System32\nsisvc.dll - ok
09:59:45.0508 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll
09:59:45.0508 1652 C:\Windows\System32\p2psvc.dll - ok
09:59:45.0514 1652 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll
09:59:45.0515 1652 C:\Windows\System32\pcasvc.dll - ok
09:59:45.0520 1652 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll
09:59:45.0520 1652 C:\Windows\System32\pla.dll - ok
09:59:45.0525 1652 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll
09:59:45.0525 1652 C:\Windows\System32\polstore.dll - ok
09:59:45.0531 1652 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
09:59:45.0531 1652 C:\Windows\System32\profsvc.dll - ok
09:59:45.0536 1652 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
09:59:45.0536 1652 C:\Windows\System32\umpnpmgr.dll - ok
09:59:45.0541 1652 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll
09:59:45.0541 1652 C:\Windows\System32\psbase.dll - ok
09:59:45.0547 1652 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll
09:59:45.0547 1652 C:\Windows\System32\qwave.dll - ok
09:59:45.0552 1652 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
09:59:45.0552 1652 C:\Windows\System32\drivers\qwavedrv.sys - ok
09:59:45.0558 1652 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll
09:59:45.0558 1652 C:\Windows\System32\rasauto.dll - ok
09:59:45.0564 1652 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll
09:59:45.0564 1652 C:\Windows\System32\rasmans.dll - ok
09:59:45.0570 1652 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll
09:59:45.0570 1652 C:\Windows\System32\mprdim.dll - ok
09:59:45.0579 1652 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll
09:59:45.0579 1652 C:\Windows\System32\regsvc.dll - ok
09:59:45.0583 1652 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
09:59:45.0583 1652 C:\Windows\System32\sstpsvc.dll - ok
09:59:45.0589 1652 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe
09:59:45.0589 1652 C:\Windows\System32\Locator.exe - ok
09:59:45.0595 1652 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll
09:59:45.0595 1652 C:\Windows\System32\SCardSvr.dll - ok
09:59:45.0599 1652 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
09:59:45.0599 1652 C:\Windows\System32\schedsvc.dll - ok
09:59:45.0604 1652 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll
09:59:45.0604 1652 C:\Windows\System32\sdrsvc.dll - ok
09:59:45.0613 1652 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll
09:59:45.0613 1652 C:\Windows\System32\seclogon.dll - ok
09:59:45.0616 1652 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll
09:59:45.0616 1652 C:\Windows\System32\Sens.dll - ok
09:59:45.0621 1652 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll
09:59:45.0621 1652 C:\Windows\System32\SessEnv.dll - ok
09:59:45.0626 1652 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll
09:59:45.0626 1652 C:\Windows\System32\ipnathlp.dll - ok
09:59:45.0632 1652 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll
09:59:45.0632 1652 C:\Windows\System32\shsvcs.dll - ok
09:59:45.0637 1652 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
09:59:45.0637 1652 C:\Windows\System32\SLsvc.exe - ok
09:59:45.0642 1652 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll
09:59:45.0642 1652 C:\Windows\System32\SLUINotify.dll - ok
09:59:45.0648 1652 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
09:59:45.0648 1652 C:\Windows\System32\tcpipcfg.dll - ok
09:59:45.0654 1652 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe
09:59:45.0654 1652 C:\Windows\System32\snmptrap.exe - ok
09:59:45.0659 1652 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe
09:59:45.0659 1652 C:\Windows\System32\spoolsv.exe - ok
09:59:45.0665 1652 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll
09:59:45.0665 1652 C:\Windows\System32\ssdpsrv.dll - ok
09:59:45.0670 1652 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll
09:59:45.0670 1652 C:\Windows\System32\wiaservc.dll - ok
09:59:45.0676 1652 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll
09:59:45.0676 1652 C:\Windows\System32\swprv.dll - ok
09:59:45.0681 1652 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll
09:59:45.0682 1652 C:\Windows\System32\sysmain.dll - ok
09:59:45.0687 1652 [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll
09:59:45.0687 1652 C:\Windows\System32\TabSvc.dll - ok
09:59:45.0692 1652 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll
09:59:45.0692 1652 C:\Windows\System32\tapisrv.dll - ok
09:59:45.0698 1652 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll
09:59:45.0698 1652 C:\Windows\System32\tbssvc.dll - ok
09:59:45.0703 1652 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll
09:59:45.0703 1652 C:\Windows\System32\termsrv.dll - ok
09:59:45.0708 1652 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe
09:59:45.0709 1652 C:\Windows\servicing\TrustedInstaller.exe - ok
09:59:45.0715 1652 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll
09:59:45.0715 1652 C:\Windows\System32\trkwks.dll - ok
09:59:45.0720 1652 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe
09:59:45.0720 1652 C:\Windows\System32\UI0Detect.exe - ok
09:59:45.0726 1652 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe
09:59:45.0726 1652 C:\Windows\System32\dwm.exe - ok
09:59:45.0732 1652 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll
09:59:45.0732 1652 C:\Windows\System32\upnphost.dll - ok
09:59:45.0737 1652 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe
09:59:45.0737 1652 C:\Windows\System32\vds.exe - ok
09:59:45.0742 1652 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe
09:59:45.0742 1652 C:\Windows\System32\VSSVC.exe - ok
09:59:45.0748 1652 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll
09:59:45.0748 1652 C:\Windows\System32\w32time.dll - ok
09:59:45.0753 1652 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll
09:59:45.0754 1652 C:\Windows\System32\wcncsvc.dll - ok
09:59:45.0758 1652 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll
09:59:45.0759 1652 C:\Windows\System32\WcsPlugInService.dll - ok
09:59:45.0765 1652 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] C:\Windows\System32\drivers\Wdf01000.sys
09:59:45.0765 1652 C:\Windows\System32\drivers\Wdf01000.sys - ok
09:59:45.0770 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll
09:59:45.0770 1652 C:\Windows\System32\wdi.dll - ok
09:59:45.0775 1652 [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll
09:59:45.0775 1652 C:\Windows\System32\WebClnt.dll - ok
09:59:45.0781 1652 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll
09:59:45.0782 1652 C:\Windows\System32\wecsvc.dll - ok
09:59:45.0787 1652 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll
09:59:45.0787 1652 C:\Windows\System32\wercplsupport.dll - ok
09:59:45.0792 1652 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll
09:59:45.0792 1652 C:\Windows\System32\wersvc.dll - ok
09:59:45.0798 1652 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll
09:59:45.0799 1652 C:\Windows\System32\wbem\WMIsvc.dll - ok
09:59:45.0804 1652 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll
09:59:45.0804 1652 C:\Windows\System32\winhttp.dll - ok
09:59:45.0809 1652 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll
09:59:45.0809 1652 C:\Windows\System32\WsmSvc.dll - ok
09:59:45.0814 1652 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll
09:59:45.0814 1652 C:\Windows\System32\wlansvc.dll - ok
09:59:45.0819 1652 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe
09:59:45.0820 1652 C:\Windows\System32\wbem\WmiApSrv.exe - ok
09:59:45.0825 1652 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:45.0825 1652 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
09:59:45.0831 1652 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll
09:59:45.0831 1652 C:\Windows\System32\wpcsvc.dll - ok
09:59:45.0836 1652 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:59:45.0836 1652 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
09:59:45.0842 1652 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll
09:59:45.0842 1652 C:\Windows\System32\wpdbusenum.dll - ok
09:59:45.0848 1652 [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe
09:59:45.0848 1652 C:\Windows\System32\SearchIndexer.exe - ok
09:59:45.0851 1652 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll
09:59:45.0851 1652 C:\Windows\System32\wscsvc.dll - ok
09:59:45.0856 1652 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
09:59:45.0856 1652 C:\Windows\System32\wuaueng.dll - ok
09:59:45.0864 1652 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
09:59:45.0864 1652 C:\Windows\System32\drivers\WUDFPf.sys - ok
09:59:45.0868 1652 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
09:59:45.0868 1652 C:\Windows\System32\WUDFSvc.dll - ok
09:59:45.0873 1652 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
09:59:45.0873 1652 C:\Windows\System32\scecli.dll - ok
09:59:45.0881 1652 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll
09:59:45.0881 1652 C:\Windows\System32\ntmarta.dll - ok
09:59:45.0884 1652 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
09:59:45.0884 1652 C:\Windows\System32\svchost.exe - ok
09:59:45.0889 1652 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
09:59:45.0889 1652 C:\Windows\System32\powrprof.dll - ok
09:59:45.0895 1652 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
09:59:45.0898 1652 C:\Windows\System32\drivers\luafv.sys - ok
09:59:45.0901 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
09:59:45.0901 1652 C:\Windows\System32\rpcss.dll - ok
09:59:45.0906 1652 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
09:59:45.0906 1652 C:\Windows\System32\version.dll - ok
09:59:45.0912 1652 [ 9AC7F31404F784753C4C04296E48CFAB ] C:\Program Files\Microsoft Security Client\MpSvc.dll
09:59:45.0912 1652 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
09:59:45.0918 1652 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:59:45.0918 1652 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
09:59:45.0923 1652 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
09:59:45.0923 1652 C:\Windows\System32\LogonUI.exe - ok
09:59:45.0928 1652 [ 84204FDA617A3611D510A1DCBAE64004 ] C:\Program Files\Microsoft Security Client\MpClient.dll
09:59:45.0931 1652 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
09:59:45.0935 1652 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
09:59:45.0935 1652 C:\Windows\System32\wtsapi32.dll - ok
09:59:45.0940 1652 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
09:59:45.0940 1652 C:\Windows\System32\authui.dll - ok
09:59:45.0945 1652 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\System32\wintrust.dll
09:59:45.0945 1652 C:\Windows\System32\wintrust.dll - ok
09:59:45.0951 1652 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
09:59:45.0951 1652 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
09:59:45.0956 1652 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
09:59:45.0957 1652 C:\Windows\System32\msimg32.dll - ok
09:59:45.0965 1652 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
09:59:45.0965 1652 C:\Windows\System32\uxtheme.dll - ok
09:59:45.0969 1652 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
09:59:45.0969 1652 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
09:59:45.0975 1652 [ 0DBEE38060475A4C3E04D3B908AEC0B9 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
09:59:45.0975 1652 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
09:59:45.0982 1652 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
09:59:45.0982 1652 C:\Windows\System32\duser.dll - ok
09:59:45.0986 1652 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
09:59:45.0986 1652 C:\Windows\System32\xmllite.dll - ok
09:59:45.0991 1652 [ 33E12569EB608918A4C45FEFA636A111 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtwCP.dll
09:59:45.0991 1652 C:\Program Files\WIDCOMM\Bluetooth Software\BtwCP.dll - ok
09:59:45.0999 1652 [ 7C29BC74635524E13FAA556A5FD48968 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
09:59:45.0999 1652 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
09:59:46.0003 1652 [ A9542FF2E9A82CF100E5729EC79068F0 ] C:\Windows\System32\fltLib.dll
09:59:46.0003 1652 C:\Windows\System32\fltLib.dll - ok
09:59:46.0009 1652 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv
09:59:46.0009 1652 C:\Windows\System32\winspool.drv - ok
09:59:46.0015 1652 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll
09:59:46.0015 1652 C:\Windows\System32\hid.dll - ok
09:59:46.0020 1652 [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\Windows\System32\bthprops.cpl
09:59:46.0021 1652 C:\Windows\System32\bthprops.cpl - ok
09:59:46.0028 1652 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
09:59:46.0028 1652 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
09:59:46.0035 1652 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
09:59:46.0035 1652 C:\Windows\System32\rasplap.dll - ok
09:59:46.0041 1652 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
09:59:46.0041 1652 C:\Windows\System32\rasapi32.dll - ok
09:59:46.0049 1652 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
09:59:46.0049 1652 C:\Windows\System32\rasman.dll - ok
09:59:46.0055 1652 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
09:59:46.0055 1652 C:\Windows\System32\tapi32.dll - ok
09:59:46.0062 1652 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
09:59:46.0062 1652 C:\Windows\System32\rtutils.dll - ok
09:59:46.0068 1652 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
09:59:46.0069 1652 C:\Windows\System32\winmm.dll - ok
09:59:46.0074 1652 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
09:59:46.0074 1652 C:\Windows\System32\oleacc.dll - ok
09:59:46.0079 1652 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll
09:59:46.0079 1652 C:\Windows\System32\WinSCard.dll - ok
09:59:46.0086 1652 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll
09:59:46.0086 1652 C:\Windows\System32\MMDevAPI.dll - ok
09:59:46.0091 1652 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll
09:59:46.0091 1652 C:\Windows\System32\avrt.dll - ok
09:59:46.0099 1652 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll
09:59:46.0099 1652 C:\Windows\System32\shgina.dll - ok
09:59:46.0103 1652 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll
09:59:46.0103 1652 C:\Windows\System32\adtschema.dll - ok
09:59:46.0106 1652 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll
09:59:46.0106 1652 C:\Windows\System32\propsys.dll - ok
09:59:46.0111 1652 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll
09:59:46.0111 1652 C:\Windows\System32\shacct.dll - ok
09:59:46.0118 1652 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll
09:59:46.0118 1652 C:\Windows\System32\cabinet.dll - ok
09:59:46.0123 1652 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe
09:59:46.0123 1652 C:\Windows\System32\audiodg.exe - ok
09:59:46.0128 1652 [ 70C6489D56008D75DEDF73226FA63C11 ] C:\Windows\System32\dimsjob.dll
09:59:46.0128 1652 C:\Windows\System32\dimsjob.dll - ok
09:59:46.0134 1652 [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
09:59:46.0134 1652 C:\Windows\System32\WUDFPlatform.dll - ok
09:59:46.0139 1652 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv
09:59:46.0139 1652 C:\Windows\System32\wdmaud.drv - ok
09:59:46.0144 1652 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll
09:59:46.0144 1652 C:\Windows\System32\atl.dll - ok
09:59:46.0150 1652 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll
09:59:46.0150 1652 C:\Windows\System32\gpsvc.dll - ok
09:59:46.0156 1652 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll
09:59:46.0156 1652 C:\Windows\System32\nlaapi.dll - ok
09:59:46.0162 1652 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys
09:59:46.0162 1652 C:\Windows\System32\drivers\spsys.sys - ok
09:59:46.0168 1652 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll
09:59:46.0168 1652 C:\Windows\System32\es.dll - ok
09:59:46.0173 1652 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll
09:59:46.0173 1652 C:\Windows\System32\ksuser.dll - ok
09:59:46.0178 1652 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll
09:59:46.0178 1652 C:\Windows\System32\AudioEng.dll - ok
09:59:46.0184 1652 [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll
09:59:46.0185 1652 C:\Windows\System32\AudioSes.dll - ok
09:59:46.0190 1652 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll
09:59:46.0190 1652 C:\Windows\System32\uxsms.dll - ok
09:59:46.0195 1652 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll
09:59:46.0195 1652 C:\Windows\System32\WindowsCodecs.dll - ok
09:59:46.0201 1652 [ 00A0231FCA55C815853B957767E34B02 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
09:59:46.0201 1652 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
09:59:46.0207 1652 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] C:\Windows\System32\drivers\MpFilter.sys
09:59:46.0207 1652 C:\Windows\System32\drivers\MpFilter.sys - ok
09:59:46.0212 1652 [ 2EF4E53ACB0DF0B34091335BB26C2BC2 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
09:59:46.0212 1652 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
09:59:46.0219 1652 [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll
09:59:46.0219 1652 C:\Windows\System32\midimap.dll - ok
09:59:46.0224 1652 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll
09:59:46.0224 1652 C:\Windows\System32\msacm32.dll - ok
09:59:46.0229 1652 [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv
09:59:46.0229 1652 C:\Windows\System32\msacm32.drv - ok
09:59:46.0236 1652 [ 5877DF36731CC605FCE34D8F32F80638 ] C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll
09:59:46.0236 1652 C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll - ok
09:59:46.0241 1652 [ 296937202E4D930AAE98085B99D744D8 ] C:\Windows\System32\AUDIOKSE.dll
09:59:46.0241 1652 C:\Windows\System32\AUDIOKSE.dll - ok
09:59:46.0246 1652 [ C506EAF571A0A86168EB4BFD07E33CE3 ] C:\Windows\System32\RtkAPO.dll
09:59:46.0247 1652 C:\Windows\System32\RtkAPO.dll - ok
09:59:46.0252 1652 [ E50A95179211B12946F7E035D60AF560 ] C:\Windows\System32\drivers\irda.sys
09:59:46.0252 1652 C:\Windows\System32\drivers\irda.sys - ok
09:59:46.0258 1652 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys
09:59:46.0258 1652 C:\Windows\System32\drivers\lltdio.sys - ok
09:59:46.0263 1652 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] C:\Windows\System32\drivers\nwifi.sys
09:59:46.0263 1652 C:\Windows\System32\drivers\nwifi.sys - ok
09:59:46.0269 1652 [ D6973AA34C4D5D76C0430B181C3CD389 ] C:\Windows\System32\drivers\ndisuio.sys
09:59:46.0270 1652 C:\Windows\System32\drivers\ndisuio.sys - ok
09:59:46.0275 1652 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys
09:59:46.0275 1652 C:\Windows\System32\drivers\rspndr.sys - ok
09:59:46.0280 1652 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll
09:59:46.0280 1652 C:\Windows\System32\dnsrslvr.dll - ok
09:59:46.0289 1652 [ 3AB4023CBD406AC33AB8CDFF6C8079A0 ] C:\Windows\System32\eapphost.dll
09:59:46.0289 1652 C:\Windows\System32\eapphost.dll - ok
09:59:46.0293 1652 [ E9D1EF681E0F3B95C9B5FD648FA95371 ] C:\Windows\System32\wshirda.dll
09:59:46.0293 1652 C:\Windows\System32\wshirda.dll - ok
09:59:46.0301 1652 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll
09:59:46.0301 1652 C:\Windows\System32\WMALFXGFXDSP.dll - ok
09:59:46.0305 1652 [ 6B2609E5DB23E05E86290F6054117C56 ] C:\Program Files\Cisco\Cisco LEAP Module\CiscoEapLeap.dll
09:59:46.0305 1652 C:\Program Files\Cisco\Cisco LEAP Module\CiscoEapLeap.dll - ok
09:59:46.0310 1652 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll
09:59:46.0311 1652 C:\Windows\System32\mfplat.dll - ok
09:59:46.0317 1652 [ C5C72A7CD3F547B0B0D3D542E69F670A ] C:\Program Files\Cisco\Cisco PEAP Module\CiscoEapPeap.dll
09:59:46.0317 1652 C:\Program Files\Cisco\Cisco PEAP Module\CiscoEapPeap.dll - ok
09:59:46.0323 1652 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
09:59:46.0323 1652 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
09:59:46.0328 1652 [ DAF473A146A3D77B4E26C1F809997329 ] C:\Program Files\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll
09:59:46.0328 1652 C:\Program Files\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll - ok
09:59:46.0335 1652 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
09:59:46.0335 1652 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
09:59:46.0341 1652 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
09:59:46.0341 1652 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
09:59:46.0346 1652 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll
09:59:46.0346 1652 C:\Windows\System32\rastls.dll - ok
09:59:46.0352 1652 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll
09:59:46.0352 1652 C:\Windows\System32\raschap.dll - ok
09:59:46.0355 1652 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll
09:59:46.0355 1652 C:\Windows\System32\umb.dll - ok
09:59:46.0360 1652 [ 3727F8B85E24BBDD325BFF75F029DDE3 ] C:\Windows\System32\wlanmsm.dll
09:59:46.0361 1652 C:\Windows\System32\wlanmsm.dll - ok
09:59:46.0367 1652 [ 4662AF853DFAD5648CE3814E7D9EF3D6 ] C:\Windows\System32\wlansec.dll
09:59:46.0368 1652 C:\Windows\System32\wlansec.dll - ok
09:59:46.0372 1652 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll
09:59:46.0372 1652 C:\Windows\System32\onex.dll - ok
09:59:46.0377 1652 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll
09:59:46.0377 1652 C:\Windows\System32\eappprxy.dll - ok
09:59:46.0384 1652 [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED2208F1-3EAB-4D81-B5E2-33E5E3A805DF}\mpengine.dll
