Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit invasion undermined my Paretologic virus scan posing as PC Defender


  • Please log in to reply
22 replies to this topic

#1 happydeb

happydeb

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:11:49 AM

Posted 11 March 2013 - 10:44 PM

My browser crashed first and then I started getting warnings that my file pointer could not access the location of the file. The page started filling up with these warnings. Then PC defender pops up and says there are threats it can fix it just needs to scan my computer. I wonder why my Paretologic antivirus and antispyware programs didn't detect it. I have not installed windows defender but it came with my computer and I never used it but lately it has insisted upon sending me notifications.

 

I am unable to access any of my files at this point, so I let the rogue program posing as windows defender scan my files. It says hard drive spin failure and corrupt disk and thousands of errors, and to fix I can purchase the full program. So I shut the computer down, opened it in safe mode and followed some instructions I found on this site by loading files back to the desktop from my CD drive. I opened a boot log in safe mode. I ran RKill and TDSSKiller, I got the black screen that dissappeared after clicking remove for the 10 threats found in the scan, and then restarted my computer. This time the malware performed its same threat routine and found the Rkill and TDSSkiller that I had just put on my desktop and hid them... So I need help.

Thanks

Deb



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 PM

Posted 11 March 2013 - 10:53 PM

    

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 happydeb

happydeb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:11:49 AM

Posted 12 March 2013 - 02:40 AM

I am no longer able to access safe mode after running TDSSkiller a second time by loading from a CD to the desktop. It asked me to reboot this time (the first time it didn't) but then it automatically initiated the startup sequence and I was re-attacked and can no longer reach safe mode even after using system repair from the system configuration file which is an option I still have with Fn F2.

 

I have system backup recovery disk that I made a long time ago. It should have a boot.ini on it right? So can I boot from it get to safe mode?



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 PM

Posted 12 March 2013 - 05:01 AM

What did TDSSkiller detect in second scan?

 

What happens when you press F8?

 

Try booting into safemode or safemode with command prompt or safemode with networking options.

 

Do you have any other account that can access desktop in normal mode?


Edited by narenxp, 12 March 2013 - 05:01 AM.


#5 happydeb

happydeb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:11:49 AM

Posted 12 March 2013 - 01:38 PM

The infection obliterates the log files along with the exe scan files. I am not able to start and enter into safe mode when I press Fn F2 I only get the system configuration menu, I no longer am directed to the menu that allows me to start in safe mode or safemode with networking options etc. I tried pressing F8 and Fn F8 and nothing happens but shutting the computer down gives me the option to repair startup problems but does not give an option for starting in safemode. Then after it repairs it gives an option to "restore" but does not allow me to choose a restore point. Then it attempts to open windows normally which it does with my desktop looking normal and then it starts gobbling up my desktop and the only thing I can do is a forced shutdown.



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 PM

Posted 12 March 2013 - 03:16 PM

Do you have any other account that can access desktop in normal mode?

 

?

 

Are you able to run scans with multiple pop ups in normal mode?Can you launch command prompt atleast?



#7 happydeb

happydeb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:11:49 AM

Posted 13 March 2013 - 12:09 AM

Okay, I resolved the problem of how to enter Safemode without the user prompt that I used to get; Press F8 before windows starts to load.
I disabled my Windows Security firewall (which shouldn't have been on anyway since I have a Cox.net modem, right?) I uninstalled Paretologic anti-virus and the other two paretologic programs I have do not run in safemode, so I should be alright. 
Then I loaded and ran the scan programs and these are the results, in the order you gave:
 