09:59:46.0384 1652 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED2208F1-3EAB-4D81-B5E2-33E5E3A805DF}\mpengine.dll - ok
09:59:46.0389 1652 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll
09:59:46.0390 1652 C:\Windows\System32\eappcfg.dll - ok
09:59:46.0394 1652 [ 91D995A67D9447592A1BF21CBC15C628 ] C:\Windows\System32\wlgpclnt.dll
09:59:46.0395 1652 C:\Windows\System32\wlgpclnt.dll - ok
09:59:46.0401 1652 [ 19FFAD68A02AF1BF0BC336EE26CD6767 ] C:\Windows\System32\l2gpstore.dll
09:59:46.0401 1652 C:\Windows\System32\l2gpstore.dll - ok
09:59:46.0406 1652 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll
09:59:46.0407 1652 C:\Windows\System32\wlanutil.dll - ok
09:59:46.0412 1652 [ 0296DAEB5555A248E8ABF7E5012A37A6 ] C:\Windows\System32\msxml6.dll
09:59:46.0412 1652 C:\Windows\System32\msxml6.dll - ok
09:59:46.0419 1652 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
09:59:46.0419 1652 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
09:59:46.0424 1652 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll
09:59:46.0424 1652 C:\Windows\System32\ktmw32.dll - ok
09:59:46.0429 1652 [ 23C3A0680042C0D1DE1F360F8B62BC57 ] C:\Windows\System32\wlanext.exe
09:59:46.0429 1652 C:\Windows\System32\wlanext.exe - ok
09:59:46.0436 1652 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll
09:59:46.0436 1652 C:\Windows\System32\taskcomp.dll - ok
09:59:46.0441 1652 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll
09:59:46.0441 1652 C:\Windows\System32\wiarpc.dll - ok
09:59:46.0446 1652 [ F870AA3E254628EBEAFE754108D664DE ] C:\Windows\System32\drivers\http.sys
09:59:46.0446 1652 C:\Windows\System32\drivers\http.sys - ok
09:59:46.0453 1652 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys
09:59:46.0453 1652 C:\Windows\System32\drivers\fltMgr.sys - ok
09:59:46.0458 1652 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL
09:59:46.0458 1652 C:\Windows\System32\PSHED.DLL - ok
09:59:46.0463 1652 [ 73744884331EC83DA4903563170D4C87 ] C:\Windows\System32\iwmssvc.dll
09:59:46.0463 1652 C:\Windows\System32\iwmssvc.dll - ok
09:59:46.0469 1652 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll
09:59:46.0469 1652 C:\Windows\System32\wlanapi.dll - ok
09:59:46.0474 1652 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll
09:59:46.0474 1652 C:\Windows\System32\spoolss.dll - ok
09:59:46.0479 1652 [ C56EE8C650CBB70A20A3B2E3DF3FE996 ] C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll
09:59:46.0480 1652 C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll - ok
09:59:46.0486 1652 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys
09:59:46.0486 1652 C:\Windows\System32\drivers\srvnet.sys - ok
09:59:46.0492 1652 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll
09:59:46.0492 1652 C:\Windows\System32\wsock32.dll - ok
09:59:46.0497 1652 [ F4A25C9AC9871517583C9ABCC9875120 ] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
09:59:46.0497 1652 C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll - ok
09:59:46.0504 1652 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL
09:59:46.0504 1652 C:\Windows\System32\FWPUCLNT.DLL - ok
09:59:46.0509 1652 [ 7ECD5FC8A9DECA9FF2AEC0E5017E0ED5 ] C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll
09:59:46.0509 1652 C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll - ok
09:59:46.0515 1652 [ 998477DE2D9A16098316A72A56683942 ] C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\ccxplugin.dll
09:59:46.0515 1652 C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\ccxplugin.dll - ok
09:59:46.0522 1652 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll
09:59:46.0522 1652 C:\Windows\System32\p2pcollab.dll - ok
09:59:46.0527 1652 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys
09:59:46.0527 1652 C:\Windows\System32\drivers\bowser.sys - ok
09:59:46.0535 1652 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys
09:59:46.0536 1652 C:\Windows\System32\drivers\mpsdrv.sys - ok
09:59:46.0539 1652 [ 82CEA0395524AACFEB58BA1448E8325C ] C:\Windows\System32\drivers\mrxdav.sys
09:59:46.0539 1652 C:\Windows\System32\drivers\mrxdav.sys - ok
09:59:46.0544 1652 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys
09:59:46.0544 1652 C:\Windows\System32\drivers\mrxsmb.sys - ok
09:59:46.0552 1652 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll
09:59:46.0552 1652 C:\Windows\System32\MPSSVC.dll - ok
09:59:46.0556 1652 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll
09:59:46.0556 1652 C:\Windows\System32\wfapigp.dll - ok
09:59:46.0561 1652 [ 9C9388C22E6C1367E1513926EF51EFF7 ] C:\Program Files\Common Files\System\ado\msado15.dll
09:59:46.0561 1652 C:\Program Files\Common Files\System\ado\msado15.dll - ok
09:59:46.0569 1652 [ 554ED6988E44FDF18941429E8B2CB652 ] C:\Windows\System32\msdart.dll
09:59:46.0569 1652 C:\Windows\System32\msdart.dll - ok
09:59:46.0573 1652 [ 951F36219C7384C6ED6C9F44D45C5235 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
09:59:46.0573 1652 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
09:59:46.0579 1652 [ 892125B60BA6C2A66F485A89C4A6B918 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
09:59:46.0579 1652 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
09:59:46.0585 1652 [ 95A5497D129D95D12A46F7848AFFE1DB ] C:\Windows\System32\comsvcs.dll
09:59:46.0585 1652 C:\Windows\System32\comsvcs.dll - ok
09:59:46.0591 1652 [ 2B13E9849ACC136E65AAE5ACC6A89826 ] C:\Program Files\Common Files\System\Ole DB\msdasql.dll
09:59:46.0591 1652 C:\Program Files\Common Files\System\Ole DB\msdasql.dll - ok
09:59:46.0596 1652 [ C3D821190C04C6782B65CDF00896A7B0 ] C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
09:59:46.0597 1652 C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - ok
09:59:46.0603 1652 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys
09:59:46.0603 1652 C:\Windows\System32\drivers\mrxsmb10.sys - ok
09:59:46.0606 1652 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys
09:59:46.0606 1652 C:\Windows\System32\drivers\mrxsmb20.sys - ok
09:59:46.0612 1652 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys
09:59:46.0612 1652 C:\Windows\System32\drivers\srv2.sys - ok
09:59:46.0618 1652 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys
09:59:46.0618 1652 C:\Windows\System32\drivers\srv.sys - ok
09:59:46.0624 1652 [ 862363973DCBCC31DD161EF41A69153C ] C:\Windows\System32\odbc32.dll
09:59:46.0624 1652 C:\Windows\System32\odbc32.dll - ok
09:59:46.0629 1652 [ FC5372FD2DEB28E847C8394C58BC76FA ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
09:59:46.0629 1652 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
09:59:46.0636 1652 [ 0DAAF8032546D1B4543D7B101B53FD6C ] C:\Windows\System32\odbcint.dll
09:59:46.0636 1652 C:\Windows\System32\odbcint.dll - ok
09:59:46.0641 1652 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll
09:59:46.0641 1652 C:\Windows\System32\wscapi.dll - ok
09:59:46.0646 1652 [ 3E2F2CD837734A0577C9E392D7E73886 ] C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
09:59:46.0647 1652 C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - ok
09:59:46.0653 1652 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll
09:59:46.0653 1652 C:\Windows\System32\netmsg.dll - ok
09:59:46.0658 1652 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll
09:59:46.0658 1652 C:\Windows\System32\sscore.dll - ok
09:59:46.0663 1652 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll
09:59:46.0663 1652 C:\Windows\System32\clusapi.dll - ok
09:59:46.0670 1652 [ AA9AF23BD99F81784AF0C8F1EF4702AD ] C:\Windows\System32\odbcjt32.dll
09:59:46.0670 1652 C:\Windows\System32\odbcjt32.dll - ok
09:59:46.0674 1652 [ 7CE1E4240F9FA41EE85683B9EEAB8767 ] C:\Windows\System32\msjet40.dll
09:59:46.0674 1652 C:\Windows\System32\msjet40.dll - ok
09:59:46.0680 1652 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll
09:59:46.0680 1652 C:\Windows\System32\activeds.dll - ok
09:59:46.0686 1652 [ E0B787702BAF0CF4CEDF8F61B71F8383 ] C:\Windows\System32\mswstr10.dll
09:59:46.0686 1652 C:\Windows\System32\mswstr10.dll - ok
09:59:46.0691 1652 [ DA5599911D138F6A2B471B3A60478022 ] C:\Windows\System32\odbcji32.dll
09:59:46.0691 1652 C:\Windows\System32\odbcji32.dll - ok
09:59:46.0696 1652 [ 534FD777CB2684392411CE7BCBBDF78E ] C:\Windows\System32\msjter40.dll
09:59:46.0696 1652 C:\Windows\System32\msjter40.dll - ok
09:59:46.0703 1652 [ 9371540C7231BC156501AB933F269762 ] C:\Windows\System32\msjint40.dll
09:59:46.0703 1652 C:\Windows\System32\msjint40.dll - ok
09:59:46.0708 1652 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll
09:59:46.0708 1652 C:\Windows\System32\adsldpc.dll - ok
09:59:46.0713 1652 [ A1B46928E107D770053E6B4D248298A5 ] C:\Windows\System32\odbccp32.dll
09:59:46.0713 1652 C:\Windows\System32\odbccp32.dll - ok
09:59:46.0718 1652 [ D4DAA80B44A6C904D87A79CCD10FF911 ] C:\Program Files\Common Files\System\msadc\msadce.dll
09:59:46.0718 1652 C:\Program Files\Common Files\System\msadc\msadce.dll - ok
09:59:46.0724 1652 [ 9E064B07B1625BFF18393917519A73CD ] C:\Program Files\Common Files\System\msadc\msadcer.dll
09:59:46.0724 1652 C:\Program Files\Common Files\System\msadc\msadcer.dll - ok
09:59:46.0729 1652 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll
09:59:46.0729 1652 C:\Windows\System32\credui.dll - ok
09:59:46.0735 1652 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll
09:59:46.0735 1652 C:\Windows\System32\resutils.dll - ok
09:59:46.0741 1652 [ 3B47E60E1012B23873ED2E4A9B4F2310 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
09:59:46.0741 1652 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
09:59:46.0746 1652 [ DA887F28054D78EE8637BEBB924A2DB5 ] C:\Windows\System32\slwga.dll
09:59:46.0747 1652 C:\Windows\System32\slwga.dll - ok
09:59:46.0753 1652 [ 0FA9B5055484649D63C303FE404E5F4D ] C:\Windows\System32\drivers\parport.sys
09:59:46.0753 1652 C:\Windows\System32\drivers\parport.sys - ok
09:59:46.0758 1652 [ B9B98E08EC127900025F42462D3D0A66 ] C:\Program Files\Common Files\Akamai\netsession_win_ce5ba24.dll
09:59:46.0759 1652 C:\Program Files\Common Files\Akamai\netsession_win_ce5ba24.dll - ok
09:59:46.0764 1652 [ 6163664C7E9CD110AF70180C126C3FDC ] C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:59:46.0764 1652 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe - ok
09:59:46.0771 1652 [ B6C870EE321AA8678198EA003DCFBB02 ] C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:59:46.0771 1652 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe - ok
09:59:46.0777 1652 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
09:59:46.0777 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe - ok
09:59:46.0782 1652 [ 476484BEF56043343081EB01F890562C ] C:\Program Files\WIDCOMM\Bluetooth Software\btins.dll
09:59:46.0782 1652 C:\Program Files\WIDCOMM\Bluetooth Software\btins.dll - ok
09:59:46.0789 1652 [ 58C9FA743B5E9D8322B2354DD33F37B4 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
09:59:46.0789 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll - ok
09:59:46.0795 1652 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\msvcp71.dll
09:59:46.0795 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\msvcp71.dll - ok
09:59:46.0800 1652 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll
09:59:46.0800 1652 C:\Windows\System32\msi.dll - ok
09:59:46.0806 1652 [ 295363D4317820AED0D527E15B90A8ED ] C:\Windows\System32\pdh.dll
09:59:46.0806 1652 C:\Windows\System32\pdh.dll - ok
09:59:46.0811 1652 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\msvcr71.dll
09:59:46.0811 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\msvcr71.dll - ok
09:59:46.0816 1652 [ 887CE6170909F28A7E895C7E102C4C14 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Locator.dll
09:59:46.0816 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Locator.dll - ok
09:59:46.0823 1652 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll
09:59:46.0823 1652 C:\Windows\System32\winrnr.dll - ok
09:59:46.0828 1652 [ EFA80360111D8D179E39E314A49C9ED4 ] C:\Windows\System32\wshbth.dll
09:59:46.0828 1652 C:\Windows\System32\wshbth.dll - ok
09:59:46.0833 1652 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll
09:59:46.0833 1652 C:\Windows\System32\vssapi.dll - ok
09:59:46.0839 1652 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
09:59:46.0839 1652 C:\Program Files\Bonjour\mdnsNSP.dll - ok
09:59:46.0844 1652 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll
09:59:46.0844 1652 C:\Windows\System32\wdscore.dll - ok
09:59:46.0849 1652 [ A51FD9DF23720485991F56741BBEFCFB ] C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
09:59:46.0849 1652 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe - ok
09:59:46.0855 1652 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
09:59:46.0856 1652 C:\Windows\System32\mscoree.dll - ok
09:59:46.0861 1652 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll
09:59:46.0861 1652 C:\Windows\System32\taskschd.dll - ok
09:59:46.0866 1652 [ EEC1FFA99A0FEC839DEB1066F91240C8 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Listor.dll
09:59:46.0866 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Listor.dll - ok
09:59:46.0873 1652 [ 3078D275203445E68E0F403E44075FA0 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
09:59:46.0873 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll - ok
09:59:46.0878 1652 [ C3A1723504CB8ADBE3854BCA9D63C41B ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
09:59:46.0879 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll - ok
09:59:46.0884 1652 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll
09:59:46.0884 1652 C:\Windows\System32\vsstrace.dll - ok
09:59:46.0890 1652 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\System32\cryptnet.dll
09:59:46.0890 1652 C:\Windows\System32\cryptnet.dll - ok
09:59:46.0895 1652 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll
09:59:46.0895 1652 C:\Windows\System32\SensApi.dll - ok
09:59:46.0900 1652 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
09:59:46.0901 1652 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
09:59:46.0907 1652 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll
09:59:46.0907 1652 C:\Windows\System32\cfgmgr32.dll - ok
09:59:46.0912 1652 [ 1462DB81F8D7F08D93F9A4730999DFEF ] C:\Program Files\WIDCOMM\Bluetooth Software\btwprofpack.dll
09:59:46.0913 1652 C:\Program Files\WIDCOMM\Bluetooth Software\btwprofpack.dll - ok
09:59:46.0921 1652 [ 4E289C24E5BEB5FF9CF5B118AB96FDB0 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
09:59:46.0921 1652 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
09:59:46.0925 1652 [ B0D16BC319E37E875C4B491460807051 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
09:59:46.0925 1652 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll - ok
09:59:46.0930 1652 [ 0A990AFB9F2726323D61C8ECB8B70B17 ] C:\Windows\System32\security.dll
09:59:46.0930 1652 C:\Windows\System32\security.dll - ok
09:59:46.0936 1652 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll
09:59:46.0936 1652 C:\Windows\System32\rasadhlp.dll - ok
09:59:46.0942 1652 [ A8E2F76F136A0E664B68A48028D4AF93 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
09:59:46.0942 1652 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
09:59:46.0947 1652 [ 92D1B7E3981A24B8F3093CE42AB31C68 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
09:59:46.0947 1652 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll - ok
09:59:46.0954 1652 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll
09:59:46.0954 1652 C:\Windows\System32\netcfgx.dll - ok
09:59:46.0959 1652 [ 658F19F67FF7A2EA6D5F63540C82F96F ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll
09:59:46.0959 1652 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll - ok
09:59:46.0965 1652 [ CECB7971499C5E84F701AFABDDFFA27C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
09:59:46.0965 1652 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll - ok
09:59:46.0972 1652 [ 1675243221B5C219D0303E09B3DC7309 ] C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3006.0__14bcaafdb44b5951\Framework.Model.Controller.dll
09:59:46.0972 1652 C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3006.0__14bcaafdb44b5951\Framework.Model.Controller.dll - ok
09:59:46.0978 1652 [ 18E538EF29328F21438C62719955792B ] C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
09:59:46.0978 1652 C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll - ok
09:59:46.0983 1652 [ 69138C63116A012541B9ED14D07FE97B ] C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
09:59:46.0983 1652 C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll - ok
09:59:46.0990 1652 [ 92EA6AADC3E331625DFD350A9E93C215 ] C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3006.0__672b450de5a7e94a\Framework.Host.dll
09:59:46.0990 1652 C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3006.0__672b450de5a7e94a\Framework.Host.dll - ok
09:59:46.0996 1652 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] C:\Windows\System32\drivers\int15.sys
09:59:46.0996 1652 C:\Windows\System32\drivers\int15.sys - ok
09:59:47.0001 1652 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll
09:59:47.0001 1652 C:\Windows\System32\WSDApi.dll - ok
09:59:47.0007 1652 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll
09:59:47.0007 1652 C:\Windows\System32\fundisc.dll - ok
09:59:47.0012 1652 [ F86293D93760C70ADF4F19E66E3FA5E8 ] C:\Windows\System32\httpapi.dll
09:59:47.0012 1652 C:\Windows\System32\httpapi.dll - ok
09:59:47.0021 1652 [ D7EB32B51B7472FBEE86BFA47B3C4BC5 ] C:\Program Files\Common Files\LightScribe\LSSProxy.dll
09:59:47.0021 1652 C:\Program Files\Common Files\LightScribe\LSSProxy.dll - ok
09:59:47.0025 1652 [ 793FF718477345CD5D232C50BED1E452 ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:59:47.0025 1652 C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok
09:59:47.0033 1652 [ 0EE266A90D43E82A07CF33755D6DE1CC ] C:\Program Files\Common Files\LightScribe\LSLog.dll
09:59:47.0033 1652 C:\Program Files\Common Files\LightScribe\LSLog.dll - ok
09:59:47.0040 1652 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
09:59:47.0040 1652 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
09:59:47.0047 1652 [ 16486A713FCB44C53A3E200501703633 ] C:\Windows\assembly\GAC_MSIL\Framework.Utility.CommonFunctions\3.0.3006.0__770d2a375f176870\Framework.Utility.CommonFunctions.dll
09:59:47.0047 1652 C:\Windows\assembly\GAC_MSIL\Framework.Utility.CommonFunctions\3.0.3006.0__770d2a375f176870\Framework.Utility.CommonFunctions.dll - ok
09:59:47.0056 1652 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\Windows\System32\drivers\mdmxsdk.sys
09:59:47.0056 1652 C:\Windows\System32\drivers\mdmxsdk.sys - ok
09:59:47.0064 1652 [ 1E1A308F4229FAB0011A0745EE8377AE ] C:\Acer\Mobility Center\MobilityService.exe
09:59:47.0064 1652 C:\Acer\Mobility Center\MobilityService.exe - ok
09:59:47.0071 1652 [ 1D109ED0D660654EA7FF1574558031C4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll
09:59:47.0072 1652 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll - ok
09:59:47.0079 1652 [ CAE6861B19A2A7E5D42FEFC4DFDF5CCF ] C:\Acer\Mobility Center\msvcm80.dll
09:59:47.0079 1652 C:\Acer\Mobility Center\msvcm80.dll - ok
09:59:47.0089 1652 [ C4E343A6EBE21F7B3C5E257FF541D0B1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
09:59:47.0089 1652 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll - ok
09:59:47.0094 1652 [ EC1170EB99A041C80009C0E3432DF8C0 ] C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3006.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
09:59:47.0094 1652 C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3006.0__9ecdf03bb2054f94\Framework.PluginInterface.dll - ok
09:59:47.0099 1652 [ 108C49BB443E08DBE065A66DE758B5BA ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
09:59:47.0099 1652 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll - ok
09:59:47.0106 1652 [ CB76F68BA0D57C5D25B538981B1C611C ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
09:59:47.0106 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe - ok
09:59:47.0109 1652 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll
09:59:47.0109 1652 C:\Windows\System32\ncsi.dll - ok
09:59:47.0115 1652 [ 015731FEAF0D84CE06F2CF4B0E91847F ] C:\Acer\Mobility Center\CompileMOF.exe
09:59:47.0115 1652 C:\Acer\Mobility Center\CompileMOF.exe - ok
09:59:47.0120 1652 [ 828F875A6D2C52EF6D44F9B856209096 ] C:\Acer\Mobility Center\MobilityInterface.dll
09:59:47.0120 1652 C:\Acer\Mobility Center\MobilityInterface.dll - ok
09:59:47.0126 1652 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\msvcp71.dll
09:59:47.0126 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\msvcp71.dll - ok
09:59:47.0132 1652 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll
09:59:47.0132 1652 C:\Windows\System32\ssdpapi.dll - ok
09:59:47.0139 1652 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll
09:59:47.0139 1652 C:\Windows\System32\wbemcomn.dll - ok
09:59:47.0143 1652 [ 3D1ABC78415C78A9BA7F3FC2BB8EDC9A ] C:\Windows\System32\wbem\mofd.dll
09:59:47.0143 1652 C:\Windows\System32\wbem\mofd.dll - ok
09:59:47.0148 1652 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\msvcr71.dll
09:59:47.0149 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\msvcr71.dll - ok
09:59:47.0155 1652 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll
09:59:47.0155 1652 C:\Windows\System32\wbem\wbemprox.dll - ok
09:59:47.0161 1652 [ BCD0B064EEC6A514614819A0591272B6 ] C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
09:59:47.0161 1652 C:\Program Files\Intel\WiFi\bin\iWMSProv.dll - ok
09:59:47.0166 1652 [ 865B77DAE0BF6EEC44D5349B5EB533F3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
09:59:47.0166 1652 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll - ok
09:59:47.0173 1652 [ 7B93C623333F121DC9E689CCB1B7A733 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\MFC71u.dll
09:59:47.0173 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\MFC71u.dll - ok
09:59:47.0178 1652 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll
09:59:47.0178 1652 C:\Windows\System32\msxml3.dll - ok
09:59:47.0183 1652 [ DF1C10A75DF7E50195FC417F88A33227 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
09:59:47.0183 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe - ok
09:59:47.0190 1652 [ 9A051E8626C9898854B117ED9E6958AD ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvcLOC.dll
09:59:47.0190 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvcLOC.dll - ok
09:59:47.0196 1652 [ BCA6B22DF030028309550F994BA2A460 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKaux.dll
09:59:47.0196 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKaux.dll - ok
09:59:47.0201 1652 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys
09:59:47.0201 1652 C:\Windows\System32\drivers\PEAuth.sys - ok
09:59:47.0207 1652 [ BD008468D84FCB21B93F111DCC64FCB4 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Data32.dll
09:59:47.0207 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Data32.dll - ok
09:59:47.0213 1652 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL
09:59:47.0213 1652 C:\Windows\System32\IPSECSVC.DLL - ok
09:59:47.0218 1652 [ FD7E504485E663E075DD8E4C1B4B3DA9 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Cdrw32.dll
09:59:47.0218 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Cdrw32.dll - ok
09:59:47.0225 1652 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll
09:59:47.0225 1652 C:\Windows\System32\FwRemoteSvr.dll - ok
09:59:47.0230 1652 [ 0BF108754E67B1CD2679DDC4DF615F5C ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\CdrMmc32.dll
09:59:47.0230 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\CdrMmc32.dll - ok
09:59:47.0236 1652 [ A66DD6FD702757A812972DB253E973F6 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\CdrwEx32.dll
09:59:47.0236 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\CdrwEx32.dll - ok
09:59:47.0242 1652 [ A7173AD9D627F8986B6B66FDFE856F92 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ImagFile.dll
09:59:47.0243 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ImagFile.dll - ok
09:59:47.0248 1652 [ C1D2C78288E8D14ED66A2C653C624D69 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKAuxLOC.dll
09:59:47.0248 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKAuxLOC.dll - ok
09:59:47.0256 1652 [ C38C663FEAEB99B86BDDF307B47D4F71 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKImage.dll
09:59:47.0256 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKImage.dll - ok
09:59:47.0260 1652 [ E23E7457B857F0B3F2CF00F07A03AB44 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKImageLOC.dll
09:59:47.0260 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKImageLOC.dll - ok
09:59:47.0266 1652 [ 9159D3D60472A5725FEF1C4DDB53D3F4 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Hddrw32.dll
09:59:47.0266 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Hddrw32.dll - ok
09:59:47.0272 1652 [ 7DA507E84F159C2BB98CCE47EE1EFC22 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SCD32.dll
09:59:47.0272 1652 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SCD32.dll - ok
09:59:47.0278 1652 [ A6A7AD767BF5141665F5C675F671B3E1 ] C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:59:47.0278 1652 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe - ok
09:59:47.0283 1652 [ 55AECDDA0ED4A9CA9F4AD97B59D60EAF ] C:\Program Files\Acer\Empowering Technology\ePower\ePowerSrvPlugin.dll
09:59:47.0284 1652 C:\Program Files\Acer\Empowering Technology\ePower\ePowerSrvPlugin.dll - ok
09:59:47.0290 1652 [ 9C7225E2048C479C63E8E483CFB31D2F ] C:\Program Files\Acer\Empowering Technology\ePower\WMIServiceDLL.dll
09:59:47.0290 1652 C:\Program Files\Acer\Empowering Technology\ePower\WMIServiceDLL.dll - ok
09:59:47.0296 1652 [ 0561ED8D8F47AE5A14C9835233B1A81C ] C:\Program Files\Acer\Empowering Technology\ePower\WMIInterface.dll
09:59:47.0296 1652 C:\Program Files\Acer\Empowering Technology\ePower\WMIInterface.dll - ok
09:59:47.0301 1652 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
09:59:47.0302 1652 C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe - ok
09:59:47.0308 1652 [ 7D1A10A1F3562CCA1FD38E9BADA8FEC0 ] C:\Windows\System32\perfos.dll
09:59:47.0308 1652 C:\Windows\System32\perfos.dll - ok
09:59:47.0314 1652 [ B29C1420F5A308F832307520FD1850D6 ] C:\Windows\assembly\GAC_MSIL\Framework.Service.Utility\3.0.3006.0__40d56bd2d2a1d6f8\Framework.Service.Utility.dll
09:59:47.0314 1652 C:\Windows\assembly\GAC_MSIL\Framework.Service.Utility\3.0.3006.0__40d56bd2d2a1d6f8\Framework.Service.Utility.dll - ok
09:59:47.0319 1652 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\System32\msvcr100.dll
09:59:47.0319 1652 C:\Windows\System32\msvcr100.dll - ok
09:59:47.0326 1652 [ 6987DC1DD7A7159752DFB1F6AABAE062 ] C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:59:47.0326 1652 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe - ok
09:59:47.0331 1652 [ 001B4278407F4303EFC902A2B16F2453 ] C:\Windows\System32\drivers\regi.sys
09:59:47.0331 1652 C:\Windows\System32\drivers\regi.sys - ok
09:59:47.0337 1652 [ CC781378E7EDA615D2CDCA3B17829FA4 ] C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:59:47.0337 1652 C:\Program Files\Microsoft\BingBar\SeaPort.EXE - ok
09:59:47.0343 1652 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
09:59:47.0343 1652 C:\Windows\System32\drivers\secdrv.sys - ok
09:59:47.0349 1652 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:59:47.0349 1652 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe - ok
09:59:47.0357 1652 [ 7B193BA3F0245D5867B71AD1CF631474 ] C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll
09:59:47.0357 1652 C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll - ok
09:59:47.0361 1652 [ D89083C4EB02DACA8F944B0E05E57F9D ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:59:47.0361 1652 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe - ok
09:59:47.0364 1652 [ 0D77436DA61BE7338BC600F0D8773331 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll
09:59:47.0364 1652 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll - ok
09:59:47.0369 1652 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] C:\Windows\System32\drivers\tcpipreg.sys
09:59:47.0369 1652 C:\Windows\System32\drivers\tcpipreg.sys - ok
09:59:47.0375 1652 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll
09:59:47.0375 1652 C:\Windows\System32\wiatrace.dll - ok
09:59:47.0380 1652 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll
09:59:47.0381 1652 C:\Windows\System32\wsdchngr.dll - ok
09:59:47.0386 1652 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll
09:59:47.0386 1652 C:\Windows\System32\icaapi.dll - ok
09:59:47.0392 1652 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll
09:59:47.0392 1652 C:\Windows\System32\wbem\WinMgmtR.dll - ok
09:59:47.0397 1652 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
09:59:47.0397 1652 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
09:59:47.0403 1652 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
09:59:47.0403 1652 C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
09:59:47.0409 1652 [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\Windows\System32\wer.dll
09:59:47.0410 1652 C:\Windows\System32\wer.dll - ok
09:59:47.0415 1652 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll
09:59:47.0415 1652 C:\Windows\System32\PortableDeviceApi.dll - ok
09:59:47.0420 1652 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll
09:59:47.0421 1652 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
09:59:47.0427 1652 [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll
09:59:47.0427 1652 C:\Windows\System32\tquery.dll - ok
09:59:47.0432 1652 [ 867C301E8B790040AE9CF6486E8041DF ] C:\Windows\System32\drivers\WUDFRd.sys
09:59:47.0432 1652 C:\Windows\System32\drivers\WUDFRd.sys - ok
09:59:47.0437 1652 [ C649F293B8B047A2694F3C615D09BF17 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
09:59:47.0438 1652 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
09:59:47.0444 1652 [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll
09:59:47.0444 1652 C:\Windows\System32\mssrch.dll - ok
09:59:47.0449 1652 [ 56D21CB4520D3286D71491CC5286E3EE ] C:\Windows\System32\HPScanMiniDrv_OJ6500_E710af.dll
09:59:47.0449 1652 C:\Windows\System32\HPScanMiniDrv_OJ6500_E710af.dll - ok
09:59:47.0454 1652 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll
09:59:47.0458 1652 C:\Windows\System32\dbghelp.dll - ok
09:59:47.0461 1652 [ 88AF537264F2B818DA15479CEEAF5D7C ] C:\Windows\System32\drivers\XAudio.sys
09:59:47.0461 1652 C:\Windows\System32\drivers\XAudio.sys - ok
09:59:47.0466 1652 [ 15A317674A08DF26BE65164D959E9203 ] C:\Windows\System32\drivers\XAudio.exe
09:59:47.0466 1652 C:\Windows\System32\drivers\XAudio.exe - ok
09:59:47.0474 1652 [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll
09:59:47.0475 1652 C:\Windows\System32\msidle.dll - ok
09:59:47.0478 1652 [ 9D6A019DEA917F305AF23209FEDD5F16 ] C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:59:47.0478 1652 C:\Program Files\Intel\WiFi\bin\EvtEng.exe - ok
09:59:47.0483 1652 [ 22F73612087430A94DBE912AB58E0C79 ] C:\Windows\System32\ci.dll
09:59:47.0483 1652 C:\Windows\System32\ci.dll - ok
09:59:47.0490 1652 [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll
09:59:47.0490 1652 C:\Windows\System32\Query.dll - ok
09:59:47.0494 1652 [ 980B6A5F92B8DB235C4A26728C2BE732 ] C:\Windows\System32\WUDFHost.exe
09:59:47.0494 1652 C:\Windows\System32\WUDFHost.exe - ok
09:59:47.0499 1652 [ A36F7A256E65D858A7039DB00ADEEBDD ] C:\Windows\System32\WUDFx.dll
09:59:47.0499 1652 C:\Windows\System32\WUDFx.dll - ok
09:59:47.0504 1652 [ D8C5E952C37E627F6CA9EF964E4CF055 ] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
09:59:47.0505 1652 C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll - ok
09:59:47.0511 1652 [ 119A487B94FCB54D5154EBFBFA124755 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
09:59:47.0511 1652 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
09:59:47.0516 1652 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll
09:59:47.0516 1652 C:\Windows\System32\localspl.dll - ok
09:59:47.0521 1652 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll
09:59:47.0521 1652 C:\Windows\System32\sfc.dll - ok
09:59:47.0528 1652 [ C187DF464C7860E1DCE6B7B133B8E799 ] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
09:59:47.0528 1652 C:\Program Files\Intel\WiFi\bin\MurocApi.dll - ok
09:59:47.0533 1652 [ A4EC6B9766E2A7FAA77283697BC5C307 ] C:\Windows\System32\E_FLBACA.DLL
09:59:47.0533 1652 C:\Windows\System32\E_FLBACA.DLL - ok
09:59:47.0542 1652 [ 7AEC176A5DE912D440E3B37120E2E38F ] C:\Windows\System32\E_FLMACE.DLL
09:59:47.0542 1652 C:\Windows\System32\E_FLMACE.DLL - ok
09:59:47.0545 1652 [ 1BF759B14975770A49794E75C3D389CA ] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
09:59:47.0545 1652 C:\Program Files\Intel\WiFi\bin\IntStngs.dll - ok
09:59:47.0551 1652 [ DCA3FA9F9DD103DC39C24C85EF073DB1 ] C:\Windows\System32\icmp.dll
09:59:47.0551 1652 C:\Windows\System32\icmp.dll - ok
09:59:47.0558 1652 [ F4F3EAE16AE6FD93E1F22DF295E2A7FC ] C:\Windows\System32\E_FLBGCE.DLL
09:59:47.0559 1652 C:\Windows\System32\E_FLBGCE.DLL - ok
09:59:47.0562 1652 [ D0BF61FAC9108C783DB4D8318488A0BD ] C:\Windows\System32\hpinksts5512LM.dll
09:59:47.0562 1652 C:\Windows\System32\hpinksts5512LM.dll - ok
09:59:47.0567 1652 [ 50ABE7CDA2DAE898216121D14092C182 ] C:\Windows\System32\WMVCORE.DLL
09:59:47.0567 1652 C:\Windows\System32\WMVCORE.DLL - ok
09:59:47.0575 1652 [ 36CCD8A79539C4ACE3BABE09C2CFBA16 ] C:\Windows\System32\WMASF.DLL
09:59:47.0575 1652 C:\Windows\System32\WMASF.DLL - ok
09:59:47.0579 1652 [ EB53460CE1AAA176E573B2A65027290F ] C:\Windows\System32\HPDiscoPM5512.dll
09:59:47.0579 1652 C:\Windows\System32\HPDiscoPM5512.dll - ok
09:59:47.0584 1652 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll
09:59:47.0584 1652 C:\Windows\System32\wsnmp32.dll - ok
09:59:47.0592 1652 [ 1160C00D30B0BEE83F84C8F2EE1D9B0E ] C:\Windows\System32\HPTcpMon.dll
09:59:47.0592 1652 C:\Windows\System32\HPTcpMon.dll - ok
09:59:47.0596 1652 [ B2B117BD8D1EA80536CDD91797EF4A0A ] C:\Windows\System32\PortableDeviceClassExtension.dll
09:59:47.0597 1652 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
09:59:47.0603 1652 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll
09:59:47.0603 1652 C:\Windows\System32\PortableDeviceTypes.dll - ok
09:59:47.0610 1652 [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui
09:59:47.0610 1652 C:\Windows\System32\en-US\tquery.dll.mui - ok
09:59:47.0613 1652 [ 2009F18E37347C38F1DC3840F1F6BFB8 ] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
09:59:47.0613 1652 C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll - ok
09:59:47.0619 1652 [ 32945996A75D379CD2C64EE9D0295DAD ] C:\Windows\System32\HPTcpMUI.dll
09:59:47.0619 1652 C:\Windows\System32\HPTcpMUI.dll - ok
09:59:47.0626 1652 [ 3584A093E8778C9E5F80CED99F0B7F35 ] C:\Windows\System32\hpzjrd01.dll
09:59:47.0626 1652 C:\Windows\System32\hpzjrd01.dll - ok
09:59:47.0631 1652 [ 398F0A7D44204D0C69224848689A657F ] C:\Windows\System32\hpbprtmon.dll
09:59:47.0631 1652 C:\Windows\System32\hpbprtmon.dll - ok
09:59:47.0636 1652 [ A49D931EFD7473A18FA061D824AB7A98 ] C:\Windows\System32\HPTcpMib.dll
09:59:47.0636 1652 C:\Windows\System32\HPTcpMib.dll - ok
09:59:47.0642 1652 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll
09:59:47.0642 1652 C:\Windows\System32\mgmtapi.dll - ok
09:59:47.0648 1652 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll
09:59:47.0648 1652 C:\Windows\System32\snmpapi.dll - ok
09:59:47.0653 1652 [ 0DBB9429AD9DA3EAF8078F113A76A8B7 ] C:\Program Files\Intel\WiFi\bin\pfQOSMgr.dll
09:59:47.0653 1652 C:\Program Files\Intel\WiFi\bin\pfQOSMgr.dll - ok
09:59:47.0659 1652 [ 44B3851DA0BCB727CE0CAEDE8BBEA1B9 ] C:\Windows\System32\hpbrprtmon.dll
09:59:47.0659 1652 C:\Windows\System32\hpbrprtmon.dll - ok
09:59:47.0665 1652 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll
09:59:47.0665 1652 C:\Windows\System32\netprofm.dll - ok
09:59:47.0670 1652 [ BF7E4D6F60A6D9E866432855C6F8C262 ] C:\Windows\System32\sqmapi.dll
09:59:47.0670 1652 C:\Windows\System32\sqmapi.dll - ok
09:59:47.0676 1652 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll
09:59:47.0676 1652 C:\Windows\System32\esent.dll - ok
09:59:47.0682 1652 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll
09:59:47.0682 1652 C:\Windows\System32\npmproxy.dll - ok
09:59:47.0687 1652 [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll
09:59:47.0687 1652 C:\Windows\System32\rastapi.dll - ok
09:59:47.0694 1652 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll
09:59:47.0694 1652 C:\Windows\System32\hnetcfg.dll - ok
09:59:47.0699 1652 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\Windows\System32\msonpmon.dll
09:59:47.0699 1652 C:\Windows\System32\msonpmon.dll - ok
09:59:47.0704 1652 [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll
09:59:47.0704 1652 C:\Windows\System32\msscb.dll - ok
09:59:47.0711 1652 [ B96B60EC821F86D445C9739A0F3DED59 ] C:\Windows\System32\unimdm.tsp
09:59:47.0711 1652 C:\Windows\System32\unimdm.tsp - ok
09:59:47.0716 1652 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll
09:59:47.0716 1652 C:\Windows\System32\tcpmon.dll - ok
09:59:47.0721 1652 [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\Windows\System32\uniplat.dll
09:59:47.0721 1652 C:\Windows\System32\uniplat.dll - ok
09:59:47.0727 1652 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll
09:59:47.0727 1652 C:\Windows\System32\tcpmib.dll - ok
09:59:47.0732 1652 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll
09:59:47.0732 1652 C:\Windows\System32\usbmon.dll - ok
09:59:47.0737 1652 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll
09:59:47.0737 1652 C:\Windows\System32\wbem\wbemcore.dll - ok
09:59:47.0743 1652 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll
09:59:47.0744 1652 C:\Windows\System32\wbem\esscli.dll - ok
09:59:47.0749 1652 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll
09:59:47.0749 1652 C:\Windows\System32\wbem\fastprox.dll - ok
09:59:47.0754 1652 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll
09:59:47.0754 1652 C:\Windows\System32\WSDMon.dll - ok
09:59:47.0760 1652 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll
09:59:47.0760 1652 C:\Windows\System32\wbem\wbemsvc.dll - ok
09:59:47.0766 1652 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll
09:59:47.0766 1652 C:\Windows\System32\wbem\repdrvfs.dll - ok
09:59:47.0771 1652 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll
09:59:47.0771 1652 C:\Windows\System32\wbem\wmiutils.dll - ok
09:59:47.0778 1652 [ 2E837F3D406224DF131C34BC8F71621E ] C:\Windows\System32\modemui.dll
09:59:47.0778 1652 C:\Windows\System32\modemui.dll - ok
09:59:47.0783 1652 [ F348280907B38FDBDB3CEF55D456E149 ] C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
09:59:47.0783 1652 C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll - ok
09:59:47.0789 1652 [ 0B71899E60D1265229BF3D080EAB573D ] C:\Windows\System32\unimdmat.dll
09:59:47.0789 1652 C:\Windows\System32\unimdmat.dll - ok
09:59:47.0795 1652 [ 953193A9DEA40348C1086D171F6440AE ] C:\Windows\System32\kmddsp.tsp
09:59:47.0795 1652 C:\Windows\System32\kmddsp.tsp - ok
09:59:47.0800 1652 [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\Windows\System32\ndptsp.tsp
09:59:47.0800 1652 C:\Windows\System32\ndptsp.tsp - ok
09:59:47.0805 1652 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll
09:59:47.0805 1652 C:\Windows\System32\win32spl.dll - ok
09:59:47.0812 1652 [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\Windows\System32\hidphone.tsp
09:59:47.0812 1652 C:\Windows\System32\hidphone.tsp - ok
09:59:47.0817 1652 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll
09:59:47.0817 1652 C:\Windows\System32\inetpp.dll - ok
09:59:47.0822 1652 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll
09:59:47.0822 1652 C:\Windows\System32\netrap.dll - ok
09:59:47.0828 1652 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll
09:59:47.0828 1652 C:\Windows\System32\printcom.dll - ok
09:59:47.0833 1652 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll
09:59:47.0833 1652 C:\Windows\System32\rasppp.dll - ok
09:59:47.0838 1652 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll
09:59:47.0838 1652 C:\Windows\System32\mprapi.dll - ok
09:59:47.0844 1652 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll
09:59:47.0844 1652 C:\Windows\System32\rasqec.dll - ok
09:59:47.0849 1652 [ 9FA2D4C2AFD72E17BDC6CE3E1B998D9C ] C:\Windows\System32\spool\drivers\w32x86\3\hpbxjobsvr1202.dll
09:59:47.0849 1652 C:\Windows\System32\spool\drivers\w32x86\3\hpbxjobsvr1202.dll - ok
09:59:47.0854 1652 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL
09:59:47.0855 1652 C:\Windows\System32\QUTIL.DLL - ok
09:59:47.0861 1652 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll
09:59:47.0861 1652 C:\Windows\System32\cryptui.dll - ok
09:59:47.0864 1652 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll
09:59:47.0864 1652 C:\Windows\System32\netshell.dll - ok
09:59:47.0869 1652 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll
09:59:47.0869 1652 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
09:59:47.0877 1652 [ 16FF3D15D12BFBB0B805FFE71BE3FA15 ] C:\Windows\System32\ntprint.dll
09:59:47.0877 1652 C:\Windows\System32\ntprint.dll - ok
09:59:47.0881 1652 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll
09:59:47.0881 1652 C:\Windows\System32\wbem\wbemess.dll - ok
09:59:47.0886 1652 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll
09:59:47.0887 1652 C:\Windows\System32\pcadm.dll - ok
09:59:47.0892 1652 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll
09:59:47.0892 1652 C:\Windows\System32\diagperf.dll - ok
09:59:47.0898 1652 [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll
09:59:47.0898 1652 C:\Windows\System32\mssprxy.dll - ok
09:59:47.0903 1652 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll
09:59:47.0904 1652 C:\Windows\System32\pnpts.dll - ok
09:59:47.0910 1652 [ 7A24CE559A60DCDB81B65973A823DD83 ] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
09:59:47.0910 1652 C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll - ok
09:59:47.0916 1652 [ 8274C87726D4561EE8750D883764ACC1 ] C:\Windows\System32\wbem\unsecapp.exe
09:59:47.0916 1652 C:\Windows\System32\wbem\unsecapp.exe - ok
09:59:47.0921 1652 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe
09:59:47.0921 1652 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
09:59:47.0928 1652 [ 10DE220BDFE330073762F89974DB8403 ] C:\Windows\System32\wbem\wmiprov.dll
09:59:47.0928 1652 C:\Windows\System32\wbem\wmiprov.dll - ok
09:59:47.0933 1652 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll
09:59:47.0933 1652 C:\Windows\System32\wmi.dll - ok
09:59:47.0938 1652 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll
09:59:47.0938 1652 C:\Windows\System32\wbem\NCProv.dll - ok
09:59:47.0944 1652 [ 42D977F5D85BF8584CF0F49DD2E1B983 ] C:\Program Files\Acer\Empowering Technology\ePower\CompileMOF.exe