14:03:17.0488 2016  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:03:18.0096 2016  ============================================================
14:03:18.0096 2016  Current date / time: 2013/03/12 14:03:18.0096
14:03:18.0096 2016  SystemInfo:
14:03:18.0096 2016  
14:03:18.0096 2016  OS Version: 6.1.7601 ServicePack: 1.0
14:03:18.0096 2016  Product type: Workstation
14:03:18.0096 2016  ComputerName: DEB-PC
14:03:18.0096 2016  UserName: Deb
14:03:18.0096 2016  Windows directory: C:\Windows
14:03:18.0096 2016  System windows directory: C:\Windows
14:03:18.0096 2016  Running under WOW64
14:03:18.0096 2016  Processor architecture: Intel x64
14:03:18.0096 2016  Number of processors: 2
14:03:18.0096 2016  Page size: 0x1000
14:03:18.0096 2016  Boot type: Safe boot with network
14:03:18.0096 2016  ============================================================
14:03:18.0174 2016  BG loaded
14:03:18.0720 2016  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:03:18.0736 2016  Drive \Device\Harddisk1\DR1 - Size: 0x7C740000 (1.94 Gb), SectorSize: 0x200, Cylinders: 0xFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:03:18.0736 2016  Drive \Device\Harddisk2\DR2 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:03:18.0736 2016  ============================================================
14:03:18.0736 2016  \Device\Harddisk0\DR0:
14:03:18.0736 2016  MBR partitions:
14:03:18.0736 2016  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
14:03:18.0736 2016  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
14:03:18.0736 2016  \Device\Harddisk1\DR1:
14:03:18.0736 2016  MBR partitions:
14:03:18.0736 2016  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xED, BlocksNum 0x3E3913
14:03:18.0736 2016  \Device\Harddisk2\DR2:
14:03:18.0736 2016  MBR partitions:
14:03:18.0736 2016  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
14:03:18.0736 2016  ============================================================
14:03:18.0767 2016  C: <-> \Device\Harddisk0\DR0\Partition2
14:03:18.0767 2016  ============================================================
14:03:18.0767 2016  Initialize success
14:03:18.0767 2016  ============================================================
14:04:03.0539 1076  ============================================================
14:04:03.0539 1076  Scan started
14:04:03.0539 1076  Mode: Manual; TDLFS; 
14:04:03.0539 1076  ============================================================
14:04:03.0820 1076  ================ Scan system memory ========================
14:04:03.0820 1076  System memory - ok
14:04:03.0820 1076  ================ Scan services =============================
14:04:04.0022 1076  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:04:04.0022 1076  1394ohci - ok
14:04:04.0116 1076  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:04:04.0116 1076  ACPI - ok
14:04:04.0178 1076  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:04:04.0178 1076  AcpiPmi - ok
14:04:04.0350 1076  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:04:04.0366 1076  AdobeFlashPlayerUpdateSvc - ok
14:04:04.0428 1076  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:04:04.0444 1076  adp94xx - ok
14:04:04.0459 1076  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:04:04.0475 1076  adpahci - ok
14:04:04.0506 1076  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:04:04.0506 1076  adpu320 - ok
14:04:04.0553 1076  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:04:04.0553 1076  AeLookupSvc - ok
14:04:04.0646 1076  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:04:04.0646 1076  AFD - ok
14:04:04.0693 1076  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:04:04.0693 1076  agp440 - ok
14:04:04.0943 1076  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
14:04:04.0943 1076  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
14:04:04.0958 1076  Akamai ( HiddenFile.Multi.Generic ) - warning
14:04:04.0958 1076  Akamai - detected HiddenFile.Multi.Generic (1)
14:04:05.0005 1076  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:04:05.0005 1076  ALG - ok
14:04:05.0068 1076  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:04:05.0068 1076  aliide - ok
14:04:05.0083 1076  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:04:05.0083 1076  amdide - ok
14:04:05.0114 1076  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:04:05.0114 1076  AmdK8 - ok
14:04:05.0114 1076  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:04:05.0114 1076  AmdPPM - ok
14:04:05.0224 1076  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:04:05.0224 1076  amdsata - ok
14:04:05.0270 1076  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:04:05.0270 1076  amdsbs - ok
14:04:05.0317 1076  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:04:05.0317 1076  amdxata - ok
14:04:05.0364 1076  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:04:05.0364 1076  AppID - ok
14:04:05.0427 1076  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:04:05.0427 1076  AppIDSvc - ok
14:04:05.0489 1076  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:04:05.0489 1076  Appinfo - ok
14:04:05.0645 1076  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:04:05.0645 1076  Apple Mobile Device - ok
14:04:05.0692 1076  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:04:05.0692 1076  arc - ok
14:04:05.0692 1076  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:04:05.0692 1076  arcsas - ok
14:04:05.0754 1076  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:04:05.0754 1076  AsyncMac - ok
14:04:05.0817 1076  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:04:05.0817 1076  atapi - ok
14:04:05.0910 1076  [ A6307F356D778E18A76E7783EF98C6AA ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
14:04:05.0910 1076  Atheros Bt&Wlan Coex Agent - ok
14:04:06.0019 1076  [ 147D5C092D116E3E4768D7BE532ADD79 ] AtherosSvc      C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe
14:04:06.0019 1076  AtherosSvc - ok
14:04:06.0097 1076  [ DE8B9C3E0E09D918B394207F34AC16DD ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:04:06.0113 1076  athr - ok
14:04:06.0191 1076  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:04:06.0191 1076  AudioEndpointBuilder - ok
14:04:06.0207 1076  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:04:06.0207 1076  AudioSrv - ok
14:04:06.0285 1076  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:04:06.0285 1076  AxInstSV - ok
14:04:06.0347 1076  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:04:06.0347 1076  b06bdrv - ok
14:04:06.0394 1076  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:04:06.0409 1076  b57nd60a - ok
14:04:06.0612 1076  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
14:04:06.0612 1076  BBSvc - ok
14:04:06.0675 1076  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
14:04:06.0675 1076  BBUpdate - ok
14:04:06.0721 1076  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:04:06.0721 1076  BDESVC - ok
14:04:06.0784 1076  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:04:06.0784 1076  Beep - ok
14:04:06.0877 1076  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:04:06.0877 1076  BFE - ok
14:04:06.0893 1076  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:04:06.0909 1076  BITS - ok
14:04:06.0971 1076  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:04:06.0971 1076  blbdrive - ok
14:04:07.0111 1076  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:04:07.0111 1076  Bonjour Service - ok
14:04:07.0143 1076  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:04:07.0143 1076  bowser - ok
14:04:07.0174 1076  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:04:07.0174 1076  BrFiltLo - ok
14:04:07.0205 1076  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:04:07.0205 1076  BrFiltUp - ok
14:04:07.0252 1076  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:04:07.0252 1076  Browser - ok
14:04:07.0267 1076  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:04:07.0267 1076  Brserid - ok
14:04:07.0267 1076  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:04:07.0283 1076  BrSerWdm - ok
14:04:07.0283 1076  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:04:07.0283 1076  BrUsbMdm - ok
14:04:07.0299 1076  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:04:07.0299 1076  BrUsbSer - ok
14:04:07.0392 1076  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
14:04:07.0392 1076  BrYNSvc - ok
14:04:07.0470 1076  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
14:04:07.0470 1076  BTATH_BUS - ok
14:04:07.0548 1076  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:04:07.0548 1076  BTHMODEM - ok
14:04:07.0611 1076  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:04:07.0611 1076  bthserv - ok
14:04:07.0689 1076  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:04:07.0689 1076  cdfs - ok
14:04:07.0782 1076  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:04:07.0782 1076  cdrom - ok
14:04:07.0845 1076  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:04:07.0860 1076  CertPropSvc - ok
14:04:07.0891 1076  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:04:07.0891 1076  circlass - ok
14:04:07.0938 1076  [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC           C:\Windows\system32\CISVC.EXE
14:04:07.0938 1076  CISVC - ok
14:04:07.0969 1076  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:04:07.0969 1076  CLFS - ok
14:04:08.0047 1076  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:04:08.0047 1076  clr_optimization_v2.0.50727_32 - ok
14:04:08.0094 1076  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:04:08.0094 1076  clr_optimization_v2.0.50727_64 - ok
14:04:08.0188 1076  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:04:08.0203 1076  clr_optimization_v4.0.30319_32 - ok
14:04:08.0250 1076  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:04:08.0250 1076  clr_optimization_v4.0.30319_64 - ok
14:04:08.0313 1076  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:04:08.0313 1076  CmBatt - ok
14:04:08.0328 1076  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:04:08.0328 1076  cmdide - ok
14:04:08.0375 1076  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:04:08.0375 1076  CNG - ok
14:04:08.0437 1076  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:04:08.0437 1076  Compbatt - ok
14:04:08.0484 1076  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:04:08.0484 1076  CompositeBus - ok
14:04:08.0515 1076  COMSysApp - ok
14:04:08.0578 1076  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:04:08.0578 1076  crcdisk - ok
14:04:08.0640 1076  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:04:08.0640 1076  CryptSvc - ok
14:04:08.0718 1076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:04:08.0718 1076  DcomLaunch - ok
14:04:08.0781 1076  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:04:08.0781 1076  defragsvc - ok
14:04:08.0843 1076  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:04:08.0843 1076  DfsC - ok
14:04:08.0905 1076  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:04:08.0921 1076  Dhcp - ok
14:04:08.0937 1076  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:04:08.0937 1076  discache - ok
14:04:09.0015 1076  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:04:09.0015 1076  Disk - ok
14:04:09.0046 1076  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:04:09.0046 1076  Dnscache - ok
14:04:09.0108 1076  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:04:09.0124 1076  dot3svc - ok
14:04:09.0171 1076  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:04:09.0171 1076  DPS - ok
14:04:09.0233 1076  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:04:09.0233 1076  drmkaud - ok
14:04:09.0342 1076  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:04:09.0342 1076  DsiWMIService - ok
14:04:09.0405 1076  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:04:09.0420 1076  DXGKrnl - ok
14:04:09.0436 1076  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:04:09.0436 1076  EapHost - ok
14:04:09.0514 1076  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:04:09.0592 1076  ebdrv - ok
14:04:09.0639 1076  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:04:09.0639 1076  EFS - ok
14:04:09.0701 1076  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:04:09.0717 1076  ehRecvr - ok
14:04:09.0732 1076  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:04:09.0732 1076  ehSched - ok
14:04:09.0795 1076  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:04:09.0795 1076  elxstor - ok
14:04:09.0919 1076  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:04:09.0919 1076  ePowerSvc - ok
14:04:10.0060 1076  [ 000598EAA293D5139F3DBC68516F901E ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
14:04:10.0060 1076  EPSON_PM_RPCV4_01 - ok
14:04:10.0091 1076  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:04:10.0091 1076  ErrDev - ok