09:59:47.0944 1652 C:\Program Files\Acer\Empowering Technology\ePower\CompileMOF.exe - ok
09:59:47.0950 1652 [ 1F5B5225624334B36902DB29EA8F273A ] C:\Program Files\Acer\Empowering Technology\eRecovery\eRecovery.ServicePlugin.dll
09:59:47.0950 1652 C:\Program Files\Acer\Empowering Technology\eRecovery\eRecovery.ServicePlugin.dll - ok
09:59:47.0956 1652 [ 79974B08639E3A6A3E61B415F8E380D4 ] C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
09:59:47.0956 1652 C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll - ok
09:59:47.0962 1652 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe
09:59:47.0963 1652 C:\Windows\System32\cmd.exe - ok
09:59:47.0968 1652 [ 1CDE6F121B62D7B5B2A26AFA3F0E09F8 ] C:\Program Files\Acer\Empowering Technology\eRecovery\eRecovery.RemoteServer.dll
09:59:47.0968 1652 C:\Program Files\Acer\Empowering Technology\eRecovery\eRecovery.RemoteServer.dll - ok
09:59:47.0974 1652 [ E3699236F3E4050B731A15921C418CE5 ] C:\Program Files\Acer\Empowering Technology\Service\eRecovery.RemoteServerInterface.dll
09:59:47.0974 1652 C:\Program Files\Acer\Empowering Technology\Service\eRecovery.RemoteServerInterface.dll - ok
09:59:47.0981 1652 [ 5F3BD963F02108C36592B5728FA725C5 ] C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
09:59:47.0981 1652 C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll - ok
09:59:47.0986 1652 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll
09:59:47.0986 1652 C:\Windows\System32\wbem\wbemcons.dll - ok
09:59:47.0994 1652 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\System32\ieframe.dll
09:59:47.0995 1652 C:\Windows\System32\ieframe.dll - ok
09:59:47.0998 1652 [ 0C793426CA0B48C4ECABC1A00E77E6E1 ] C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe
09:59:47.0998 1652 C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe - ok
09:59:48.0004 1652 [ A823FB26B70C3F7574C77B6100C7D075 ] C:\Program Files\Acer\Empowering Technology\eRecovery\wimgapi.dll
09:59:48.0004 1652 C:\Program Files\Acer\Empowering Technology\eRecovery\wimgapi.dll - ok
09:59:48.0011 1652 [ F723422A11CD6FA13036746272200993 ] C:\Windows\System32\wbem\cimwin32.dll
09:59:48.0011 1652 C:\Windows\System32\wbem\cimwin32.dll - ok
09:59:48.0015 1652 [ 67BB7141F7F5F37411F796943B3418B6 ] C:\Windows\System32\framedynos.dll
09:59:48.0015 1652 C:\Windows\System32\framedynos.dll - ok
09:59:48.0021 1652 [ 1CD3A0E936237AD8F203AF520B5FC014 ] C:\Program Files\Intel\WiFi\bin\iWrap.exe
09:59:48.0021 1652 C:\Program Files\Intel\WiFi\bin\iWrap.exe - ok
09:59:48.0029 1652 [ 80BD4B26E2CBC0D65445D0463DFF6FC2 ] C:\Windows\System32\oledlg.dll
09:59:48.0029 1652 C:\Windows\System32\oledlg.dll - ok
09:59:48.0035 1652 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll
09:59:48.0035 1652 C:\Windows\System32\cscapi.dll - ok
09:59:48.0044 1652 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe
09:59:48.0044 1652 C:\Windows\System32\taskeng.exe - ok
09:59:48.0050 1652 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll
09:59:48.0050 1652 C:\Windows\System32\TSChannel.dll - ok
09:59:48.0056 1652 [ 98638A4CA187245C469DA0DEC4F04A45 ] C:\Windows\System32\pautoenr.dll
09:59:48.0056 1652 C:\Windows\System32\pautoenr.dll - ok
09:59:48.0063 1652 [ AC48FD62E22C4425879FCA5A63F50497 ] C:\Windows\System32\certcli.dll
09:59:48.0063 1652 C:\Windows\System32\certcli.dll - ok
09:59:48.0070 1652 [ 0053319C4438CDE659AA75C19BBD22F1 ] C:\Windows\System32\CertEnroll.dll
09:59:48.0070 1652 C:\Windows\System32\CertEnroll.dll - ok
09:59:48.0078 1652 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:59:48.0078 1652 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
09:59:48.0082 1652 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
09:59:48.0082 1652 C:\Windows\System32\msvcr100_clr0400.dll - ok
09:59:48.0087 1652 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe
09:59:48.0087 1652 C:\Windows\System32\dllhost.exe - ok
09:59:48.0095 1652 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll
09:59:48.0095 1652 C:\Windows\System32\shimeng.dll - ok
09:59:48.0098 1652 [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe
09:59:48.0098 1652 C:\Windows\System32\AtBroker.exe - ok
09:59:48.0103 1652 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe
09:59:48.0103 1652 C:\Windows\System32\userinit.exe - ok
09:59:48.0111 1652 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll
09:59:48.0111 1652 C:\Windows\System32\dwmapi.dll - ok
09:59:48.0115 1652 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll
09:59:48.0115 1652 C:\Windows\System32\dwmredir.dll - ok
09:59:48.0118 1652 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll
09:59:48.0118 1652 C:\Windows\System32\milcore.dll - ok
09:59:48.0123 1652 [ 626A24ED1228580B9518C01930936DF9 ] C:\Program Files\Google\Update\GoogleUpdate.exe
09:59:48.0123 1652 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
09:59:48.0130 1652 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll
09:59:48.0130 1652 C:\Windows\System32\d3d9.dll - ok
09:59:48.0135 1652 [ C8DBFEF835FF54467425C8F3ABCF7046 ] C:\Windows\System32\dssenh.dll
09:59:48.0135 1652 C:\Windows\System32\dssenh.dll - ok
09:59:48.0140 1652 [ 9A7F1691F76E019C11481B6355125072 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
09:59:48.0140 1652 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
09:59:48.0146 1652 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll
09:59:48.0146 1652 C:\Windows\System32\d3d8thk.dll - ok
09:59:48.0152 1652 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll
09:59:48.0152 1652 C:\Windows\System32\HotStartUserAgent.dll - ok
09:59:48.0158 1652 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe
09:59:48.0158 1652 C:\Windows\explorer.exe - ok
09:59:48.0164 1652 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll
09:59:48.0164 1652 C:\Windows\System32\PlaySndSrv.dll - ok
09:59:48.0169 1652 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
09:59:48.0169 1652 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
09:59:48.0174 1652 [ F5ECEAF5132D00B3DA565DBDD14E430F ] C:\Windows\System32\igdumdx32.dll
09:59:48.0174 1652 C:\Windows\System32\igdumdx32.dll - ok
09:59:48.0180 1652 [ F58E87DE0F2855BAE62EED30D306358D ] C:\Windows\System32\igdumd32.dll
09:59:48.0181 1652 C:\Windows\System32\igdumd32.dll - ok
09:59:48.0185 1652 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll
09:59:48.0185 1652 C:\Windows\System32\uDWM.dll - ok
09:59:48.0190 1652 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll
09:59:48.0191 1652 C:\Windows\System32\MsCtfMonitor.dll - ok
09:59:48.0197 1652 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll
09:59:48.0197 1652 C:\Windows\System32\msutb.dll - ok
09:59:48.0202 1652 [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\System32\msvcp100.dll
09:59:48.0202 1652 C:\Windows\System32\msvcp100.dll - ok
09:59:48.0207 1652 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
09:59:48.0207 1652 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
09:59:48.0214 1652 [ 8F9D6B4AB86A39319078814ABBDD40BC ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
09:59:48.0214 1652 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
09:59:48.0219 1652 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll
09:59:48.0219 1652 C:\Windows\System32\TMM.dll - ok
09:59:48.0224 1652 [ D301241AA340E88C4999EFD61AF377BB ] C:\Windows\System32\igfxTMM.dll
09:59:48.0224 1652 C:\Windows\System32\igfxTMM.dll - ok
09:59:48.0230 1652 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll
09:59:48.0230 1652 C:\Windows\System32\shdocvw.dll - ok
09:59:48.0236 1652 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll
09:59:48.0236 1652 C:\Windows\System32\browseui.dll - ok
09:59:48.0241 1652 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll
09:59:48.0241 1652 C:\Windows\System32\mstask.dll - ok
09:59:48.0247 1652 [ E4024CCF225A936207294DE50925D4F6 ] C:\Program Files\Google\Update\1.3.21.123\goopdateres_en.dll
09:59:48.0247 1652 C:\Program Files\Google\Update\1.3.21.123\goopdateres_en.dll - ok
09:59:48.0252 1652 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll
09:59:48.0253 1652 C:\Windows\System32\actxprxy.dll - ok
09:59:48.0258 1652 [ 6D74290856347CF8682277A54B433D4B ] C:\Users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
09:59:48.0258 1652 C:\Users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll - ok
09:59:48.0265 1652 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Users\Niamh\AppData\Roaming\Dropbox\bin\msvcp71.dll
09:59:48.0265 1652 C:\Users\Niamh\AppData\Roaming\Dropbox\bin\msvcp71.dll - ok
09:59:48.0270 1652 [ 8078F8F8F7A79E2E6B494523A828C585 ] C:\Windows\System32\msdtckrm.dll
09:59:48.0270 1652 C:\Windows\System32\msdtckrm.dll - ok
09:59:48.0276 1652 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Users\Niamh\AppData\Roaming\Dropbox\bin\msvcr71.dll
09:59:48.0276 1652 C:\Users\Niamh\AppData\Roaming\Dropbox\bin\msvcr71.dll - ok
09:59:48.0281 1652 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll
09:59:48.0281 1652 C:\Windows\System32\EhStorShell.dll - ok
09:59:48.0287 1652 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll
09:59:48.0287 1652 C:\Windows\System32\imageres.dll - ok
09:59:48.0292 1652 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll
09:59:48.0292 1652 C:\Windows\System32\IconCodecService.dll - ok
09:59:48.0298 1652 [ 47188B0092466FD476E23DEA70CC1D4F ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
09:59:48.0298 1652 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
09:59:48.0303 1652 [ 07F649CD36F266BBE33B814FA678AA43 ] C:\Windows\System32\mshtml.dll
09:59:48.0303 1652 C:\Windows\System32\mshtml.dll - ok
09:59:48.0309 1652 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe
09:59:48.0309 1652 C:\Windows\System32\runonce.exe - ok
09:59:48.0315 1652 [ 6080A176D09435FC8E6E800996656E18 ] C:\Windows\System32\conime.exe
09:59:48.0315 1652 C:\Windows\System32\conime.exe - ok
09:59:48.0320 1652 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Niamh\AppData\Local\temp\00777399-8A5E-41AA-841D-114FF46D02B4.exe
09:59:48.0320 1652 C:\Users\Niamh\AppData\Local\temp\00777399-8A5E-41AA-841D-114FF46D02B4.exe - ok
09:59:48.0325 1652 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll
09:59:48.0325 1652 C:\Windows\System32\sfc_os.dll - ok
09:59:48.0331 1652 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
09:59:48.0331 1652 C:\Windows\System32\ie4uinit.exe - ok
09:59:48.0336 1652 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
09:59:48.0336 1652 C:\Windows\System32\iedkcs32.dll - ok
09:59:48.0342 1652 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl
09:59:48.0342 1652 C:\Windows\System32\timedate.cpl - ok
09:59:48.0348 1652 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL
09:59:48.0348 1652 C:\Windows\System32\QAGENT.DLL - ok
09:59:48.0353 1652 [ 178F99594E8968FDD7E441C2D504D108 ] C:\Program Files\iTunes\iTunesMiniPlayer.dll
09:59:48.0353 1652 C:\Program Files\iTunes\iTunesMiniPlayer.dll - ok
09:59:48.0359 1652 [ 097E968857C828064DF347C8E8D0248D ] C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
09:59:48.0359 1652 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll - ok
09:59:48.0366 1652 [ BB98C0DE52DA3A87100E9486D026215F ] C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
09:59:48.0366 1652 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll - ok
09:59:48.0369 1652 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll
09:59:48.0369 1652 C:\Windows\System32\msshsq.dll - ok
09:59:48.0374 1652 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll
09:59:48.0374 1652 C:\Windows\System32\NaturalLanguage6.dll - ok
09:59:48.0380 1652 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll
09:59:48.0380 1652 C:\Windows\System32\NlsData0009.dll - ok
09:59:48.0385 1652 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\43050240.sys
09:59:48.0385 1652 C:\Windows\System32\drivers\43050240.sys - ok
09:59:48.0390 1652 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll
09:59:48.0390 1652 C:\Windows\System32\NlsLexicons0009.dll - ok
09:59:48.0397 1652 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll
09:59:48.0397 1652 C:\Windows\System32\linkinfo.dll - ok
09:59:48.0402 1652 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll
09:59:48.0402 1652 C:\Windows\System32\networkexplorer.dll - ok
09:59:48.0407 1652 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll
09:59:48.0407 1652 C:\Windows\System32\mlang.dll - ok
09:59:48.0414 1652 [ 86171114D84AFBD3DFCE930E320C1BBF ] C:\Windows\RtHDVCpl.exe
09:59:48.0414 1652 C:\Windows\RtHDVCpl.exe - ok
09:59:48.0419 1652 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll
09:59:48.0419 1652 C:\Windows\System32\ExplorerFrame.dll - ok
09:59:48.0424 1652 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\Program Files\Windows Live\Messenger\msgslang.dll
09:59:48.0424 1652 C:\Program Files\Windows Live\Messenger\msgslang.dll - ok
09:59:48.0431 1652 [ 2F2DF068BED6E62E4C007DF7446B4F19 ] C:\Windows\PLFSetI.exe
09:59:48.0431 1652 C:\Windows\PLFSetI.exe - ok
09:59:48.0436 1652 [ A944A73CEC5921B871542FE5CC5E03E4 ] C:\Windows\System32\olepro32.dll
09:59:48.0436 1652 C:\Windows\System32\olepro32.dll - ok
09:59:48.0441 1652 [ 50BBDDB90F4410236B0682B794C5E1DF ] C:\Program Files\Apoint2K\Apoint.exe
09:59:48.0441 1652 C:\Program Files\Apoint2K\Apoint.exe - ok
09:59:48.0448 1652 [ 6950BBCEB21F9C3CB3B52E90960109C3 ] C:\Windows\System32\devenum.dll
09:59:48.0448 1652 C:\Windows\System32\devenum.dll - ok
09:59:48.0454 1652 [ D86CD399F2CC9FAD4AB5C430C8C35F7A ] C:\Program Files\Apoint2K\ApResUS.dll
09:59:48.0454 1652 C:\Program Files\Apoint2K\ApResUS.dll - ok
09:59:48.0459 1652 [ 9AE28CA20BBA2534A1BB011A96753B17 ] C:\Program Files\Launch Manager\LManager.exe
09:59:48.0459 1652 C:\Program Files\Launch Manager\LManager.exe - ok
09:59:48.0465 1652 [ B8AEFF80ABD57E6ABC6A46EAC7F4515F ] C:\Windows\System32\msdmo.dll
09:59:48.0465 1652 C:\Windows\System32\msdmo.dll - ok
09:59:48.0471 1652 [ 928C90E02E05244D2290C1551DF732C8 ] C:\Windows\System32\avicap32.dll
09:59:48.0471 1652 C:\Windows\System32\avicap32.dll - ok
09:59:48.0476 1652 [ 4C983668580F714413C8ABF42AC0202B ] C:\Windows\System32\Vxdif.dll
09:59:48.0476 1652 C:\Windows\System32\Vxdif.dll - ok
09:59:48.0482 1652 [ D37B71205FFCFAD191FBB70C914AABF9 ] C:\Program Files\Apoint2K\Apoint.dll
09:59:48.0482 1652 C:\Program Files\Apoint2K\Apoint.dll - ok
09:59:48.0487 1652 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe
09:59:48.0487 1652 C:\Windows\System32\control.exe - ok
09:59:48.0492 1652 [ 5016B8FC59AD616F03813FBE63295081 ] C:\Windows\System32\thumbcache.dll
09:59:48.0492 1652 C:\Windows\System32\thumbcache.dll - ok
09:59:48.0498 1652 [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\Windows\System32\msvfw32.dll
09:59:48.0498 1652 C:\Windows\System32\msvfw32.dll - ok
09:59:48.0503 1652 [ 65C092EF598DCCA1D665D52F06829512 ] C:\Windows\System32\vfwwdm32.dll
09:59:48.0503 1652 C:\Windows\System32\vfwwdm32.dll - ok
09:59:48.0508 1652 [ 861797D3C83A6EBA05FB2C63B1A45E82 ] C:\Windows\System32\ksproxy.ax
09:59:48.0508 1652 C:\Windows\System32\ksproxy.ax - ok
09:59:48.0514 1652 [ 81B43F7E896D65CFA3D5F1B640C88F12 ] C:\Program Files\Apoint2K\EzAuto.dll
09:59:48.0514 1652 C:\Program Files\Apoint2K\EzAuto.dll - ok
09:59:48.0519 1652 [ 7E1B0C85B7347D9391FE60F6DADFDDF0 ] C:\Program Files\Microsoft Security Client\msseces.exe
09:59:48.0519 1652 C:\Program Files\Microsoft Security Client\msseces.exe - ok
09:59:48.0525 1652 [ 012E22681A63D2BF405E6F15EF80BFD3 ] C:\Windows\System32\vidcap.ax
09:59:48.0525 1652 C:\Windows\System32\vidcap.ax - ok
09:59:48.0531 1652 [ FD44B4D9129EDD68BBD0A26683024EF9 ] C:\Windows\System32\Kswdmcap.ax
09:59:48.0531 1652 C:\Windows\System32\Kswdmcap.ax - ok
09:59:48.0536 1652 [ EF24642D5FB52A1EEF56DE9E47CBB993 ] C:\Windows\System32\mfc42.dll
09:59:48.0536 1652 C:\Windows\System32\mfc42.dll - ok
09:59:48.0541 1652 [ 84B8827562B005C118CADBA0F25DB2C6 ] C:\Windows\System32\dsound.dll
09:59:48.0541 1652 C:\Windows\System32\dsound.dll - ok
09:59:48.0548 1652 [ 648AB74D9C104FB500B6C4EEDC6A8772 ] C:\Windows\System32\wmpmde.dll
09:59:48.0548 1652 C:\Windows\System32\wmpmde.dll - ok
09:59:48.0552 1652 [ 67D16247C56C26A4F0D79D1A7F272B8F ] C:\Windows\System32\mf.dll
09:59:48.0552 1652 C:\Windows\System32\mf.dll - ok
09:59:48.0557 1652 [ 2495C4204C63678F8FD5D488CA7DAD26 ] C:\Windows\System32\evr.dll
09:59:48.0557 1652 C:\Windows\System32\evr.dll - ok
09:59:48.0565 1652 [ 4DF10CE50010D70152944B51E03588B0 ] C:\Windows\System32\wmdrmsdk.dll
09:59:48.0565 1652 C:\Windows\System32\wmdrmsdk.dll - ok
09:59:48.0569 1652 [ EFD278F8129EE12F1D4AE0250494B791 ] C:\Windows\System32\dxva2.dll
09:59:48.0569 1652 C:\Windows\System32\dxva2.dll - ok
09:59:48.0574 1652 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll
09:59:48.0574 1652 C:\Windows\System32\upnp.dll - ok
09:59:48.0581 1652 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll
09:59:48.0581 1652 C:\Windows\System32\riched20.dll - ok
09:59:48.0585 1652 [ 5E41139EC6EFBCAFFD96D46925E544AB ] C:\Windows\System32\mspatcha.dll
09:59:48.0586 1652 C:\Windows\System32\mspatcha.dll - ok
09:59:48.0591 1652 [ 015E99A7634B93E8BB0380C70F3D2CC3 ] C:\Windows\System32\wmp.dll
09:59:48.0591 1652 C:\Windows\System32\wmp.dll - ok
09:59:48.0598 1652 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
09:59:48.0598 1652 C:\Windows\System32\wuapi.dll - ok
09:59:48.0603 1652 [ E44C7D6F8D665DA2D9385E5E15EDEEF7 ] C:\Windows\System32\consent.exe
09:59:48.0603 1652 C:\Windows\System32\consent.exe - ok
09:59:48.0608 1652 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
09:59:48.0608 1652 C:\Program Files\Windows Calendar\WinCal.exe - ok
09:59:48.0616 1652 [ 9441A231C0AA0712F7CF3B10D9CFCF76 ] C:\Windows\System32\wmploc.DLL
09:59:48.0616 1652 C:\Windows\System32\wmploc.DLL - ok
09:59:48.0619 1652 [ EB0AD0BBAB987A31AE6478D576403445 ] C:\Program Files\Apoint2K\ApMsgFwd.exe
09:59:48.0619 1652 C:\Program Files\Apoint2K\ApMsgFwd.exe - ok
09:59:48.0625 1652 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
09:59:48.0625 1652 C:\Windows\System32\wups.dll - ok
09:59:48.0631 1652 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
09:59:48.0631 1652 C:\Program Files\Windows Mail\wab.exe - ok
09:59:48.0637 1652 [ 617F9A5813E69F6E9ED94B811EC75396 ] C:\Windows\System32\wmpps.dll
09:59:48.0637 1652 C:\Windows\System32\wmpps.dll - ok
09:59:48.0642 1652 [ F1ECEC53B9FFC30E123D14E087C49111 ] C:\Windows\System32\wmdrmdev.dll
09:59:48.0642 1652 C:\Windows\System32\wmdrmdev.dll - ok
09:59:48.0648 1652 [ 7C7C620860819A62F926D7EC0B72C50B ] C:\Windows\System32\drmv2clt.dll
09:59:48.0648 1652 C:\Windows\System32\drmv2clt.dll - ok
09:59:48.0654 1652 [ 395335431AD55C167CFDBBAB8420DA73 ] C:\Program Files\Movie Maker\DVDMaker.exe
09:59:48.0654 1652 C:\Program Files\Movie Maker\DVDMaker.exe - ok
09:59:48.0659 1652 [ 02F0BE91B0F2B1C30F6F48334F47D625 ] C:\Windows\System32\blackbox.dll
09:59:48.0659 1652 C:\Windows\System32\blackbox.dll - ok
09:59:48.0665 1652 [ D571295B71C60A67F6F2EA987E5CC3B0 ] C:\Windows\System32\wmdrmnet.dll
09:59:48.0665 1652 C:\Windows\System32\wmdrmnet.dll - ok
09:59:48.0670 1652 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll
09:59:48.0670 1652 C:\Windows\System32\ntshrui.dll - ok
09:59:48.0675 1652 [ 24B1666FD14CC71C7B0679AC61625B90 ] C:\Program Files\Windows Live\Messenger\msnmsgr.exe
09:59:48.0676 1652 C:\Program Files\Windows Live\Messenger\msnmsgr.exe - ok
09:59:48.0682 1652 [ D0A95E567224B4C347CBDD6541E5D928 ] C:\Windows\System32\wscisvif.dll
09:59:48.0682 1652 C:\Windows\System32\wscisvif.dll - ok
09:59:48.0687 1652 [ B2994EC6452DBD04E57828EEFEDFB93C ] C:\Users\Niamh\AppData\Local\temp\RtkBtMnt.exe
09:59:48.0687 1652 C:\Users\Niamh\AppData\Local\temp\RtkBtMnt.exe - ok
09:59:48.0692 1652 [ FE3702015BE4D214808A2FBC07B8E5FF ] C:\Windows\System32\wscproxystub.dll
09:59:48.0692 1652 C:\Windows\System32\wscproxystub.dll - ok
09:59:48.0699 1652 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll
09:59:48.0699 1652 C:\Windows\System32\stobject.dll - ok
09:59:48.0704 1652 [ 2424231BBD703A677D115C29983B4293 ] C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
09:59:48.0704 1652 C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL - ok
09:59:48.0709 1652 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll
09:59:48.0709 1652 C:\Windows\System32\batmeter.dll - ok
09:59:48.0715 1652 [ C2FB797884D9CC30AC0B5FB28146FE7A ] C:\Program Files\Windows Live\Messenger\uccapi.dll
09:59:48.0715 1652 C:\Program Files\Windows Live\Messenger\uccapi.dll - ok
09:59:48.0720 1652 [ 39D8EAA29CC2CC144E2B1214FA774F6A ] C:\Program Files\Windows Live\Messenger\vvpltfrm.dll
09:59:48.0720 1652 C:\Program Files\Windows Live\Messenger\vvpltfrm.dll - ok
09:59:48.0726 1652 [ 8EB5E95365AC5796E0C8175267D50744 ] C:\Program Files\Windows Live\Messenger\shareanything.dll
09:59:48.0726 1652 C:\Program Files\Windows Live\Messenger\shareanything.dll - ok
09:59:48.0732 1652 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll
09:59:48.0732 1652 C:\Windows\System32\SndVolSSO.dll - ok
09:59:48.0737 1652 [ 7B2E20CAE7730B2ADD47E09FD14F18C3 ] C:\Windows\System32\igfxdev.dll
09:59:48.0737 1652 C:\Windows\System32\igfxdev.dll - ok
09:59:48.0742 1652 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll
09:59:48.0742 1652 C:\Windows\System32\msiltcfg.dll - ok
09:59:48.0749 1652 [ AAAE543C535ED596ECAD2AB8761C2C6F ] C:\Windows\System32\dxgi.dll
09:59:48.0749 1652 C:\Windows\System32\dxgi.dll - ok