14:04:10.0169 1076  [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
14:04:10.0169 1076  ETD - ok
14:04:10.0200 1076  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:04:10.0200 1076  EventSystem - ok
14:04:10.0216 1076  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:04:10.0216 1076  exfat - ok
14:04:10.0247 1076  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:04:10.0247 1076  fastfat - ok
14:04:10.0309 1076  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:04:10.0325 1076  Fax - ok
14:04:10.0341 1076  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:04:10.0341 1076  fdc - ok
14:04:10.0372 1076  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:04:10.0372 1076  fdPHost - ok
14:04:10.0387 1076  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:04:10.0387 1076  FDResPub - ok
14:04:10.0419 1076  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:04:10.0419 1076  FileInfo - ok
14:04:10.0434 1076  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:04:10.0434 1076  Filetrace - ok
14:04:10.0528 1076  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:04:10.0528 1076  FLEXnet Licensing Service - ok
14:04:10.0559 1076  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:04:10.0559 1076  flpydisk - ok
14:04:10.0606 1076  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:04:10.0606 1076  FltMgr - ok
14:04:10.0684 1076  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:04:10.0684 1076  FontCache - ok
14:04:10.0777 1076  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:04:10.0777 1076  FontCache3.0.0.0 - ok
14:04:10.0809 1076  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:04:10.0809 1076  FsDepends - ok
14:04:10.0855 1076  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:04:10.0855 1076  Fs_Rec - ok
14:04:10.0933 1076  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:04:10.0933 1076  fvevol - ok
14:04:10.0996 1076  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:04:10.0996 1076  gagp30kx - ok
14:04:11.0105 1076  [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
14:04:11.0105 1076  GameConsoleService - ok
14:04:11.0167 1076  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:04:11.0167 1076  GEARAspiWDM - ok
14:04:11.0308 1076  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
14:04:11.0308 1076  GoogleDesktopManager-051210-111108 - ok
14:04:11.0370 1076  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:04:11.0370 1076  gpsvc - ok
14:04:11.0448 1076  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:04:11.0448 1076  GREGService - ok
14:04:11.0511 1076  [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
14:04:11.0526 1076  grmnusb - ok
14:04:11.0713 1076  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:04:11.0729 1076  gupdate - ok
14:04:11.0760 1076  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:04:11.0776 1076  gupdatem - ok
14:04:11.0947 1076  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:04:11.0963 1076  gusvc - ok
14:04:11.0994 1076  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:04:11.0994 1076  hcw85cir - ok
14:04:12.0088 1076  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:04:12.0088 1076  HdAudAddService - ok
14:04:12.0181 1076  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:04:12.0181 1076  HDAudBus - ok
14:04:12.0275 1076  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
14:04:12.0275 1076  HECIx64 - ok
14:04:12.0322 1076  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:04:12.0322 1076  HidBatt - ok
14:04:12.0353 1076  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:04:12.0353 1076  HidBth - ok
14:04:12.0400 1076  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:04:12.0431 1076  HidIr - ok
14:04:12.0462 1076  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:04:12.0462 1076  hidserv - ok
14:04:12.0540 1076  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:04:12.0540 1076  HidUsb - ok
14:04:12.0587 1076  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:04:12.0587 1076  hkmsvc - ok
14:04:12.0681 1076  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:04:12.0696 1076  HomeGroupListener - ok
14:04:12.0743 1076  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:04:12.0759 1076  HomeGroupProvider - ok
14:04:12.0837 1076  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:04:12.0852 1076  HpSAMD - ok
14:04:12.0946 1076  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:04:12.0961 1076  HTTP - ok
14:04:13.0008 1076  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:04:13.0008 1076  hwpolicy - ok
14:04:13.0071 1076  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:04:13.0071 1076  i8042prt - ok
14:04:13.0195 1076  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:04:13.0227 1076  iaStor - ok
14:04:13.0320 1076  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:04:13.0320 1076  IAStorDataMgrSvc - ok
14:04:13.0367 1076  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:04:13.0383 1076  iaStorV - ok
14:04:13.0476 1076  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:04:13.0492 1076  idsvc - ok
14:04:13.0773 1076  [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:04:14.0053 1076  igfx - ok
14:04:14.0100 1076  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:04:14.0100 1076  iirsp - ok
14:04:14.0178 1076  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:04:14.0194 1076  IKEEXT - ok
14:04:14.0256 1076  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
14:04:14.0272 1076  Impcd - ok
14:04:14.0381 1076  [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:04:14.0397 1076  IntcAzAudAddService - ok
14:04:14.0475 1076  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:04:14.0475 1076  IntcDAud - ok
14:04:14.0521 1076  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:04:14.0521 1076  intelide - ok
14:04:14.0599 1076  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:04:14.0599 1076  intelppm - ok
14:04:14.0631 1076  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:04:14.0631 1076  IPBusEnum - ok
14:04:14.0693 1076  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:04:14.0693 1076  IpFilterDriver - ok
14:04:14.0724 1076  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:04:14.0740 1076  iphlpsvc - ok
14:04:14.0771 1076  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:04:14.0771 1076  IPMIDRV - ok
14:04:14.0802 1076  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:04:14.0802 1076  IPNAT - ok
14:04:14.0927 1076  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:04:14.0943 1076  iPod Service - ok
14:04:14.0974 1076  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:04:14.0974 1076  IRENUM - ok
14:04:15.0052 1076  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:04:15.0052 1076  isapnp - ok
14:04:15.0067 1076  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:04:15.0067 1076  iScsiPrt - ok
14:04:15.0145 1076  [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
14:04:15.0145 1076  k57nd60a - ok
14:04:15.0208 1076  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:04:15.0208 1076  kbdclass - ok
14:04:15.0270 1076  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:04:15.0270 1076  kbdhid - ok
14:04:15.0286 1076  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:04:15.0286 1076  KeyIso - ok
14:04:15.0364 1076  [ 524503240D2BA280D97E2297102151CE ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
14:04:15.0364 1076  kl1 - ok
14:04:15.0411 1076  [ 6AB7B4B65C5E201CB968DEC20AF10DCB ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
14:04:15.0426 1076  KLIF - ok
14:04:15.0457 1076  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:04:15.0457 1076  KSecDD - ok
14:04:15.0504 1076  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:04:15.0504 1076  KSecPkg - ok
14:04:15.0535 1076  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:04:15.0551 1076  ksthunk - ok
14:04:15.0598 1076  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:04:15.0598 1076  KtmRm - ok
14:04:15.0660 1076  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:04:15.0660 1076  LanmanServer - ok
14:04:15.0723 1076  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:04:15.0723 1076  LanmanWorkstation - ok
14:04:15.0785 1076  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:04:15.0785 1076  lltdio - ok
14:04:15.0816 1076  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:04:15.0832 1076  lltdsvc - ok
14:04:15.0832 1076  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:04:15.0832 1076  lmhosts - ok
14:04:15.0925 1076  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:04:15.0925 1076  LMS - ok
14:04:15.0972 1076  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:04:15.0972 1076  LSI_FC - ok
14:04:15.0988 1076  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:04:15.0988 1076  LSI_SAS - ok
14:04:16.0019 1076  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:04:16.0019 1076  LSI_SAS2 - ok
14:04:16.0035 1076  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:04:16.0035 1076  LSI_SCSI - ok
14:04:16.0050 1076  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:04:16.0050 1076  luafv - ok
14:04:16.0081 1076  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:04:16.0081 1076  Mcx2Svc - ok
14:04:16.0097 1076  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:04:16.0097 1076  megasas - ok
14:04:16.0113 1076  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:04:16.0128 1076  MegaSR - ok
14:04:16.0144 1076  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:04:16.0144 1076  MMCSS - ok
14:04:16.0159 1076  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:04:16.0159 1076  Modem - ok
14:04:16.0206 1076  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:04:16.0206 1076  monitor - ok
14:04:16.0253 1076  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:04:16.0253 1076  mouclass - ok
14:04:16.0347 1076  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:04:16.0347 1076  mouhid - ok
14:04:16.0393 1076  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:04:16.0393 1076  mountmgr - ok
14:04:16.0440 1076  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:04:16.0440 1076  mpio - ok
14:04:16.0487 1076  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:04:16.0487 1076  mpsdrv - ok
14:04:16.0534 1076  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:04:16.0534 1076  MpsSvc - ok
14:04:16.0581 1076  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:04:16.0581 1076  MRxDAV - ok
14:04:16.0627 1076  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:04:16.0627 1076  mrxsmb - ok
14:04:16.0674 1076  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:04:16.0674 1076  mrxsmb10 - ok
14:04:16.0705 1076  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:04:16.0721 1076  mrxsmb20 - ok
14:04:16.0768 1076  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:04:16.0768 1076  msahci - ok
14:04:16.0799 1076  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:04:16.0799 1076  msdsm - ok
14:04:16.0815 1076  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:04:16.0815 1076  MSDTC - ok
14:04:16.0861 1076  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:04:16.0861 1076  Msfs - ok
14:04:16.0924 1076  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:04:16.0924 1076  mshidkmdf - ok
14:04:16.0971 1076  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:04:16.0971 1076  msisadrv - ok
14:04:17.0002 1076  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:04:17.0002 1076  MSiSCSI - ok
14:04:17.0002 1076  msiserver - ok
14:04:17.0033 1076  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:04:17.0049 1076  MSKSSRV - ok
14:04:17.0064 1076  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:04:17.0064 1076  MSPCLOCK - ok
14:04:17.0064 1076  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:04:17.0064 1076  MSPQM - ok
14:04:17.0127 1076  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:04:17.0127 1076  MsRPC - ok
14:04:17.0142 1076  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:04:17.0142 1076  mssmbios - ok
14:04:17.0142 1076  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:04:17.0158 1076  MSTEE - ok
14:04:17.0158 1076  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:04:17.0158 1076  MTConfig - ok
14:04:17.0173 1076  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:04:17.0173 1076  Mup - ok
14:04:17.0189 1076  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:04:17.0189 1076  mwlPSDFilter - ok
14:04:17.0236 1076  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:04:17.0236 1076  mwlPSDNServ - ok
14:04:17.0251 1076  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:04:17.0251 1076  mwlPSDVDisk - ok
14:04:17.0407 1076  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