09:59:48.0754 1652 [ B7ED332A57FC78CA29E40D3619550225 ] C:\Windows\ehome\ehshell.exe
09:59:48.0754 1652 C:\Windows\ehome\ehshell.exe - ok
09:59:48.0759 1652 [ 313B30189557A2E2793F845DE0F0A4D5 ] C:\Windows\ehome\ehSSO.dll
09:59:48.0759 1652 C:\Windows\ehome\ehSSO.dll - ok
09:59:48.0768 1652 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll
09:59:48.0768 1652 C:\Windows\System32\pnidui.dll - ok
09:59:48.0772 1652 [ C6FD3425B1ADD739B95DC4D661FF4DD3 ] C:\Windows\System32\PresentationSettings.exe
09:59:48.0772 1652 C:\Windows\System32\PresentationSettings.exe - ok
09:59:48.0777 1652 [ 5E350C463EE596321C79CF23ADA56E7A ] C:\Windows\System32\igfxsrvc.exe
09:59:48.0777 1652 C:\Windows\System32\igfxsrvc.exe - ok
09:59:48.0783 1652 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe
09:59:48.0783 1652 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
09:59:48.0789 1652 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll
09:59:48.0812 1652 C:\Windows\System32\rasdlg.dll - ok
09:59:48.0815 1652 [ 7E6EA9CB72B5DE84A5D700BED877E5F9 ] C:\Program Files\Windows Mail\WinMail.exe
09:59:48.0815 1652 C:\Program Files\Windows Mail\WinMail.exe - ok
09:59:48.0820 1652 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe
09:59:48.0820 1652 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
09:59:48.0826 1652 [ 2D821AFA5A1A9CA7F9F997A1AAD09E72 ] C:\Program Files\Windows Media Player\wmplayer.exe
09:59:48.0826 1652 C:\Program Files\Windows Media Player\wmplayer.exe - ok
09:59:48.0833 1652 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
09:59:48.0833 1652 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
09:59:48.0837 1652 [ 35937EAD711207544E219C2A19A78A7D ] C:\Program Files\Windows Media Player\wmpnscfg.exe
09:59:48.0837 1652 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
09:59:48.0842 1652 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll
09:59:48.0842 1652 C:\Windows\System32\AltTab.dll - ok
09:59:48.0848 1652 [ E47C854A28A81F2939F42CBE9FEA994C ] C:\Windows\System32\Magnify.exe
09:59:48.0848 1652 C:\Windows\System32\Magnify.exe - ok
09:59:48.0853 1652 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll
09:59:48.0853 1652 C:\Windows\System32\WPDShServiceObj.dll - ok
09:59:48.0858 1652 [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe
09:59:48.0858 1652 C:\Windows\System32\wuapp.exe - ok
09:59:48.0863 1652 [ 015BDEDB0FD52C38EDC4D69F2B4C4B61 ] C:\Program Files\WinZip\WINZIP32.EXE
09:59:48.0864 1652 C:\Program Files\WinZip\WINZIP32.EXE - ok
09:59:48.0867 1652 [ 27BB54357A51594D9F9B6257B5B9A879 ] C:\Windows\System32\Narrator.exe
09:59:48.0868 1652 C:\Windows\System32\Narrator.exe - ok
09:59:48.0873 1652 [ E945E118C021E1F51BC7C7FB7B7D6E48 ] C:\Program Files\WinZip\WZ32.DLL
09:59:48.0873 1652 C:\Program Files\WinZip\WZ32.DLL - ok
09:59:48.0878 1652 [ A6AD8988233FDAD170B251211084F820 ] C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll
09:59:48.0878 1652 C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll - ok
09:59:48.0885 1652 [ 877F2939794EBA4F3D1BB967007E99E8 ] C:\Windows\System32\osk.exe
09:59:48.0885 1652 C:\Windows\System32\osk.exe - ok
09:59:48.0890 1652 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll
09:59:48.0890 1652 C:\Windows\System32\srchadmin.dll - ok
09:59:48.0895 1652 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
09:59:48.0895 1652 C:\Windows\System32\webcheck.dll - ok
09:59:48.0901 1652 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll
09:59:48.0901 1652 C:\Windows\System32\SyncCenter.dll - ok
09:59:48.0907 1652 [ 0D286C0FE561D1A7EB30E83A0FF305B2 ] C:\Program Files\Internet Explorer\iexplore.exe
09:59:48.0907 1652 C:\Program Files\Internet Explorer\iexplore.exe - ok
09:59:48.0912 1652 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll
09:59:48.0912 1652 C:\Windows\System32\imapi2.dll - ok
09:59:48.0918 1652 [ F35706F1D2567A03495C4F183A82FC2E ] C:\Users\Niamh\AppData\Local\Bonusprint\apc.exe
09:59:48.0918 1652 C:\Users\Niamh\AppData\Local\Bonusprint\apc.exe - ok
09:59:48.0924 1652 [ 6E886BFFAF8262220A6D9935809DED36 ] C:\Users\Niamh\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusPrefs.exe
09:59:48.0924 1652 C:\Users\Niamh\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusPrefs.exe - ok
09:59:48.0929 1652 [ F59AA2022EB7DDE457221E05B22FA829 ] C:\Users\Niamh\AppData\Local\Yahoo!\BrowserPlus\BrowserPlusUninstaller.exe
09:59:48.0930 1652 C:\Users\Niamh\AppData\Local\Yahoo!\BrowserPlus\BrowserPlusUninstaller.exe - ok
09:59:48.0936 1652 [ CEA69EEC43978AEEE8E3E02E07AD1A54 ] C:\Windows\System32\tzres.dll
09:59:48.0936 1652 C:\Windows\System32\tzres.dll - ok
09:59:48.0941 1652 [ 29C5375CE613B40EB4869C8B03FD1010 ] C:\Users\Niamh\AppData\Roaming\Dropbox\bin\Dropbox.exe
09:59:48.0941 1652 C:\Users\Niamh\AppData\Roaming\Dropbox\bin\Dropbox.exe - ok
09:59:48.0947 1652 [ 23F14E493A958CA53A3DF4DA5572F3F3 ] C:\Users\Niamh\AppData\Roaming\Dropbox\bin\Uninstall.exe
09:59:48.0947 1652 C:\Users\Niamh\AppData\Roaming\Dropbox\bin\Uninstall.exe - ok
09:59:48.0953 1652 [ 1B53B87826BFD560CCD51598C70F6A9F ] C:\Program Files\HP\csiInstaller\2794875B-6CCF-48B8-84A5-5B10DB98BEE6\Setup.exe
09:59:48.0953 1652 C:\Program Files\HP\csiInstaller\2794875B-6CCF-48B8-84A5-5B10DB98BEE6\Setup.exe - ok
09:59:48.0958 1652 [ 32C26797AB646074A2BB562F9D10ADB5 ] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
09:59:48.0958 1652 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - ok
09:59:48.0964 1652 [ A7B7D39811D97EED630BAFC86F32D3AE ] C:\Program Files\Vivitar Experience Image Manager\uninstaller.exe
09:59:48.0964 1652 C:\Program Files\Vivitar Experience Image Manager\uninstaller.exe - ok
09:59:48.0970 1652 [ 10246EB9FB366E5EDFEBA0212BAD372D ] C:\Program Files\Vivitar Experience Image Manager\Vivitar.exe
09:59:48.0970 1652 C:\Program Files\Vivitar Experience Image Manager\Vivitar.exe - ok
09:59:48.0976 1652 [ 40B8684493371CC0FB85AD6AD135BE0B ] C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe
09:59:48.0976 1652 C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe - ok
09:59:48.0984 1652 [ 704E56BF5DD28DD3D19D1FCC0853F57D ] C:\Program Files\Adobe\Adobe Help\Adobe Help.exe
09:59:48.0984 1652 C:\Program Files\Adobe\Adobe Help\Adobe Help.exe - ok
09:59:48.0988 1652 [ 314C76642049DD4E9B964BC333A620B1 ] C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
09:59:48.0988 1652 C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe - ok
09:59:48.0993 1652 [ B02EDA723B74A009BB5CF3E758ACBC22 ] C:\Program Files\Audacity\audacity.exe
09:59:48.0993 1652 C:\Program Files\Audacity\audacity.exe - ok
09:59:49.0000 1652 [ F9E27A01F9BA429D2B03DDDA4DBB313A ] C:\Program Files\HP\IrisOCR_12.3.4.0\regipe.exe
09:59:49.0000 1652 C:\Program Files\HP\IrisOCR_12.3.4.0\regipe.exe - ok
09:59:49.0005 1652 [ 0D392EDE3B97E0B3131B2F63EF1DB94E ] C:\Program Files\Windows Defender\MSASCui.exe
09:59:49.0005 1652 C:\Program Files\Windows Defender\MSASCui.exe - ok
09:59:49.0010 1652 [ 53EE5AF5320FEA562A7A7BE6F71A534A ] C:\Windows\System32\igfxsrvc.dll
09:59:49.0010 1652 C:\Windows\System32\igfxsrvc.dll - ok
09:59:49.0017 1652 [ 77BD0166102F3B9BB9499B2952C3BCFA ] C:\Program Files\Windows Live\Mail\wlmail.exe
09:59:49.0017 1652 C:\Program Files\Windows Live\Mail\wlmail.exe - ok
09:59:49.0023 1652 [ 82E53EC685889AD8CFB3AD812A906489 ] C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe
09:59:49.0023 1652 C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe - ok
09:59:49.0030 1652 [ 9CB27AE21BF0553BF20F571DD9E2C3A0 ] C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
09:59:49.0030 1652 C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe - ok
09:59:49.0037 1652 [ B5EF1DA337DB9859709A387638AC5E07 ] C:\Windows\System32\SearchProtocolHost.exe
09:59:49.0037 1652 C:\Windows\System32\SearchProtocolHost.exe - ok
09:59:49.0044 1652 [ A59DCD3DB4E966582F6FA83F2977C137 ] C:\Windows\System32\fsquirt.exe
09:59:49.0044 1652 C:\Windows\System32\fsquirt.exe - ok
09:59:49.0051 1652 [ 1ED2124313CCE34C877247574212EFC8 ] C:\Windows\System32\calc.exe
09:59:49.0051 1652 C:\Windows\System32\calc.exe - ok
09:59:49.0057 1652 [ 338104E0E18307CD65604FE317B5FB8D ] C:\Windows\System32\mblctr.exe
09:59:49.0058 1652 C:\Windows\System32\mblctr.exe - ok
09:59:49.0064 1652 [ B1AFF0B6DED627A1D22A6817DD58AC0F ] C:\Windows\System32\NetProj.exe
09:59:49.0064 1652 C:\Windows\System32\NetProj.exe - ok
09:59:49.0071 1652 [ 694AF8B27C9A0A99399E02CE977F986B ] C:\Windows\System32\mspaint.exe
09:59:49.0071 1652 C:\Windows\System32\mspaint.exe - ok
09:59:49.0076 1652 [ 16FEE292E95EDC274385103E6B498019 ] C:\Windows\System32\mstsc.exe
09:59:49.0076 1652 C:\Windows\System32\mstsc.exe - ok
09:59:49.0081 1652 [ 9E35FF7F943AE0FB89192BFE058B7FD4 ] C:\Program Files\Windows Sidebar\sidebar.exe
09:59:49.0081 1652 C:\Program Files\Windows Sidebar\sidebar.exe - ok
09:59:49.0088 1652 [ E80DB295132C5EF0C623935422BD0FC7 ] C:\Windows\System32\SnippingTool.exe
09:59:49.0088 1652 C:\Windows\System32\SnippingTool.exe - ok
09:59:49.0093 1652 [ 248F33A6C2380757BC1E20E34D9E827B ] C:\Windows\System32\SoundRecorder.exe
09:59:49.0093 1652 C:\Windows\System32\SoundRecorder.exe - ok
09:59:49.0101 1652 [ 9B89B3BB79EA1ACF041F40A7B6FC5827 ] C:\Windows\System32\mobsync.exe
09:59:49.0101 1652 C:\Windows\System32\mobsync.exe - ok
09:59:49.0105 1652 [ 19D0FC69D4E68D5CE2E4B34940529727 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
09:59:49.0105 1652 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
09:59:49.0110 1652 [ 105A4D87C8DCF2CF5DB042830B203E5F ] C:\Windows\Speech\Common\sapisvr.exe
09:59:49.0110 1652 C:\Windows\Speech\Common\sapisvr.exe - ok
09:59:49.0115 1652 [ A623666C8A8EC9A57DCA07915A3F1EC6 ] C:\Windows\System32\sdclt.exe
09:59:49.0118 1652 C:\Windows\System32\sdclt.exe - ok
09:59:49.0122 1652 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
09:59:49.0122 1652 C:\Windows\System32\wups2.dll - ok
09:59:49.0127 1652 [ BB4910DE8B6C5E30DF39EC97308D44BA ] C:\Windows\System32\charmap.exe
09:59:49.0127 1652 C:\Windows\System32\charmap.exe - ok
09:59:49.0135 1652 [ 2327C11B043FCEB80BE00CC8D077E9AA ] C:\Windows\System32\dfrgui.exe
09:59:49.0135 1652 C:\Windows\System32\dfrgui.exe - ok
09:59:49.0138 1652 [ 86AB3F6C784197DC1D994A83AF4259CD ] C:\Windows\System32\cleanmgr.exe
09:59:49.0138 1652 C:\Windows\System32\cleanmgr.exe - ok
09:59:49.0143 1652 [ F44F5CF7F050191602523A828B327EBB ] C:\Program Files\Launch Manager\COMFNUTL.DLL
09:59:49.0144 1652 C:\Program Files\Launch Manager\COMFNUTL.DLL - ok
09:59:49.0151 1652 [ 35EAFA4F987A2B05F110C54173836066 ] C:\Program Files\Launch Manager\SZUPFUTL.DLL
09:59:49.0152 1652 C:\Program Files\Launch Manager\SZUPFUTL.DLL - ok
09:59:49.0155 1652 [ FBF628702A408977FEB0845D48F4F154 ] C:\Windows\System32\migwiz\migwiz.exe
09:59:49.0155 1652 C:\Windows\System32\migwiz\migwiz.exe - ok
09:59:49.0161 1652 [ 9FCE388428CB6466534AE7A12ACDF60C ] C:\Program Files\Launch Manager\OSDUTL.DLL
09:59:49.0161 1652 C:\Program Files\Launch Manager\OSDUTL.DLL - ok
09:59:49.0167 1652 [ BB2F56FA8EDA2D98ECA27716C79CC078 ] C:\Program Files\Launch Manager\RGNMAKER.DLL
09:59:49.0167 1652 C:\Program Files\Launch Manager\RGNMAKER.DLL - ok
09:59:49.0172 1652 [ 03726930815B2F8369C733315A298658 ] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
09:59:49.0173 1652 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe - ok
09:59:49.0178 1652 [ 1D45A7FF7949628D466E0E884EECAA85 ] C:\Program Files\Launch Manager\CDROMUTL.DLL
09:59:49.0178 1652 C:\Program Files\Launch Manager\CDROMUTL.DLL - ok
09:59:49.0185 1652 [ 2C1B1E9174D94E9F6EE3CF373ABAB7DD ] C:\Windows\System32\igfxtray.exe
09:59:49.0185 1652 C:\Windows\System32\igfxtray.exe - ok
09:59:49.0189 1652 [ 5F12DCBECEE0ADE819E3F710F5508B31 ] C:\Windows\System32\hccutils.dll
09:59:49.0190 1652 C:\Windows\System32\hccutils.dll - ok
09:59:49.0194 1652 [ 87D78CF6365BDDACBE9D34B60FE0E23B ] C:\Windows\System32\hkcmd.exe
09:59:49.0194 1652 C:\Windows\System32\hkcmd.exe - ok
09:59:49.0202 1652 [ 89D3DE5E2C77DCD99C56F0E46310AEA0 ] C:\Windows\System32\igfxpers.exe
09:59:49.0202 1652 C:\Windows\System32\igfxpers.exe - ok
09:59:49.0206 1652 [ 8E3122A02C3981A9681C814E2AE102F1 ] C:\Program Files\Launch Manager\MIXERUTL.DLL
09:59:49.0206 1652 C:\Program Files\Launch Manager\MIXERUTL.DLL - ok
09:59:49.0211 1652 [ E4401CF27225C1D6E664E86195978562 ] C:\Program Files\iTunes\iTunesHelper.exe
09:59:49.0211 1652 C:\Program Files\iTunes\iTunesHelper.exe - ok
09:59:49.0218 1652 [ C85ECCBAA179719E658FFDBF99221E1E ] C:\Program Files\iTunes\iTunesHelper.dll
09:59:49.0219 1652 C:\Program Files\iTunes\iTunesHelper.dll - ok
09:59:49.0223 1652 [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
09:59:49.0223 1652 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
09:59:49.0229 1652 [ C9A8F1D76F468EB1C6E05949F5485B0D ] C:\Program Files\Launch Manager\WND2FILE.DLL
09:59:49.0229 1652 C:\Program Files\Launch Manager\WND2FILE.DLL - ok
09:59:49.0235 1652 [ 5B2F136FFB0291EFB259F2AB22CD35A2 ] C:\Program Files\Launch Manager\PowerUtl.dll
09:59:49.0235 1652 C:\Program Files\Launch Manager\PowerUtl.dll - ok
09:59:49.0240 1652 [ C9680F06E51DB8B9A0772C20F3E10DB6 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
09:59:49.0240 1652 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
09:59:49.0246 1652 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
09:59:49.0246 1652 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
09:59:49.0252 1652 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
09:59:49.0252 1652 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
09:59:49.0258 1652 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
09:59:49.0258 1652 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
09:59:49.0263 1652 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
09:59:49.0263 1652 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
09:59:49.0270 1652 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
09:59:49.0270 1652 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
09:59:49.0275 1652 [ 0EDF40E039D92EA5EB26BF01BE9ECC50 ] C:\Program Files\Launch Manager\LGKCUTL.DLL
09:59:49.0275 1652 C:\Program Files\Launch Manager\LGKCUTL.DLL - ok
09:59:49.0281 1652 [ E8C3D3CC6C8754529BE59FBA15695A14 ] C:\Program Files\Launch Manager\NTKCUtl.dll
09:59:49.0281 1652 C:\Program Files\Launch Manager\NTKCUtl.dll - ok
09:59:49.0287 1652 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
09:59:49.0287 1652 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
09:59:49.0292 1652 [ D3D1CE8FF30786D50272DA3085149904 ] C:\Windows\System32\msinfo32.exe
09:59:49.0292 1652 C:\Windows\System32\msinfo32.exe - ok
09:59:49.0297 1652 [ 95D5AC5CCBE10E8B4B8A0DF41022568D ] C:\Windows\System32\rstrui.exe
09:59:49.0297 1652 C:\Windows\System32\rstrui.exe - ok
09:59:49.0303 1652 [ C9B520028498E5DA23651619F8A556D4 ] C:\Windows\System32\StikyNot.exe
09:59:49.0303 1652 C:\Windows\System32\StikyNot.exe - ok
09:59:49.0309 1652 [ 66FA6EDD4873114E48BB17A8BE211919 ] C:\Program Files\Launch Manager\VistaVol.dll
09:59:49.0309 1652 C:\Program Files\Launch Manager\VistaVol.dll - ok
09:59:49.0314 1652 [ 4316F3447F585C0840916B3787F15EB9 ] C:\Program Files\Launch Manager\MMDUtl.dll
09:59:49.0314 1652 C:\Program Files\Launch Manager\MMDUtl.dll - ok
09:59:49.0320 1652 [ 48E6868781B4E8BF4B77DBEC7694BCE8 ] C:\Program Files\Real\RealPlayer\Update\realsched.exe
09:59:49.0320 1652 C:\Program Files\Real\RealPlayer\Update\realsched.exe - ok
09:59:49.0326 1652 [ 7122B0AA2212B07BBFC49BD22215BF3B ] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
09:59:49.0326 1652 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - ok
09:59:49.0331 1652 [ BF08674925F151BD4537B89A493E3E0C ] C:\Windows\ehome\ehtray.exe
09:59:49.0331 1652 C:\Windows\ehome\ehtray.exe - ok
09:59:49.0337 1652 [ C20436B4F0596ACD5569749206F99265 ] C:\Program Files\Windows Journal\Journal.exe
09:59:49.0337 1652 C:\Program Files\Windows Journal\Journal.exe - ok
09:59:49.0342 1652 [ 0F4195B9B348DE5CF9B822F81704B20E ] C:\Windows\ehome\ehmsas.exe
09:59:49.0343 1652 C:\Windows\ehome\ehmsas.exe - ok
09:59:49.0348 1652 [ F023A14FE899F5401935CAC119A723CE ] C:\Users\Niamh\AppData\Local\Akamai\netsession_win.exe
09:59:49.0348 1652 C:\Users\Niamh\AppData\Local\Akamai\netsession_win.exe - ok
09:59:49.0354 1652 [ 71A842E0118389F0F7F37E686FA7BFEF ] C:\Windows\System32\igfxext.exe
09:59:49.0354 1652 C:\Windows\System32\igfxext.exe - ok
09:59:49.0359 1652 [ E616A6A6E91B0A86F2F6217CDE835FFE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
09:59:49.0360 1652 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
09:59:49.0365 1652 [ 1843E81FA7ACFFF4344A7DD4328D7DA0 ] C:\Program Files\Microsoft Office\Office12\1033\ONINTL.DLL
09:59:49.0365 1652 C:\Program Files\Microsoft Office\Office12\1033\ONINTL.DLL - ok
09:59:49.0372 1652 [ 36B6F71B6D7D280302B348145DB05A9F ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
09:59:49.0372 1652 C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe - ok
09:59:49.0377 1652 [ DF4217DDB34A0B73DC7AAC7829371C0C ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
09:59:49.0377 1652 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
09:59:49.0383 1652 [ 4CAAD229A00C0DEFFF51841AE2B93B46 ] C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll
09:59:49.0383 1652 C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll - ok
09:59:49.0390 1652 [ 258DF54D57242C56C9923BFC05E80BFE ] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
09:59:49.0390 1652 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe - ok
09:59:49.0395 1652 [ FA6F9E1D83B8EC8769E9B42305E91B44 ] C:\Program Files\Acer\Empowering Technology\ePower\ePower.exe
09:59:49.0395 1652 C:\Program Files\Acer\Empowering Technology\ePower\ePower.exe - ok
09:59:49.0402 1652 [ 73EE758B7EDA3A1BDC8670772293305E ] C:\Program Files\Acer\Empowering Technology\eRecovery\eRecoveryUI.exe
09:59:49.0402 1652 C:\Program Files\Acer\Empowering Technology\eRecovery\eRecoveryUI.exe - ok
09:59:49.0407 1652 [ EA917FC36FE2917C8FA65959F45C7E3E ] C:\Windows\Acer Crystal Eye webcam.EXE
09:59:49.0407 1652 C:\Windows\Acer Crystal Eye webcam.EXE - ok
09:59:49.0412 1652 [ A205551E7BA8580D2C0FF896A4D79FA9 ] C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe
09:59:49.0412 1652 C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe - ok
09:59:49.0420 1652 [ 9DE3992AFCAB417A545139B012C42B4B ] C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe
09:59:49.0420 1652 C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe - ok
09:59:49.0424 1652 [ 582BE479E7E286BB3B31C5A4C3DC3987 ] C:\Windows\System32\msshooks.dll
09:59:49.0424 1652 C:\Windows\System32\msshooks.dll - ok
09:59:49.0429 1652 [ 8A0C27DF6577E5FCE42DE257EF1D18BA ] C:\Windows\Installer\{7F57E0DE-D0F7-47CC-A4AB-D21EB8E4BE48}\NewShortcut1_3685C5D935DD40A98E71B0795BD3ECA1.exe
09:59:49.0429 1652 C:\Windows\Installer\{7F57E0DE-D0F7-47CC-A4AB-D21EB8E4BE48}\NewShortcut1_3685C5D935DD40A98E71B0795BD3ECA1.exe - ok
09:59:49.0437 1652 [ 77179109C98EB6138F86AE457B6576D4 ] C:\Windows\System32\igfxexps.dll
09:59:49.0437 1652 C:\Windows\System32\igfxexps.dll - ok
09:59:49.0441 1652 [ 771AF583BC58373A84496CCD52C36E33 ] C:\Windows\System32\mssvp.dll
09:59:49.0441 1652 C:\Windows\System32\mssvp.dll - ok
09:59:49.0446 1652 [ 7DCF0E724F384A452671E935AE085404 ] C:\Program Files\Launch Manager\LMWndExtLH.dll
09:59:49.0446 1652 C:\Program Files\Launch Manager\LMWndExtLH.dll - ok
09:59:49.0453 1652 [ B6B8BCC62F604ABE1222BCF48942783D ] C:\Program Files\Launch Manager\WHookCtl.dll
09:59:49.0453 1652 C:\Program Files\Launch Manager\WHookCtl.dll - ok
09:59:49.0458 1652 [ 03080975758556F425A41A61481C1F53 ] C:\Windows\Installer\{7F57E0DE-D0F7-47CC-A4AB-D21EB8E4BE48}\Start_ExpressPoll_6286678B181446C289503A004BCA85AB.exe
09:59:49.0458 1652 C:\Windows\Installer\{7F57E0DE-D0F7-47CC-A4AB-D21EB8E4BE48}\Start_ExpressPoll_6286678B181446C289503A004BCA85AB.exe - ok
09:59:49.0463 1652 [ 1C474C0C4CB5F15A555FE912CBF4549C ] C:\Windows\System32\odbcad32.exe
09:59:49.0463 1652 C:\Windows\System32\odbcad32.exe - ok
09:59:49.0470 1652 [ 98C77FD99F3DB37B2C03F32B8F837B65 ] C:\Windows\System32\mapi32.dll
09:59:49.0470 1652 C:\Windows\System32\mapi32.dll - ok
09:59:49.0475 1652 [ 351319EF11C263C95FB721AC76F436D6 ] C:\Windows\System32\mssph.dll
09:59:49.0475 1652 C:\Windows\System32\mssph.dll - ok
09:59:49.0480 1652 [ A1CD5CE96F0A5426DB9A2F793854D1B8 ] C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL
09:59:49.0480 1652 C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL - ok
09:59:49.0487 1652 [ E290E3FDF645DF29D00D6368B9127E30 ] C:\Windows\System32\msfeeds.dll
09:59:49.0487 1652 C:\Windows\System32\msfeeds.dll - ok
09:59:49.0491 1652 [ 1CB1B95D67BC380FBCCFAEA3CF2DDA80 ] C:\Windows\System32\iscsicpl.exe
09:59:49.0491 1652 C:\Windows\System32\iscsicpl.exe - ok
09:59:49.0497 1652 [ C9EE7FF225EAC1CB9C78C413667CDB80 ] C:\Windows\System32\SearchFilterHost.exe
09:59:49.0497 1652 C:\Windows\System32\SearchFilterHost.exe - ok
09:59:49.0502 1652 [ 8D865A3E7E2C78317EDE4EAE8316284F ] C:\Windows\System32\MdSched.exe
09:59:49.0502 1652 C:\Windows\System32\MdSched.exe - ok
09:59:49.0506 1652 ============================================================
09:59:49.0506 1652 Scan finished
09:59:49.0506 1652 ============================================================
09:59:49.0515 4004 Detected object count: 1
09:59:49.0515 4004 Actual detected object count: 1
10:02:00.0313 4004 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:02:00.0313 4004 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:02:36.0128 3160 Deinitialize success

ASWMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-16 10:09:33
-----------------------------
10:09:33.052 OS Version: Windows 6.0.6002 Service Pack 2
10:09:33.052 Number of processors: 2 586 0x170A
10:09:33.053 ComputerName: NIAMH-PC UserName: Niamh
10:10:12.129 Initialize success
10:13:27.733 AVAST engine defs: 13011501
10:14:25.602 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:14:25.604 Disk 0 Vendor: WDC_WD2500BEVT-22ZCT0 11.01A11 Size: 238475MB BusType: 3
10:14:25.629 Disk 0 MBR read successfully
10:14:25.632 Disk 0 MBR scan
10:14:25.636 Disk 0 unknown MBR code
10:14:25.659 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
10:14:25.674 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114243 MB offset 20482048
10:14:25.703 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114230 MB offset 254451712
10:14:25.712 Disk 0 scanning sectors +488394752
10:14:25.775 Disk 0 scanning C:\Windows\system32\drivers
10:14:38.318 Service scanning
10:15:07.743 Modules scanning
10:15:13.485 Disk 0 trace - called modules:
10:15:13.506 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys watchdog.sys HDAudBus.sys tcpip.sys NETIO.SYS
10:15:13.513 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862fe6c0]
10:15:13.517 3 CLASSPNP.SYS[8aba28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c8ab98]
10:15:15.836 AVAST engine scan C:\Windows
10:15:21.148 AVAST engine scan C:\Windows\system32
10:18:57.308 AVAST engine scan C:\Windows\system32\drivers
10:19:13.479 AVAST engine scan C:\Users\Niamh
10:40:32.327 AVAST engine scan C:\ProgramData
10:46:47.082 Scan finished successfully
10:49:52.208 Disk 0 MBR has been saved successfully to "F:\Desktop\MBR.dat"
10:49:52.246 The log file has been saved successfully to "F:\Desktop\aswMBR.txt"