14:04:17.0407 1076  MWLService - ok
14:04:17.0470 1076  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:04:17.0485 1076  napagent - ok
14:04:17.0548 1076  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:04:17.0548 1076  NativeWifiP - ok
14:04:17.0657 1076  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
14:04:17.0657 1076  NAUpdate - ok
14:04:17.0719 1076  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:04:17.0735 1076  NDIS - ok
14:04:17.0782 1076  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:04:17.0782 1076  NdisCap - ok
14:04:17.0829 1076  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:04:17.0829 1076  NdisTapi - ok
14:04:17.0875 1076  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:04:17.0875 1076  Ndisuio - ok
14:04:17.0922 1076  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:04:17.0922 1076  NdisWan - ok
14:04:17.0969 1076  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:04:17.0969 1076  NDProxy - ok
14:04:18.0047 1076  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
14:04:18.0047 1076  Netaapl - ok
14:04:18.0078 1076  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:04:18.0078 1076  NetBIOS - ok
14:04:18.0141 1076  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:04:18.0141 1076  NetBT - ok
14:04:18.0156 1076  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:04:18.0172 1076  Netlogon - ok
14:04:18.0219 1076  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:04:18.0219 1076  Netman - ok
14:04:18.0234 1076  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:04:18.0250 1076  netprofm - ok
14:04:18.0265 1076  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:04:18.0265 1076  NetTcpPortSharing - ok
14:04:18.0328 1076  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:04:18.0328 1076  nfrd960 - ok
14:04:18.0375 1076  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:04:18.0390 1076  NlaSvc - ok
14:04:18.0515 1076  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:04:18.0531 1076  NOBU - ok
14:04:18.0562 1076  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:04:18.0562 1076  Npfs - ok
14:04:18.0593 1076  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:04:18.0593 1076  nsi - ok
14:04:18.0624 1076  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:04:18.0624 1076  nsiproxy - ok
14:04:18.0702 1076  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:04:18.0718 1076  Ntfs - ok
14:04:18.0796 1076  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
14:04:18.0796 1076  NTI IScheduleSvc - ok
14:04:18.0843 1076  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
14:04:18.0843 1076  NTIDrvr - ok
14:04:18.0843 1076  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:04:18.0843 1076  Null - ok
14:04:18.0921 1076  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:04:18.0921 1076  nvraid - ok
14:04:18.0967 1076  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:04:18.0967 1076  nvstor - ok
14:04:19.0014 1076  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:04:19.0014 1076  nv_agp - ok
14:04:19.0061 1076  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:04:19.0061 1076  ohci1394 - ok
14:04:19.0186 1076  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:04:19.0186 1076  ose - ok
14:04:19.0389 1076  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:04:19.0591 1076  osppsvc - ok
14:04:19.0654 1076  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:04:19.0654 1076  p2pimsvc - ok
14:04:19.0701 1076  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:04:19.0701 1076  p2psvc - ok
14:04:19.0732 1076  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:04:19.0732 1076  Parport - ok
14:04:19.0779 1076  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:04:19.0779 1076  partmgr - ok
14:04:19.0810 1076  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:04:19.0810 1076  PcaSvc - ok
14:04:19.0841 1076  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:04:19.0841 1076  pci - ok
14:04:19.0888 1076  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:04:19.0888 1076  pciide - ok
14:04:19.0919 1076  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:04:19.0919 1076  pcmcia - ok
14:04:19.0935 1076  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:04:19.0935 1076  pcw - ok
14:04:20.0059 1076  [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
14:04:20.0091 1076  PDFProFiltSrvPP - ok
14:04:20.0137 1076  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:04:20.0137 1076  PEAUTH - ok
14:04:20.0200 1076  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:04:20.0247 1076  PerfHost - ok
14:04:20.0325 1076  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:04:20.0340 1076  pla - ok
14:04:20.0387 1076  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:04:20.0387 1076  PlugPlay - ok
14:04:20.0403 1076  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:04:20.0403 1076  PNRPAutoReg - ok
14:04:20.0434 1076  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:04:20.0434 1076  PNRPsvc - ok
14:04:20.0496 1076  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:04:20.0496 1076  PolicyAgent - ok
14:04:20.0527 1076  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:04:20.0527 1076  Power - ok
14:04:20.0574 1076  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:04:20.0590 1076  PptpMiniport - ok
14:04:20.0605 1076  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:04:20.0605 1076  Processor - ok
14:04:20.0652 1076  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:04:20.0652 1076  ProfSvc - ok
14:04:20.0668 1076  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:04:20.0668 1076  ProtectedStorage - ok
14:04:20.0730 1076  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:04:20.0730 1076  Psched - ok
14:04:20.0777 1076  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:04:20.0793 1076  ql2300 - ok
14:04:20.0808 1076  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:04:20.0808 1076  ql40xx - ok
14:04:20.0824 1076  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:04:20.0824 1076  QWAVE - ok
14:04:20.0855 1076  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:04:20.0855 1076  QWAVEdrv - ok
14:04:20.0964 1076  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
14:04:20.0964 1076  RapiMgr - ok
14:04:20.0980 1076  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:04:20.0980 1076  RasAcd - ok
14:04:21.0027 1076  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:04:21.0027 1076  RasAgileVpn - ok
14:04:21.0058 1076  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:04:21.0058 1076  RasAuto - ok
14:04:21.0105 1076  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:04:21.0105 1076  Rasl2tp - ok
14:04:21.0151 1076  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:04:21.0151 1076  RasMan - ok
14:04:21.0183 1076  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:04:21.0183 1076  RasPppoe - ok
14:04:21.0229 1076  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:04:21.0229 1076  RasSstp - ok
14:04:21.0292 1076  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:04:21.0292 1076  rdbss - ok
14:04:21.0307 1076  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:04:21.0307 1076  rdpbus - ok
14:04:21.0339 1076  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:04:21.0339 1076  RDPCDD - ok
14:04:21.0385 1076  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:04:21.0385 1076  RDPENCDD - ok
14:04:21.0401 1076  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:04:21.0401 1076  RDPREFMP - ok
14:04:21.0448 1076  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:04:21.0448 1076  RDPWD - ok
14:04:21.0495 1076  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:04:21.0495 1076  rdyboost - ok
14:04:21.0510 1076  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:04:21.0510 1076  RemoteAccess - ok
14:04:21.0573 1076  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:04:21.0573 1076  RemoteRegistry - ok
14:04:21.0573 1076  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:04:21.0588 1076  RpcEptMapper - ok
14:04:21.0604 1076  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:04:21.0619 1076  RpcLocator - ok
14:04:21.0666 1076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:04:21.0682 1076  RpcSs - ok
14:04:21.0697 1076  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:04:21.0713 1076  rspndr - ok
14:04:21.0760 1076  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
14:04:21.0760 1076  RSUSBSTOR - ok
14:04:21.0775 1076  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:04:21.0775 1076  SamSs - ok
14:04:21.0822 1076  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:04:21.0822 1076  sbp2port - ok
14:04:21.0869 1076  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:04:21.0869 1076  SCardSvr - ok
14:04:21.0900 1076  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:04:21.0916 1076  scfilter - ok
14:04:21.0978 1076  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:04:21.0994 1076  Schedule - ok
14:04:22.0041 1076  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:04:22.0041 1076  SCPolicySvc - ok
14:04:22.0103 1076  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:04:22.0103 1076  SDRSVC - ok
14:04:22.0165 1076  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:04:22.0165 1076  secdrv - ok
14:04:22.0212 1076  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:04:22.0212 1076  seclogon - ok
14:04:22.0228 1076  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:04:22.0228 1076  SENS - ok
14:04:22.0243 1076  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:04:22.0243 1076  SensrSvc - ok
14:04:22.0259 1076  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:04:22.0259 1076  Serenum - ok
14:04:22.0290 1076  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:04:22.0290 1076  Serial - ok
14:04:22.0321 1076  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:04:22.0321 1076  sermouse - ok
14:04:22.0399 1076  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:04:22.0399 1076  SessionEnv - ok
14:04:22.0446 1076  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:04:22.0446 1076  sffdisk - ok
14:04:22.0446 1076  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:04:22.0446 1076  sffp_mmc - ok
14:04:22.0462 1076  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:04:22.0462 1076  sffp_sd - ok
14:04:22.0493 1076  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:04:22.0493 1076  sfloppy - ok
14:04:22.0571 1076  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:04:22.0571 1076  SharedAccess - ok
14:04:22.0633 1076  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:04:22.0633 1076  ShellHWDetection - ok
14:04:22.0680 1076  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:04:22.0680 1076  SiSRaid2 - ok
14:04:22.0680 1076  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:04:22.0696 1076  SiSRaid4 - ok
14:04:22.0696 1076  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:04:22.0711 1076  Smb - ok
14:04:22.0758 1076  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:04:22.0758 1076  SNMPTRAP - ok
14:04:22.0774 1076  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:04:22.0774 1076  spldr - ok
14:04:22.0821 1076  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:04:22.0821 1076  Spooler - ok
14:04:22.0930 1076  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:04:22.0992 1076  sppsvc - ok
14:04:23.0023 1076  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:04:23.0023 1076  sppuinotify - ok
14:04:23.0070 1076  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:04:23.0070 1076  srv - ok
14:04:23.0101 1076  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:04:23.0101 1076  srv2 - ok
14:04:23.0117 1076  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:04:23.0117 1076  srvnet - ok
14:04:23.0179 1076  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:04:23.0195 1076  SSDPSRV - ok
14:04:23.0226 1076  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:04:23.0226 1076  SstpSvc - ok
14:04:23.0242 1076  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:04:23.0242 1076  stexstor - ok
14:04:23.0320 1076  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
14:04:23.0320 1076  StillCam - ok
14:04:23.0367 1076  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:04:23.0367 1076  stisvc - ok
14:04:23.0413 1076  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:04:23.0413 1076  swenum - ok
14:04:23.0445 1076  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:04:23.0445 1076  swprv - ok
14:04:23.0523 1076  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:04:23.0538 1076  SysMain - ok
14:04:23.0585 1076  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:04:23.0585 1076  TabletInputService - ok