Thanks for your help!!
Niamh

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 AM

Posted 16 January 2013 - 11:14 AM

Hi Niamh,

Thank you for the updated information. It seems you have had this issue twice. When did it first happen, did you fix it by running Combofix, and then how long after it was fixed the first time did it appear again. Have you run Combofix 2 different times?

I think we do need to do some follow up. I also would like you to consider the following.


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan. This is based on evidence in your DDS log.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Can you tell me if you set this proxy override or if it looks familiar to you?

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>


===================================================


Re-installing and Running ComboFix

--------------------

I would like you to delete Combofix and then re-install it. We will then run the program again with the new copy.

  • Right click on the ComboFix Icon Posted Image on your desktop and select Delete.
  • Please download ComboFix from one of these locations and save it to your desktop:

    Bleepingcomputer

    ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe.
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.

===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Describe reinfection
  • Do you recognize the Proxy override?
  • Combofix log
  • AdwCleaner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 niamh808

niamh808
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 16 January 2013 - 04:44 PM

Hey Gary,
Okay thanks a million for the help, seems like I do have a problem with the computer :/ I am definitely going to do the clean-up and I have uninstalled utorrent. The problem first happened on the 6th I think and the second on the 11th, Thinking about it now I could have ran combofix when the reinfection happened (which was the 11th I think) but there wouldn't have been any problems because I would have recorded them. The first time, I wrote down the problems that came up... the first said it couldn't connect to the internet but that combofix had fixed it, I was to reboot and check if I could connect after (which I was) the second said that a rootkit was detected and the third said a file or directory\pagefile.sys is corrupt and I was to run chdsk utility (which I did but the computer wouldn't load so I googled it and I ended up at How to Clear the Windows Paging File at Shutdown where I downloaded the microsoft fix it tool which stopped the problem on the startup)I'm not too sure on the dates but I think they should be right...