14:04:23.0647 1076  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:04:23.0647 1076  TapiSrv - ok
14:04:23.0663 1076  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:04:23.0663 1076  TBS - ok
14:04:23.0757 1076  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:04:23.0772 1076  Tcpip - ok
14:04:23.0835 1076  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:04:23.0850 1076  TCPIP6 - ok
14:04:23.0897 1076  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:04:23.0897 1076  tcpipreg - ok
14:04:23.0944 1076  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:04:23.0944 1076  TDPIPE - ok
14:04:23.0991 1076  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:04:23.0991 1076  TDTCP - ok
14:04:24.0037 1076  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:04:24.0037 1076  tdx - ok
14:04:24.0069 1076  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:04:24.0069 1076  TermDD - ok
14:04:24.0100 1076  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:04:24.0100 1076  TermService - ok
14:04:24.0115 1076  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:04:24.0115 1076  Themes - ok
14:04:24.0131 1076  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:04:24.0147 1076  THREADORDER - ok
14:04:24.0147 1076  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:04:24.0162 1076  TrkWks - ok
14:04:24.0209 1076  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:04:24.0209 1076  TrustedInstaller - ok
14:04:24.0256 1076  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:04:24.0256 1076  tssecsrv - ok
14:04:24.0303 1076  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:04:24.0303 1076  TsUsbFlt - ok
14:04:24.0365 1076  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:04:24.0365 1076  tunnel - ok
14:04:24.0412 1076  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:04:24.0412 1076  uagp35 - ok
14:04:24.0427 1076  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
14:04:24.0427 1076  UBHelper - ok
14:04:24.0490 1076  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:04:24.0490 1076  udfs - ok
14:04:24.0537 1076  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:04:24.0537 1076  UI0Detect - ok
14:04:24.0583 1076  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:04:24.0583 1076  uliagpkx - ok
14:04:24.0630 1076  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:04:24.0630 1076  umbus - ok
14:04:24.0661 1076  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:04:24.0661 1076  UmPass - ok
14:04:24.0786 1076  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:04:24.0817 1076  UNS - ok
14:04:24.0895 1076  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:04:24.0895 1076  Updater Service - ok
14:04:24.0927 1076  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:04:24.0927 1076  upnphost - ok
14:04:24.0973 1076  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:04:24.0973 1076  USBAAPL64 - ok
14:04:25.0020 1076  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:04:25.0020 1076  usbccgp - ok
14:04:25.0067 1076  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:04:25.0067 1076  usbcir - ok
14:04:25.0098 1076  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:04:25.0098 1076  usbehci - ok
14:04:25.0145 1076  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:04:25.0145 1076  usbhub - ok
14:04:25.0161 1076  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:04:25.0161 1076  usbohci - ok
14:04:25.0223 1076  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:04:25.0223 1076  usbprint - ok
14:04:25.0270 1076  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:04:25.0270 1076  usbscan - ok
14:04:25.0317 1076  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:04:25.0317 1076  USBSTOR - ok
14:04:25.0332 1076  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:04:25.0332 1076  usbuhci - ok
14:04:25.0379 1076  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:04:25.0379 1076  usbvideo - ok
14:04:25.0426 1076  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
14:04:25.0426 1076  usb_rndisx - ok
14:04:25.0441 1076  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:04:25.0457 1076  UxSms - ok
14:04:25.0473 1076  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:04:25.0473 1076  VaultSvc - ok
14:04:25.0519 1076  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:04:25.0519 1076  vdrvroot - ok
14:04:25.0566 1076  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:04:25.0582 1076  vds - ok
14:04:25.0644 1076  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:04:25.0644 1076  vga - ok
14:04:25.0660 1076  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:04:25.0660 1076  VgaSave - ok
14:04:25.0707 1076  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:04:25.0707 1076  vhdmp - ok
14:04:25.0753 1076  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:04:25.0753 1076  viaide - ok
14:04:25.0769 1076  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:04:25.0785 1076  volmgr - ok
14:04:25.0831 1076  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:04:25.0831 1076  volmgrx - ok
14:04:25.0863 1076  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:04:25.0863 1076  volsnap - ok
14:04:25.0925 1076  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:04:25.0925 1076  vsmraid - ok
14:04:25.0987 1076  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:04:26.0003 1076  VSS - ok
14:04:26.0019 1076  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:04:26.0019 1076  vwifibus - ok
14:04:26.0034 1076  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:04:26.0034 1076  vwififlt - ok
14:04:26.0112 1076  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:04:26.0112 1076  vwifimp - ok
14:04:26.0143 1076  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:04:26.0159 1076  W32Time - ok
14:04:26.0175 1076  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:04:26.0175 1076  WacomPen - ok
14:04:26.0237 1076  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:04:26.0237 1076  WANARP - ok
14:04:26.0253 1076  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:04:26.0253 1076  Wanarpv6 - ok
14:04:26.0346 1076  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:04:26.0362 1076  WatAdminSvc - ok
14:04:26.0424 1076  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:04:26.0440 1076  wbengine - ok
14:04:26.0487 1076  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:04:26.0487 1076  WbioSrvc - ok
14:04:26.0549 1076  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
14:04:26.0565 1076  WcesComm - ok
14:04:26.0596 1076  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:04:26.0611 1076  wcncsvc - ok
14:04:26.0643 1076  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:04:26.0643 1076  WcsPlugInService - ok
14:04:26.0674 1076  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:04:26.0674 1076  Wd - ok
14:04:26.0721 1076  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:04:26.0721 1076  Wdf01000 - ok
14:04:26.0752 1076  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:04:26.0752 1076  WdiServiceHost - ok
14:04:26.0752 1076  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:04:26.0767 1076  WdiSystemHost - ok
14:04:26.0814 1076  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:04:26.0814 1076  WebClient - ok
14:04:26.0845 1076  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:04:26.0861 1076  Wecsvc - ok
14:04:26.0861 1076  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:04:26.0877 1076  wercplsupport - ok
14:04:26.0923 1076  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:04:26.0923 1076  WerSvc - ok
14:04:26.0939 1076  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:04:26.0955 1076  WfpLwf - ok
14:04:26.0986 1076  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:04:26.0986 1076  WIMMount - ok
14:04:27.0017 1076  WinDefend - ok
14:04:27.0017 1076  WinHttpAutoProxySvc - ok
14:04:27.0064 1076  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:04:27.0064 1076  Winmgmt - ok
14:04:27.0126 1076  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:04:27.0157 1076  WinRM - ok
14:04:27.0235 1076  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:04:27.0235 1076  WinUsb - ok
14:04:27.0267 1076  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:04:27.0282 1076  Wlansvc - ok
14:04:27.0360 1076  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:04:27.0360 1076  wlcrasvc - ok
14:04:27.0469 1076  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:04:27.0501 1076  wlidsvc - ok
14:04:27.0547 1076  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:04:27.0547 1076  WmiAcpi - ok
14:04:27.0579 1076  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:04:27.0579 1076  wmiApSrv - ok
14:04:27.0594 1076  WMPNetworkSvc - ok
14:04:27.0625 1076  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:04:27.0625 1076  WPCSvc - ok
14:04:27.0657 1076  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:04:27.0672 1076  WPDBusEnum - ok
14:04:27.0688 1076  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:04:27.0688 1076  ws2ifsl - ok
14:04:27.0703 1076  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:04:27.0703 1076  wscsvc - ok
14:04:27.0719 1076  WSearch - ok
14:04:27.0828 1076  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:04:27.0844 1076  wuauserv - ok
14:04:27.0891 1076  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:04:27.0891 1076  WudfPf - ok
14:04:27.0937 1076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:04:27.0937 1076  WUDFRd - ok
14:04:27.0984 1076  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:04:27.0984 1076  wudfsvc - ok
14:04:28.0031 1076  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:04:28.0031 1076  WwanSvc - ok
14:04:28.0140 1076  [ 5DFFD6BC2D8BCCA1964084F9E92F529E ] XoftSpyService  C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe
14:04:28.0156 1076  XoftSpyService - ok
14:04:28.0203 1076  ================ Scan global ===============================
14:04:28.0234 1076  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:04:28.0281 1076  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:04:28.0312 1076  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:04:28.0327 1076  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:04:28.0359 1076  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:04:28.0359 1076  [Global] - ok
14:04:28.0359 1076  ================ Scan MBR ==================================
14:04:28.0374 1076  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:04:28.0795 1076  \Device\Harddisk0\DR0 - ok
14:04:28.0795 1076  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
14:04:28.0920 1076  \Device\Harddisk1\DR1 - ok
14:04:28.0920 1076  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
14:04:29.0076 1076  \Device\Harddisk2\DR2 - ok
14:04:29.0076 1076  ================ Scan VBR ==================================
14:04:29.0076 1076  [ 540C71BA44D9030BBF8DC37787633EB8 ] \Device\Harddisk0\DR0\Partition1
14:04:29.0076 1076  \Device\Harddisk0\DR0\Partition1 - ok
14:04:29.0107 1076  [ 6F35784553BC71CF2904211A52ABFB1E ] \Device\Harddisk0\DR0\Partition2
14:04:29.0107 1076  \Device\Harddisk0\DR0\Partition2 - ok
14:04:29.0107 1076  [ D6F724AEAE3CB2B86B717BD065D6B4B2 ] \Device\Harddisk1\DR1\Partition1
14:04:29.0107 1076  \Device\Harddisk1\DR1\Partition1 - ok
14:04:29.0139 1076  [ AED1C9E544438553DAB4B514277652AC ] \Device\Harddisk2\DR2\Partition1
14:04:29.0139 1076  \Device\Harddisk2\DR2\Partition1 - ok
14:04:29.0139 1076  ================ Scan active images ========================
14:04:29.0139 1076  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
14:04:29.0139 1076  C:\Windows\System32\drivers\crashdmp.sys - ok
14:04:29.0139 1076  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] C:\Windows\System32\drivers\iaStor.sys
14:04:29.0139 1076  C:\Windows\System32\drivers\iaStor.sys - ok
14:04:29.0154 1076  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
14:04:29.0154 1076  C:\Windows\System32\drivers\dumpfve.sys - ok
14:04:29.0154 1076  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
14:04:29.0154 1076  C:\Windows\System32\drivers\beep.sys - ok
14:04:29.0154 1076  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
14:04:29.0154 1076  C:\Windows\System32\drivers\null.sys - ok
14:04:29.0154 1076  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
14:04:29.0154 1076  C:\Windows\System32\drivers\RDPENCDD.sys - ok
14:04:29.0170 1076  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
14:04:29.0170 1076  C:\Windows\System32\drivers\vga.sys - ok
14:04:29.0170 1076  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
14:04:29.0170 1076  C:\Windows\System32\drivers\videoprt.sys - ok
14:04:29.0170 1076  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
14:04:29.0170 1076  C:\Windows\System32\drivers\watchdog.sys - ok