Combofix log
ComboFix 13-01-16.01 - Niamh 16/01/2013 21:08:20.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3000.1328 [GMT 0:00]
Running from: f:\desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 21:16 . 2013-01-16 21:16 -------- d-----w- c:\users\Main\AppData\Local\temp
2013-01-16 21:16 . 2013-01-16 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-16 09:35 . 2013-01-16 09:35 -------- d-----w- c:\program files\RealNetworks
2013-01-16 09:35 . 2013-01-16 09:35 -------- d-----w- c:\programdata\RealNetworks
2013-01-16 09:35 . 2013-01-16 09:35 -------- d-----w- c:\program files\Common Files\xing shared
2013-01-16 09:34 . 2013-01-16 09:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-01-16 09:34 . 2013-01-16 09:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-01-15 10:13 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED2208F1-3EAB-4D81-B5E2-33E5E3A805DF}\mpengine.dll
2013-01-14 10:06 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-13 11:33 . 2013-01-13 11:34 -------- d-----w- c:\users\Niamh\AppData\Roaming\Spotify
2013-01-09 10:22 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 10:21 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 10:21 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-06 17:54 . 2013-01-16 21:16 -------- d-----w- c:\users\Niamh\AppData\Local\temp
2013-01-06 12:15 . 2013-01-06 12:15 -------- d-----w- c:\users\Niamh\AppData\Roaming\PeerNetworking
2012-12-28 11:20 . 2013-01-07 17:50 -------- d-----w- c:\users\Niamh\AppData\Roaming\dvdcss
2012-12-22 16:20 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 16:19 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 14:59 . 2009-08-25 13:49 952 --sha-w- c:\programdata\KGyGaAvL.sys
2013-01-08 21:32 . 2012-10-06 17:34 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 21:32 . 2011-05-17 12:37 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-05 13:04 . 2009-10-31 00:04 66560 ----a-w- c:\windows\system32\drivers\SMB.SYS
2012-11-29 17:09 . 2012-11-29 17:10 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60A1681C-196A-4842-8150-76C2BAB7D070}\gapaengine.dll
2012-11-14 02:09 . 2012-12-12 15:52 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 15:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 15:52 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 15:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 15:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 15:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-11 18:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 19:18 . 2012-08-29 14:23 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-03 23:26 . 2012-11-03 23:26 161792 ----a-w- c:\windows\system32\msls31.dll
2012-11-03 23:26 . 2012-11-03 23:26 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-03 23:26 . 2012-11-03 23:26 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-03 23:26 . 2012-11-03 23:26 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-03 23:26 . 2012-11-03 23:26 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-11-03 23:26 . 2012-11-03 23:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-03 23:26 . 2012-11-03 23:26 367104 ----a-w- c:\windows\system32\html.iec
2012-11-03 23:26 . 2012-11-03 23:26 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-11-03 23:26 . 2012-11-03 23:26 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-03 23:26 . 2012-11-03 23:26 152064 ----a-w- c:\windows\system32\wextract.exe
2012-11-03 23:26 . 2012-11-03 23:26 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-11-03 23:26 . 2012-11-03 23:26 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-11-03 23:26 . 2012-11-03 23:26 11776 ----a-w- c:\windows\system32\mshta.exe
2012-11-03 23:26 . 2012-11-03 23:26 101888 ----a-w- c:\windows\system32\admparse.dll
2012-11-03 23:26 . 2012-11-03 23:26 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-11-02 10:18 . 2012-12-11 18:30 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-11 18:30 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 19:17 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19 244328 ----a-w- c:\program files\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Akamai NetSession Interface"="c:\users\Niamh\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-25 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-01-16 295072]
.
c:\users\Niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Niamh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-12-17 13:41 1094000 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 06:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 17:27 138096 ----atw- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2012-05-14 10:28 6149120 ----a-w- c:\users\Niamh\AppData\Roaming\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-16 19:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-25 13:06 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HF_G_Jul]
2012-07-18 21:58 36960 ----a-w- c:\program files\AVG Secure Search\HF_G_Jul.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 19:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 13:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_JULY_P1]
2012-08-29 14:25 1022048 ----a-w- c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-25 12:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-01-16 09:34 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-11-09 19:17 997320 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\DRIVERS\ACTIVhidmini.sys [x]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 44578727
*NewlyCreated* - 57067086
*NewlyCreated* - ASWMBR
*Deregistered* - 44578727
*Deregistered* - 57067086
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 10:33 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 21:32]
.
2013-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2341527237-2102622955-2869244792-1003Core.job
- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-12 17:27]
.
2013-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2341527237-2102622955-2869244792-1003UA.job
- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-12 17:27]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 20:58]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&s=2&o=vp32&d=0709&m=travelmate_5730
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlfvideo.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Download with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-44578727.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 21:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%]*ø*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%]*ø*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\SecuROM\License information*]
"datasecu"=hex:2a,a8,9c,20,2f,56,cb,c2,98,b7,f7,da,68,e7,11,55,f5,ee,1e,a8,77,
60,3b,81,5c,c8,bd,76,7c,d2,6f,d5,03,83,97,d0,f0,f9,af,59,8a,d5,0d,e2,1e,c6,\
"rkeysecu"=hex:4c,bd,6b,8a,23,2b,8b,2d,73,d1,17,5b,b9,ca,05,3b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2748)
c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\System32\SysHook.dll
.
Completion time: 2013-01-16 21:18:53
ComboFix-quarantined-files.txt 2013-01-16 21:18
ComboFix2.txt 2013-01-06 17:53
ComboFix3.txt 2013-01-06 13:20
.
Pre-Run: 30,397,702,144 bytes free
Post-Run: 31,857,119,232 bytes free
.
- - End Of File - - 2AFFD40470D60A772D4C31C8C9DAA844

AdwCleaner log
# AdwCleaner v2.105 - Logfile created 01/16/2013 at 21:19:53
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Niamh - NIAMH-PC
# Boot Mode : Normal
# Running from : F:\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\OApps
Folder Found : C:\Program Files\uTorrentBar
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Niamh\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Niamh\AppData\Local\Conduit
Folder Found : C:\Users\Niamh\AppData\Local\OpenCandy
Folder Found : C:\Users\Niamh\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Niamh\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\Niamh\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Niamh\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Niamh\AppData\LocalLow\Conduit
Folder Found : C:\Users\Niamh\AppData\LocalLow\uTorrentBar
Folder Found : C:\Users\Niamh\AppData\Roaming\Babylon
Folder Found : C:\Users\Niamh\AppData\Roaming\Media Finder
Folder Found : C:\Users\Niamh\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SweetIM
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E9E603F-CC74-499F-856D-123B53342F11}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42E2EBF9-78C0-41C4-9374-AF0D63C20E8D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SweetIM
Key Found : HKLM\Software\uTorrentBar
Key Found : HKU\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Niamh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11443 octets] - [16/01/2013 21:19:53]

########## EOF - C:\AdwCleaner[R1].txt - [11504 octets] ##########

Thanks again,
-Niamh

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 AM

Posted 18 January 2013 - 09:59 AM

Hi Niamh,

I truly apologize for the delay.

Can you tell me if you set this proxy override or if it looks familiar to you?

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>


Can you please identify a few of the programs that currently don't run and programs that do?

Please run these for me.


===================================================


AdwCleaner by Xplode - Delete Adware

-------------------

  • Close all open programs and internet browser
  • Double click on adwcleaner.exe
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Do your recognize the Proxy server?
  • AdwCleaner log
  • Program information

Edited by Oh My, 18 January 2013 - 10:01 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 niamh808

niamh808
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 18 January 2013 - 01:55 PM

Hi Gary,
No I don't recognise the proxy override. All my programmes run now, including chrome, microsoft office and itunes, which weren't working on the days this problem popped up. More programmes wouldn't work on those days however Internet Explorer could for some reason.

# AdwCleaner v2.106 - Logfile created 01/18/2013 at 18:37:20
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Niamh - NIAMH-PC
# Boot Mode : Normal
# Running from : F:\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\uTorrentBar
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Niamh\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Niamh\AppData\Local\Conduit
Folder Deleted : C:\Users\Niamh\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Niamh\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Niamh\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Niamh\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Niamh\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Niamh\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Niamh\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Niamh\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Niamh\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Niamh\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E9E603F-CC74-499F-856D-123B53342F11}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42E2EBF9-78C0-41C4-9374-AF0D63C20E8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\uTorrentBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Niamh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11574 octets] - [16/01/2013 21:19:53]
AdwCleaner[S1].txt - [11472 octets] - [18/01/2013 18:37:20]

########## EOF - C:\AdwCleaner[S1].txt - [11533 octets] ##########

Thanks,
Niamh

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 AM

Posted 18 January 2013 - 04:24 PM

Hi Naimh,

That is good news. Please do the following for me.


===================================================


Temporary File Cleaner (TFC)

--------------------

  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies



===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • Malwarebytes log
  • ESET log
  • How is your computer running? Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 niamh808

niamh808
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 19 January 2013 - 01:32 PM

Heya Gary,

ComboFix 13-01-17.04 - Niamh 19/01/2013 12:09:12.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3000.1899 [GMT 0:00]
Running from: f:\desktop\ComboFix.exe
Command switches used :: f:\desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 12:20 . 2013-01-19 12:21 -------- d-----w- c:\users\Niamh\AppData\Local\temp
2013-01-19 12:20 . 2013-01-19 12:20 -------- d-----w- c:\users\Main\AppData\Local\temp
2013-01-19 12:20 . 2013-01-19 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-18 21:28 . 2013-01-18 21:28 -------- d-----w- c:\users\Niamh\AppData\Roaming\MoveFab
2013-01-18 21:04 . 2013-01-18 21:04 -------- d-----w- c:\programdata\dvdfab
2013-01-18 20:58 . 2013-01-18 20:58 -------- d-----w- c:\users\Niamh\AppData\Local\MPlayer
2013-01-18 20:57 . 2013-01-18 20:58 -------- d-----w- c:\users\Niamh\.dvdcss
2013-01-18 20:57 . 2013-01-18 20:57 -------- d-----w- c:\users\Niamh\fontconfig
2013-01-18 20:46 . 2013-01-18 20:46 -------- d-----w- c:\users\Niamh\AppData\Roaming\AnvSoft
2013-01-18 20:33 . 2013-01-18 20:33 -------- d-----w- c:\users\Niamh\AppData\Local\Aimersoft
2013-01-18 20:33 . 2013-01-18 20:33 -------- d-----w- c:\program files\Common Files\Aimersoft
2013-01-18 20:33 . 2012-09-21 10:15 496640 ----a-w- c:\windows\system32\xvid.ax
2013-01-18 20:33 . 2012-09-21 10:15 892928 ----a-w- c:\windows\system32\iconv.dll
2013-01-18 20:33 . 2012-09-21 10:15 675840 ----a-w- c:\windows\system32\ac3filter.ax
2013-01-18 20:33 . 2013-01-18 20:33 -------- d-----w- c:\programdata\Aimersoft DVD Ripper
2013-01-18 20:32 . 2013-01-18 20:37 -------- d-----w- c:\program files\Aimersoft
2013-01-18 12:44 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{943A8EBF-B307-4B2E-8E71-F1A60D62B3A1}\mpengine.dll
2013-01-16 21:47 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-16 09:35 . 2013-01-16 09:35 -------- d-----w- c:\program files\RealNetworks
2013-01-16 09:35 . 2013-01-16 09:35 -------- d-----w- c:\programdata\RealNetworks
2013-01-16 09:35 . 2013-01-16 09:35 -------- d-----w- c:\program files\Common Files\xing shared
2013-01-16 09:34 . 2013-01-16 09:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-01-16 09:34 . 2013-01-16 09:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-01-13 11:33 . 2013-01-13 11:34 -------- d-----w- c:\users\Niamh\AppData\Roaming\Spotify
2013-01-09 10:22 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 10:21 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 10:21 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-06 12:15 . 2013-01-06 12:15 -------- d-----w- c:\users\Niamh\AppData\Roaming\PeerNetworking
2012-12-28 11:20 . 2013-01-07 17:50 -------- d-----w- c:\users\Niamh\AppData\Roaming\dvdcss
2012-12-22 16:20 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 16:19 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 14:59 . 2009-08-25 13:49 952 --sha-w- c:\programdata\KGyGaAvL.sys
2013-01-08 21:32 . 2012-10-06 17:34 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 21:32 . 2011-05-17 12:37 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-05 13:04 . 2009-10-31 00:04 66560 ----a-w- c:\windows\system32\drivers\SMB.SYS
2012-11-29 17:09 . 2012-11-29 17:10 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60A1681C-196A-4842-8150-76C2BAB7D070}\gapaengine.dll
2012-11-14 02:09 . 2012-12-12 15:52 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 15:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 15:52 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 15:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 15:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 15:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-11 18:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 19:18 . 2012-08-29 14:23 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-03 23:26 . 2012-11-03 23:26 161792 ----a-w- c:\windows\system32\msls31.dll
2012-11-03 23:26 . 2012-11-03 23:26 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-03 23:26 . 2012-11-03 23:26 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-03 23:26 . 2012-11-03 23:26 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-03 23:26 . 2012-11-03 23:26 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-11-03 23:26 . 2012-11-03 23:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-03 23:26 . 2012-11-03 23:26 367104 ----a-w- c:\windows\system32\html.iec
2012-11-03 23:26 . 2012-11-03 23:26 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-11-03 23:26 . 2012-11-03 23:26 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-03 23:26 . 2012-11-03 23:26 152064 ----a-w- c:\windows\system32\wextract.exe
2012-11-03 23:26 . 2012-11-03 23:26 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-11-03 23:26 . 2012-11-03 23:26 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-11-03 23:26 . 2012-11-03 23:26 11776 ----a-w- c:\windows\system32\mshta.exe
2012-11-03 23:26 . 2012-11-03 23:26 101888 ----a-w- c:\windows\system32\admparse.dll
2012-11-03 23:26 . 2012-11-03 23:26 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-11-02 10:18 . 2012-12-11 18:30 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-11 18:30 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19 244328 ----a-w- c:\program files\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Akamai NetSession Interface"="c:\users\Niamh\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-25 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-01-16 295072]
.
c:\users\Niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Niamh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-12-17 13:41 1094000 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 14:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 06:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 17:27 138096 ----atw- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2012-05-14 10:28 6149120 ----a-w- c:\users\Niamh\AppData\Roaming\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-16 19:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-25 13:06 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 19:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 13:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-25 12:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-01-16 09:34 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\system32\DRIVERS\ACTIVhidmini.sys [x]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 10:33 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 21:32]
.
2013-01-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2341527237-2102622955-2869244792-1003Core.job
- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-12 17:27]
.
2013-01-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2341527237-2102622955-2869244792-1003UA.job
- c:\users\Niamh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-12 17:27]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 20:58]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&s=2&o=vp32&d=0709&m=travelmate_5730
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\users\Niamh\AppData\Roaming\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSConfigStartUp-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
MSConfigStartUp-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-19 12:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%]*ø*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%]*ø*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2341527237-2102622955-2869244792-1003\Software\SecuROM\License information*]
"datasecu"=hex:2a,a8,9c,20,2f,56,cb,c2,98,b7,f7,da,68,e7,11,55,f5,ee,1e,a8,77,
60,3b,81,5c,c8,bd,76,7c,d2,6f,d5,03,83,97,d0,f0,f9,af,59,8a,d5,0d,e2,1e,c6,\
"rkeysecu"=hex:4c,bd,6b,8a,23,2b,8b,2d,73,d1,17,5b,b9,ca,05,3b
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5240)
c:\users\Niamh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\System32\SysHook.dll
.
Completion time: 2013-01-19 12:27:58
ComboFix-quarantined-files.txt 2013-01-19 12:27
ComboFix2.txt 2013-01-16 21:18
ComboFix3.txt 2013-01-06 17:53
ComboFix4.txt 2013-01-06 13:20
.
Pre-Run: 31,502,024,704 bytes free
Post-Run: 31,496,265,728 bytes free
.
- - End Of File - - F8828AD4CDED292B6A8924F7E9C0AC47

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.19.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Niamh :: NIAMH-PC [administrator]

19/01/2013 12:43:08
mbam-log-2013-01-19 (12-43-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240129
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Log
C:\Qoobox\Quarantine\C\Users\Niamh\AppData\Local\GetBooks\getbooks.exe.vir a variant of Win32/GetBooks.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Niamh\AppData\Local\WideSearch\wsearch.exe.vir probably a variant of Win32/TrojanDownloader.Delf.RKU trojan cleaned by deleting - quarantined
C:\Windows\System32\prinstaller.msi multiple threats deleted - quarantined
C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys a variant of Win32/Rootkit.Kryptik.QY trojan cleaned by deleting - quarantined
F:\NIAMH-PC\Backup Set 2012-05-25 134504\Backup Files 2012-08-01 190005\Backup files 2.zip HTML/ScrInject.B.Gen virus deleted - quarantined
F:\Downloads\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined
F:\Downloads\Lord.Of.The.Rings.Trilogy[Special.Extended.Editions]DvDrip[Eng]_secure.exe Win32/TopMedia.B application cleaned by deleting - quarantined

My computer is running fine, no issues at all with it that I can see.
Thanks again,
Niamh

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 AM

Posted 19 January 2013 - 04:13 PM

Greetings Naimh,

Those scans look good. Just remnants.

Since your computer seems to be working fine it is my great pleasure to proclaim to you the Good News!


===================================================


All Clean

--------------

Your machine appears to be clean. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Please do the following to remove the remaining tools we used from your PC:

  • Delete the tools used during the disinfection:

  • Press windows key Posted Image + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.

    Posted Image
  • This will remove Combofix and other tools we used from your computer.
  • You may also remove any leftover tools we used.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:


In addition, here are some more links you might find of interest:


I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. Posted Image
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 niamh808

niamh808
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 20 January 2013 - 12:56 PM

Thank you so much Gary!
I really appreciate your help :)
Bye for now,
Niamh

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 AM

Posted 20 January 2013 - 03:07 PM

You are most welcome. It was my pleasure to help and you can always pop by just to say hi! :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 AM

Posted 21 January 2013 - 10:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users