14:04:29.0170 1076  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
14:04:29.0170 1076  C:\Windows\System32\drivers\msfs.sys - ok
14:04:29.0201 1076  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
14:04:29.0201 1076  C:\Windows\System32\drivers\npfs.sys - ok
14:04:29.0201 1076  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
14:04:29.0201 1076  C:\Windows\System32\drivers\tdi.sys - ok
14:04:29.0201 1076  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
14:04:29.0201 1076  C:\Windows\System32\drivers\tdx.sys - ok
14:04:29.0217 1076  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
14:04:29.0217 1076  C:\Windows\System32\drivers\afd.sys - ok
14:04:29.0217 1076  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
14:04:29.0217 1076  C:\Windows\System32\drivers\netbt.sys - ok
14:04:29.0217 1076  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
14:04:29.0217 1076  C:\Windows\System32\drivers\dfsc.sys - ok
14:04:29.0217 1076  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
14:04:29.0217 1076  C:\Windows\System32\drivers\netbios.sys - ok
14:04:29.0217 1076  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
14:04:29.0217 1076  C:\Windows\System32\drivers\nsiproxy.sys - ok
14:04:29.0263 1076  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
14:04:29.0263 1076  C:\Windows\System32\drivers\pacer.sys - ok
14:04:29.0295 1076  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
14:04:29.0295 1076  C:\Windows\System32\drivers\rdbss.sys - ok
14:04:29.0326 1076  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
14:04:29.0326 1076  C:\Windows\System32\drivers\vwififlt.sys - ok
14:04:29.0326 1076  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
14:04:29.0326 1076  C:\Windows\System32\drivers\wfplwf.sys - ok
14:04:29.0326 1076  [ B6AC71AAA2B10848F57FC49D55A651AF ] C:\Windows\System32\drivers\HECIx64.sys
14:04:29.0326 1076  C:\Windows\System32\drivers\HECIx64.sys - ok
14:04:29.0326 1076  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
14:04:29.0326 1076  C:\Windows\System32\drivers\tunnel.sys - ok
14:04:29.0341 1076  [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
14:04:29.0341 1076  C:\Windows\System32\drivers\usbport.sys - ok
14:04:29.0341 1076  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
14:04:29.0341 1076  C:\Windows\System32\ntdll.dll - ok
14:04:29.0341 1076  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
14:04:29.0341 1076  C:\Windows\System32\smss.exe - ok
14:04:29.0341 1076  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
14:04:29.0341 1076  C:\Windows\System32\autochk.exe - ok
14:04:29.0357 1076  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
14:04:29.0357 1076  C:\Windows\System32\drivers\hdaudbus.sys - ok
14:04:29.0357 1076  [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
14:04:29.0357 1076  C:\Windows\System32\drivers\usbehci.sys - ok
14:04:29.0357 1076  [ 37E053A2CF8F0082B689ED74106E0CEC ] C:\Windows\System32\drivers\k57nd60a.sys
14:04:29.0357 1076  C:\Windows\System32\drivers\k57nd60a.sys - ok
14:04:29.0357 1076  [ DE8B9C3E0E09D918B394207F34AC16DD ] C:\Windows\System32\drivers\athrx.sys
14:04:29.0357 1076  C:\Windows\System32\drivers\athrx.sys - ok
14:04:29.0373 1076  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
14:04:29.0373 1076  C:\Windows\System32\drivers\i8042prt.sys - ok
14:04:29.0373 1076  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
14:04:29.0373 1076  C:\Windows\System32\drivers\vwifibus.sys - ok
14:04:29.0373 1076  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
14:04:29.0373 1076  C:\Windows\System32\drivers\cdrom.sys - ok
14:04:29.0373 1076  [ 0975BF32399A24117E317B5BF1D5D0AA ] C:\Windows\System32\drivers\ETD.sys
14:04:29.0373 1076  C:\Windows\System32\drivers\ETD.sys - ok
14:04:29.0404 1076  [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
14:04:29.0404 1076  C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
14:04:29.0435 1076  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
14:04:29.0435 1076  C:\Windows\System32\drivers\kbdclass.sys - ok
14:04:29.0435 1076  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
14:04:29.0435 1076  C:\Windows\System32\drivers\mouclass.sys - ok
14:04:29.0451 1076  [ EE3BA1024594D5D09E314F206B94069E ] C:\Windows\System32\drivers\NTIDrvr.sys
14:04:29.0451 1076  C:\Windows\System32\drivers\NTIDrvr.sys - ok
14:04:29.0451 1076  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] C:\Windows\System32\drivers\UBHelper.sys
14:04:29.0451 1076  C:\Windows\System32\drivers\UBHelper.sys - ok
14:04:29.0451 1076  [ DD587A55390ED2295BCE6D36AD567DA9 ] C:\Windows\System32\drivers\Impcd.sys
14:04:29.0451 1076  C:\Windows\System32\drivers\Impcd.sys - ok
14:04:29.0451 1076  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
14:04:29.0451 1076  C:\Windows\System32\drivers\agilevpn.sys - ok
14:04:29.0482 1076  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
14:04:29.0482 1076  C:\Windows\System32\drivers\blbdrive.sys - ok
14:04:29.0482 1076  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
14:04:29.0482 1076  C:\Windows\System32\drivers\CompositeBus.sys - ok
14:04:29.0482 1076  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
14:04:29.0482 1076  C:\Windows\System32\drivers\mssmbios.sys - ok
14:04:29.0482 1076  [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
14:04:29.0482 1076  C:\Windows\System32\drivers\wmiacpi.sys - ok
14:04:29.0497 1076  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
14:04:29.0497 1076  C:\Windows\System32\drivers\ndistapi.sys - ok
14:04:29.0497 1076  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
14:04:29.0497 1076  C:\Windows\System32\drivers\ndiswan.sys - ok
14:04:29.0497 1076  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
14:04:29.0497 1076  C:\Windows\System32\drivers\rasl2tp.sys - ok
14:04:29.0497 1076  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
14:04:29.0497 1076  C:\Windows\System32\drivers\raspppoe.sys - ok
14:04:29.0513 1076  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
14:04:29.0513 1076  C:\Windows\System32\drivers\raspptp.sys - ok
14:04:29.0513 1076  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] C:\Windows\System32\drivers\btath_bus.sys
14:04:29.0513 1076  C:\Windows\System32\drivers\btath_bus.sys - ok
14:04:29.0513 1076  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
14:04:29.0513 1076  C:\Windows\System32\drivers\ks.sys - ok
14:04:29.0513 1076  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
14:04:29.0513 1076  C:\Windows\System32\drivers\rassstp.sys - ok
14:04:29.0529 1076  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
14:04:29.0529 1076  C:\Windows\System32\drivers\swenum.sys - ok
14:04:29.0529 1076  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
14:04:29.0529 1076  C:\Windows\System32\drivers\termdd.sys - ok
14:04:29.0529 1076  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
14:04:29.0529 1076  C:\Windows\System32\drivers\umbus.sys - ok
14:04:29.0529 1076  [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
14:04:29.0529 1076  C:\Windows\System32\drivers\usbhub.sys - ok
14:04:29.0560 1076  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
14:04:29.0560 1076  C:\Windows\System32\drivers\ndproxy.sys - ok
14:04:29.0560 1076  [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
14:04:29.0560 1076  C:\Windows\System32\drivers\usbd.sys - ok
14:04:29.0560 1076  [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
14:04:29.0560 1076  C:\Windows\System32\drivers\USBSTOR.SYS - ok
14:04:29.0575 1076  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
14:04:29.0575 1076  C:\Windows\System32\imagehlp.dll - ok
14:04:29.0575 1076  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
14:04:29.0575 1076  C:\Windows\System32\msvcrt.dll - ok
14:04:29.0575 1076  [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
14:04:29.0575 1076  C:\Windows\System32\shell32.dll - ok
14:04:29.0575 1076  [ FF4232A1A64012BAA1FD97C7B67DF593 ] C:\Windows\System32\drivers\udfs.sys
14:04:29.0575 1076  C:\Windows\System32\drivers\udfs.sys - ok
14:04:29.0575 1076  [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
14:04:29.0575 1076  C:\Windows\System32\drivers\usbccgp.sys - ok
14:04:29.0591 1076  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] C:\Windows\System32\drivers\RtsUStor.sys
14:04:29.0591 1076  C:\Windows\System32\drivers\RtsUStor.sys - ok
14:04:29.0591 1076  [ F431C3C86FCCC1C53814F043A6CAD825 ] C:\Windows\System32\iertutil.dll
14:04:29.0591 1076  C:\Windows\System32\iertutil.dll - ok
14:04:29.0591 1076  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
14:04:29.0591 1076  C:\Windows\System32\msctf.dll - ok
14:04:29.0591 1076  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
14:04:29.0591 1076  C:\Windows\System32\difxapi.dll - ok
14:04:29.0607 1076  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
14:04:29.0607 1076  C:\Windows\System32\normaliz.dll - ok
14:04:29.0607 1076  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
14:04:29.0607 1076  C:\Windows\System32\nsi.dll - ok
14:04:29.0607 1076  [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
14:04:29.0607 1076  C:\Windows\System32\kernel32.dll - ok
14:04:29.0607 1076  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
14:04:29.0607 1076  C:\Windows\System32\lpk.dll - ok
14:04:29.0638 1076  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
14:04:29.0638 1076  C:\Windows\System32\advapi32.dll - ok
14:04:29.0638 1076  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
14:04:29.0638 1076  C:\Windows\System32\gdi32.dll - ok
14:04:29.0638 1076  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
14:04:29.0638 1076  C:\Windows\System32\imm32.dll - ok
14:04:29.0638 1076  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
14:04:29.0638 1076  C:\Windows\System32\user32.dll - ok
14:04:29.0653 1076  [ 87BEA2616EFDEC6A1CB3BFCFB09D816A ] C:\Windows\System32\urlmon.dll
14:04:29.0653 1076  C:\Windows\System32\urlmon.dll - ok
14:04:29.0653 1076  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
14:04:29.0653 1076  C:\Windows\System32\setupapi.dll - ok
14:04:29.0653 1076  [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
14:04:29.0653 1076  C:\Windows\System32\usp10.dll - ok
14:04:29.0653 1076  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
14:04:29.0653 1076  C:\Windows\System32\clbcatq.dll - ok
14:04:29.0669 1076  [ 435E9C764E1EF70058580996452BE6A2 ] C:\Windows\System32\wininet.dll
14:04:29.0669 1076  C:\Windows\System32\wininet.dll - ok
14:04:29.0669 1076  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
14:04:29.0669 1076  C:\Windows\System32\comdlg32.dll - ok
14:04:29.0669 1076  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
14:04:29.0669 1076  C:\Windows\System32\psapi.dll - ok
14:04:29.0669 1076  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
14:04:29.0669 1076  C:\Windows\System32\rpcrt4.dll - ok
14:04:29.0685 1076  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
14:04:29.0685 1076  C:\Windows\System32\Wldap32.dll - ok
14:04:29.0685 1076  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
14:04:29.0685 1076  C:\Windows\System32\ole32.dll - ok
14:04:29.0685 1076  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
14:04:29.0685 1076  C:\Windows\System32\sechost.dll - ok
14:04:29.0685 1076  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
14:04:29.0685 1076  C:\Windows\System32\ws2_32.dll - ok
14:04:29.0716 1076  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
14:04:29.0716 1076  C:\Windows\System32\oleaut32.dll - ok
14:04:29.0716 1076  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
14:04:29.0716 1076  C:\Windows\System32\comctl32.dll - ok
14:04:29.0716 1076  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
14:04:29.0716 1076  C:\Windows\System32\shlwapi.dll - ok
14:04:29.0716 1076  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
14:04:29.0716 1076  C:\Windows\System32\cfgmgr32.dll - ok
14:04:29.0731 1076  [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
14:04:29.0731 1076  C:\Windows\System32\wintrust.dll - ok
14:04:29.0731 1076  [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
14:04:29.0731 1076  C:\Windows\System32\crypt32.dll - ok
14:04:29.0731 1076  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
14:04:29.0731 1076  C:\Windows\System32\devobj.dll - ok
14:04:29.0731 1076  [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
14:04:29.0731 1076  C:\Windows\System32\KernelBase.dll - ok
14:04:29.0747 1076  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
14:04:29.0747 1076  C:\Windows\System32\msasn1.dll - ok
14:04:29.0747 1076  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
14:04:29.0747 1076  C:\Windows\SysWOW64\normaliz.dll - ok
14:04:29.0747 1076  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
14:04:29.0747 1076  C:\Windows\System32\drivers\dxapi.sys - ok
14:04:29.0747 1076  [ 59E21156113E438D1D91AF4FC0C3B19F ] C:\Windows\System32\win32k.sys
14:04:29.0747 1076  C:\Windows\System32\win32k.sys - ok
14:04:29.0763 1076  [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
14:04:29.0763 1076  C:\Windows\System32\csrsrv.dll - ok
14:04:29.0763 1076  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
14:04:29.0763 1076  C:\Windows\System32\csrss.exe - ok
14:04:29.0763 1076  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
14:04:29.0763 1076  C:\Windows\System32\basesrv.dll - ok
14:04:29.0763 1076  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
14:04:29.0763 1076  C:\Windows\System32\winsrv.dll - ok
14:04:29.0763 1076  [ FEDE0629ECB23650D48989517D4914DA ] C:\Windows\System32\drivers\dxg.sys
14:04:29.0763 1076  C:\Windows\System32\drivers\dxg.sys - ok
14:04:29.0794 1076  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
14:04:29.0794 1076  C:\Windows\System32\tsddd.dll - ok
14:04:29.0794 1076  [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
14:04:29.0794 1076  C:\Windows\System32\KBDUS.DLL - ok
14:04:29.0794 1076  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
14:04:29.0794 1076  C:\Windows\System32\profapi.dll - ok
14:04:29.0809 1076  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
14:04:29.0809 1076  C:\Windows\System32\RpcRtRemote.dll - ok
14:04:29.0809 1076  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
14:04:29.0809 1076  C:\Windows\System32\sxssrv.dll - ok
14:04:29.0809 1076  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
14:04:29.0809 1076  C:\Windows\System32\wininit.exe - ok
14:04:29.0809 1076  [ 8BEC4D6AD2864EDF68D9AD0C6AA6C6D1 ] C:\Windows\System32\vga.dll
14:04:29.0809 1076  C:\Windows\System32\vga.dll - ok
14:04:29.0809 1076  [ E30B04A8FE665C52162D70233ABEA9A3 ] C:\Windows\System32\framebuf.dll
14:04:29.0809 1076  C:\Windows\System32\framebuf.dll - ok
14:04:29.0825 1076  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
14:04:29.0825 1076  C:\Windows\System32\WlS0WndH.dll - ok
14:04:29.0825 1076  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
14:04:29.0825 1076  C:\Windows\System32\sxs.dll - ok
14:04:29.0825 1076  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
14:04:29.0825 1076  C:\Windows\System32\cryptbase.dll - ok
14:04:29.0825 1076  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
14:04:29.0825 1076  C:\Windows\System32\services.exe - ok
14:04:29.0841 1076  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
14:04:29.0841 1076  C:\Windows\System32\winlogon.exe - ok
14:04:29.0841 1076  [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
14:04:29.0841 1076  C:\Windows\System32\lsasrv.dll - ok
14:04:29.0841 1076  [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
14:04:29.0841 1076  C:\Windows\System32\lsass.exe - ok
14:04:29.0841 1076  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
14:04:29.0841 1076  C:\Windows\System32\lsm.exe - ok
14:04:29.0872 1076  [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
14:04:29.0872 1076  C:\Windows\System32\sspicli.dll - ok
14:04:29.0903 1076  [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
14:04:29.0903 1076  C:\Windows\System32\sspisrv.dll - ok
14:04:29.0903 1076  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
14:04:29.0903 1076  C:\Windows\System32\winsta.dll - ok
14:04:29.0919 1076  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
14:04:29.0919 1076  C:\Windows\System32\sysntfy.dll - ok
14:04:29.0919 1076  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
14:04:29.0919 1076  C:\Windows\System32\scesrv.dll - ok
14:04:29.0919 1076  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
14:04:29.0919 1076  C:\Windows\System32\scext.dll - ok
14:04:29.0919 1076  [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
14:04:29.0919 1076  C:\Windows\System32\secur32.dll - ok
14:04:29.0919 1076  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
14:04:29.0919 1076  C:\Windows\System32\wmsgapi.dll - ok
14:04:29.0950 1076  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
14:04:29.0950 1076  C:\Windows\System32\samsrv.dll - ok
14:04:29.0950 1076  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
14:04:29.0950 1076  C:\Windows\System32\srvcli.dll - ok
14:04:29.0950 1076  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
14:04:29.0950 1076  C:\Windows\System32\cryptdll.dll - ok
14:04:29.0965 1076  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
14:04:29.0965 1076  C:\Windows\System32\wevtapi.dll - ok
14:04:29.0965 1076  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
14:04:29.0965 1076  C:\Windows\System32\authz.dll - ok
14:04:29.0965 1076  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
14:04:29.0965 1076  C:\Windows\System32\cngaudit.dll - ok
14:04:29.0965 1076  [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
14:04:29.0965 1076  C:\Windows\System32\ncrypt.dll - ok
14:04:29.0965 1076  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
14:04:29.0965 1076  C:\Windows\System32\bcrypt.dll - ok
14:04:29.0981 1076  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
14:04:29.0981 1076  C:\Windows\System32\msprivs.dll - ok
14:04:29.0981 1076  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
14:04:29.0981 1076  C:\Windows\System32\netjoin.dll - ok
14:04:29.0981 1076  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
14:04:29.0981 1076  C:\Windows\System32\negoexts.dll - ok
14:04:29.0981 1076  [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
14:04:29.0981 1076  C:\Windows\System32\kerberos.dll - ok
14:04:29.0997 1076  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
14:04:29.0997 1076  C:\Windows\System32\cryptsp.dll - ok
14:04:29.0997 1076  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
14:04:29.0997 1076  C:\Windows\System32\mswsock.dll - ok
14:04:29.0997 1076  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
14:04:29.0997 1076  C:\Windows\System32\msv1_0.dll - ok
14:04:29.0997 1076  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
14:04:29.0997 1076  C:\Windows\System32\wship6.dll - ok
14:04:30.0028 1076  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
14:04:30.0028 1076  C:\Windows\System32\netlogon.dll - ok
14:04:30.0059 1076  [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
14:04:30.0059 1076  C:\Windows\System32\dnsapi.dll - ok
14:04:30.0059 1076  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
14:04:30.0059 1076  C:\Windows\System32\logoncli.dll - ok
14:04:30.0075 1076  [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
14:04:30.0075 1076  C:\Windows\System32\schannel.dll - ok
14:04:30.0075 1076  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
14:04:30.0075 1076  C:\Windows\System32\wdigest.dll - ok
14:04:30.0075 1076  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
14:04:30.0075 1076  C:\Windows\System32\rsaenh.dll - ok
14:04:30.0075 1076  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
14:04:30.0075 1076  C:\Windows\System32\TSpkg.dll - ok
14:04:30.0106 1076  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
14:04:30.0106 1076  C:\Windows\System32\pku2u.dll - ok
14:04:30.0106 1076  [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL
14:04:30.0106 1076  C:\Windows\System32\LIVESSP.DLL - ok
14:04:30.0106 1076  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
14:04:30.0106 1076  C:\Windows\System32\bcryptprimitives.dll - ok
14:04:30.0106 1076  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
14:04:30.0106 1076  C:\Windows\System32\credssp.dll - ok
14:04:30.0121 1076  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
14:04:30.0121 1076  C:\Windows\System32\efslsaext.dll - ok
14:04:30.0121 1076  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
14:04:30.0121 1076  C:\Windows\System32\scecli.dll - ok
14:04:30.0121 1076  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
14:04:30.0121 1076  C:\Windows\System32\ubpm.dll - ok
14:04:30.0121 1076  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
14:04:30.0121 1076  C:\Windows\System32\svchost.exe - ok
14:04:30.0137 1076  [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
14:04:30.0137 1076  C:\Windows\System32\umpnpmgr.dll - ok
14:04:30.0137 1076  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
14:04:30.0137 1076  C:\Windows\System32\SPInf.dll - ok
14:04:30.0137 1076  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
14:04:30.0137 1076  C:\Windows\System32\devrtl.dll - ok
14:04:30.0137 1076  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
14:04:30.0137 1076  C:\Windows\System32\gpapi.dll - ok
14:04:30.0153 1076  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
14:04:30.0153 1076  C:\Windows\System32\userenv.dll - ok
14:04:30.0153 1076  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
14:04:30.0153 1076  C:\Windows\System32\pcwum.dll - ok
14:04:30.0153 1076  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
14:04:30.0153 1076  C:\Windows\System32\umpo.dll - ok
14:04:30.0153 1076  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
14:04:30.0153 1076  C:\Windows\System32\powrprof.dll - ok
14:04:30.0153 1076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
14:04:30.0153 1076  C:\Windows\System32\rpcss.dll - ok
14:04:30.0184 1076  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
14:04:30.0184 1076  C:\Windows\System32\RpcEpMap.dll - ok
14:04:30.0184 1076  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
14:04:30.0184 1076  C:\Windows\System32\wshqos.dll - ok
14:04:30.0184 1076  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
14:04:30.0184 1076  C:\Windows\System32\WSHTCPIP.DLL - ok
14:04:30.0215 1076  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
14:04:30.0215 1076  C:\Windows\System32\FirewallAPI.dll - ok
14:04:30.0215 1076  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
14:04:30.0215 1076  C:\Windows\System32\LogonUI.exe - ok
14:04:30.0215 1076  [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
14:04:30.0215 1076  C:\Windows\System32\authui.dll - ok
14:04:30.0215 1076  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
14:04:30.0215 1076  C:\Windows\System32\version.dll - ok
14:04:30.0246 1076  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
14:04:30.0246 1076  C:\Windows\System32\wevtsvc.dll - ok
14:04:30.0246 1076  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
14:04:30.0246 1076  C:\Windows\System32\cryptui.dll - ok
14:04:30.0246 1076  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
14:04:30.0246 1076  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
14:04:30.0262 1076  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
14:04:30.0262 1076  C:\Windows\System32\profsvc.dll - ok
14:04:30.0262 1076  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
14:04:30.0262 1076  C:\Windows\System32\wlansvc.dll - ok
14:04:30.0262 1076  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
14:04:30.0262 1076  C:\Windows\System32\adtschema.dll - ok
14:04:30.0262 1076  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
14:04:30.0262 1076  C:\Windows\System32\atl.dll - ok
14:04:30.0262 1076  [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
14:04:30.0262 1076  C:\Windows\System32\drivers\ndisuio.sys - ok
14:04:30.0277 1076  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
14:04:30.0277 1076  C:\Windows\System32\drivers\nwifi.sys - ok
14:04:30.0277 1076  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
14:04:30.0277 1076  C:\Windows\System32\lmhsvc.dll - ok
14:04:30.0277 1076  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
14:04:30.0277 1076  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
14:04:30.0277 1076  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
14:04:30.0277 1076  C:\Windows\System32\IPHLPAPI.DLL - ok
14:04:30.0293 1076  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
14:04:30.0293 1076  C:\Windows\System32\nsisvc.dll - ok
14:04:30.0293 1076  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
14:04:30.0293 1076  C:\Windows\System32\dhcpcore.dll - ok
14:04:30.0293 1076  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
14:04:30.0293 1076  C:\Windows\System32\nrpsrv.dll - ok
14:04:30.0293 1076  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
14:04:30.0293 1076  C:\Windows\System32\winnsi.dll - ok
14:04:30.0324 1076  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
14:04:30.0324 1076  C:\Windows\System32\dnsrslvr.dll - ok
14:04:30.0324 1076  [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
14:04:30.0324 1076  C:\Windows\System32\eapphost.dll - ok
14:04:30.0324 1076  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
14:04:30.0324 1076  C:\Windows\System32\eapsvc.dll - ok
14:04:30.0340 1076  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
14:04:30.0340 1076  C:\Windows\System32\keyiso.dll - ok
14:04:30.0340 1076  [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
14:04:30.0340 1076  C:\Windows\System32\dhcpcore6.dll - ok
14:04:30.0340 1076  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
14:04:30.0340 1076  C:\Windows\System32\FWPUCLNT.DLL - ok
14:04:30.0340 1076  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
14:04:30.0340 1076  C:\Windows\System32\dhcpcsvc.dll - ok
14:04:30.0340 1076  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
14:04:30.0340 1076  C:\Windows\System32\dnsext.dll - ok
14:04:30.0355 1076  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
14:04:30.0355 1076  C:\Windows\System32\umb.dll - ok
14:04:30.0355 1076  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
14:04:30.0355 1076  C:\Windows\System32\wtsapi32.dll - ok
14:04:30.0355 1076  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
14:04:30.0355 1076  C:\Windows\System32\dsrole.dll - ok
14:04:30.0355 1076  [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
14:04:30.0355 1076  C:\Windows\System32\wlanmsm.dll - ok
14:04:30.0371 1076  [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
14:04:30.0371 1076  C:\Windows\System32\dhcpcsvc6.dll - ok
14:04:30.0371 1076  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
14:04:30.0371 1076  C:\Windows\System32\wlansec.dll - ok
14:04:30.0371 1076  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
14:04:30.0371 1076  C:\Windows\System32\eappcfg.dll - ok
14:04:30.0371 1076  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
14:04:30.0371 1076  C:\Windows\System32\eappprxy.dll - ok
14:04:30.0402 1076  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
14:04:30.0402 1076  C:\Windows\System32\onex.dll - ok
14:04:30.0402 1076  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
14:04:30.0402 1076  C:\Windows\System32\l2gpstore.dll - ok
14:04:30.0402 1076  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
14:04:30.0402 1076  C:\Windows\System32\WinSCard.dll - ok
14:04:30.0402 1076  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
14:04:30.0402 1076  C:\Windows\System32\wlanutil.dll - ok
14:04:30.0418 1076  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
14:04:30.0418 1076  C:\Windows\System32\wlgpclnt.dll - ok
14:04:30.0418 1076  [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
14:04:30.0418 1076  C:\Windows\System32\msxml6.dll - ok
14:04:30.0418 1076  [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
14:04:30.0418 1076  C:\Windows\System32\BFE.DLL - ok
14:04:30.0418 1076  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
14:04:30.0418 1076  C:\Windows\System32\slc.dll - ok
14:04:30.0433 1076  [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
14:04:30.0433 1076  C:\Windows\System32\drivers\bowser.sys - ok
14:04:30.0433 1076  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
14:04:30.0433 1076  C:\Windows\System32\drivers\mpsdrv.sys - ok
14:04:30.0433 1076  [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
14:04:30.0433 1076  C:\Windows\System32\drivers\mrxsmb.sys - ok
14:04:30.0433 1076  [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
14:04:30.0433 1076  C:\Windows\System32\drivers\mrxsmb10.sys - ok
14:04:30.0449 1076  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
14:04:30.0449 1076  C:\Windows\System32\drivers\mrxsmb20.sys - ok
14:04:30.0449 1076  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
14:04:30.0449 1076  C:\Windows\System32\MPSSVC.dll - ok
14:04:30.0449 1076  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
14:04:30.0449 1076  C:\Windows\System32\netutils.dll - ok
14:04:30.0449 1076  [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
14:04:30.0449 1076  C:\Windows\System32\wkssvc.dll - ok
14:04:30.0480 1076  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
14:04:30.0480 1076  C:\Windows\System32\cryptsvc.dll - ok
14:04:30.0480 1076  [ 7F8E83B9466A0A002D4AB15C104062A7 ] C:\Windows\System32\efscore.dll
14:04:30.0480 1076  C:\Windows\System32\efscore.dll - ok
14:04:30.0480 1076  [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
14:04:30.0480 1076  C:\Windows\System32\efssvc.dll - ok
14:04:30.0480 1076  [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
14:04:30.0480 1076  C:\Windows\System32\IKEEXT.DLL - ok
14:04:30.0496 1076  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
14:04:30.0496 1076  C:\Windows\System32\wfapigp.dll - ok
14:04:30.0496 1076  [ 58283053C781AD3A579C95D7765C1FA0 ] C:\Windows\System32\efsutil.dll
14:04:30.0496 1076  C:\Windows\System32\efsutil.dll - ok
14:04:30.0496 1076  [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
14:04:30.0496 1076  C:\Windows\System32\drivers\fastfat.sys - ok
14:04:30.0496 1076  [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
14:04:30.0496 1076  C:\Windows\System32\cryptnet.dll - ok
14:04:30.0511 1076  [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
14:04:30.0511 1076  C:\Windows\System32\nlasvc.dll - ok
14:04:30.0511 1076  [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
14:04:30.0511 1076  C:\Windows\System32\mscms.dll - ok
14:04:30.0511 1076  [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
14:04:30.0511 1076  C:\Windows\System32\ncsi.dll - ok
14:04:30.0511 1076  [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
14:04:30.0511 1076  C:\Windows\System32\winhttp.dll - ok
14:04:30.0527 1076  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
14:04:30.0527 1076  C:\Windows\System32\webio.dll - ok
14:04:30.0527 1076  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
14:04:30.0527 1076  C:\Windows\System32\netcfgx.dll - ok
14:04:30.0527 1076  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
14:04:30.0527 1076  C:\Windows\System32\drivers\vwifimp.sys - ok
14:04:30.0527 1076  [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
14:04:30.0527 1076  C:\Windows\System32\pcasvc.dll - ok
14:04:30.0558 1076  [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
14:04:30.0558 1076  C:\Windows\System32\snmptrap.exe - ok
14:04:30.0558 1076  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
14:04:30.0558 1076  C:\Windows\System32\ssdpapi.dll - ok
14:04:30.0558 1076  [ 233A10D4B3F6897899112E4EC60F1906 ] C:\Windows\WindowsMobile\wmdcBase.exe
14:04:30.0558 1076  C:\Windows\WindowsMobile\wmdcBase.exe - ok
14:04:30.0558 1076  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
14:04:30.0558 1076  C:\Windows\System32\wkscli.dll - ok
14:04:30.0574 1076  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
14:04:30.0574 1076  C:\Windows\System32\samlib.dll - ok
14:04:30.0574 1076  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
14:04:30.0574 1076  C:\Windows\System32\shacct.dll - ok
14:04:30.0574 1076  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
14:04:30.0574 1076  C:\Windows\System32\propsys.dll - ok
14:04:30.0574 1076  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
14:04:30.0574 1076  C:\Windows\System32\uxtheme.dll - ok
14:04:30.0589 1076  [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
14:04:30.0589 1076  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
14:04:30.0589 1076  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
14:04:30.0589 1076  C:\Windows\System32\dui70.dll - ok
14:04:30.0589 1076  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
14:04:30.0589 1076  C:\Windows\System32\duser.dll - ok
14:04:30.0589 1076  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
14:04:30.0589 1076  C:\Windows\System32\SndVolSSO.dll - ok
14:04:30.0605 1076  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
14:04:30.0605 1076  C:\Windows\System32\hid.dll - ok
14:04:30.0605 1076  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
14:04:30.0605 1076  C:\Windows\System32\MMDevAPI.dll - ok
14:04:30.0605 1076  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
14:04:30.0605 1076  C:\Windows\System32\dwmapi.dll - ok
14:04:30.0605 1076  [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
14:04:30.0605 1076  C:\Windows\System32\xmllite.dll - ok
14:04:30.0605 1076  [ BDDF242A49E7B7DC5CCEC291BCE53ACB ] C:\Windows\System32\WindowsCodecs.dll
14:04:30.0605 1076  C:\Windows\System32\WindowsCodecs.dll - ok
14:04:30.0636 1076  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
14:04:30.0636 1076  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
14:04:30.0636 1076  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
14:04:30.0636 1076  C:\Windows\System32\winbrand.dll - ok
14:04:30.0636 1076  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
14:04:30.0636 1076  C:\Windows\System32\VaultCredProvider.dll - ok
14:04:30.0652 1076  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
14:04:30.0652 1076  C:\Windows\System32\UXInit.dll - ok
14:04:30.0652 1076  [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
14:04:30.0652 1076  C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
14:04:30.0652 1076  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
14:04:30.0652 1076  C:\Windows\System32\ntmarta.dll - ok
14:04:30.0652 1076  [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
14:04:30.0652 1076  C:\Windows\System32\provsvc.dll - ok
14:04:30.0667 1076  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
14:04:30.0667 1076  C:\Windows\System32\sstpsvc.dll - ok
14:04:30.0667 1076  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
14:04:30.0667 1076  C:\Windows\System32\samcli.dll - ok
14:04:30.0667 1076  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
14:04:30.0667 1076  C:\Windows\System32\imageres.dll - ok
14:04:30.0667 1076  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
14:04:30.0667 1076  C:\Windows\System32\netprofm.dll - ok
14:04:30.0699 1076  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
14:04:30.0699 1076  C:\Windows\System32\wbem\WMIsvc.dll - ok
14:04:30.0699 1076  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
14:04:30.0699 1076  C:\Windows\System32\drivers\fltMgr.sys - ok
14:04:30.0699 1076  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
14:04:30.0699 1076  C:\Windows\System32\PSHED.DLL - ok
14:04:30.0699 1076  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
14:04:30.0699 1076  C:\Windows\System32\wbemcomn.dll - ok
14:04:30.0714 1076  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
14:04:30.0714 1076  C:\Windows\System32\wbem\WinMgmtR.dll - ok
14:04:30.0714 1076  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
14:04:30.0714 1076  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
14:04:30.0714 1076  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
14:04:30.0714 1076  C:\Windows\System32\wbem\fastprox.dll - ok
14:04:30.0714 1076  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
14:04:30.0714 1076  C:\Windows\System32\ntdsapi.dll - ok
14:04:30.0730 1076  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
14:04:30.0730 1076  C:\Windows\System32\wbem\wbemprox.dll - ok
14:04:30.0730 1076  [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
14:04:30.0730 1076  C:\Windows\System32\vpnikeapi.dll - ok
14:04:30.0730 1076  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
14:04:30.0730 1076  C:\Windows\System32\vssapi.dll - ok
14:04:30.0730 1076  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
14:04:30.0730 1076  C:\Windows\System32\vsstrace.dll - ok
14:04:30.0745 1076  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
14:04:30.0745 1076  C:\Windows\System32\wbem\wbemcore.dll - ok
14:04:30.0745 1076  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
14:04:30.0745 1076  C:\Windows\System32\wbem\esscli.dll - ok
14:04:30.0745 1076  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
14:04:30.0745 1076  C:\Windows\System32\wbem\wbemsvc.dll - ok
14:04:30.0745 1076  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
14:04:30.0745 1076  C:\Windows\System32\wbem\wmiutils.dll - ok
14:04:30.0777 1076  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
14:04:30.0777 1076  C:\Windows\System32\wbem\repdrvfs.dll - ok
14:04:30.0777 1076  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
14:04:30.0777 1076  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
14:04:30.0777 1076  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
14:04:30.0777 1076  C:\Windows\System32\ncobjapi.dll - ok
14:04:30.0777 1076  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
14:04:30.0777 1076  C:\Windows\System32\wbem\wbemess.dll - ok
14:04:30.0792 1076  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
14:04:30.0792 1076  C:\Windows\System32\dllhost.exe - ok
14:04:30.0792 1076  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
14:04:30.0792 1076  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
14:04:30.0792 1076  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
14:04:30.0792 1076  C:\Windows\System32\IDStore.dll - ok
14:04:30.0792 1076  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
14:04:30.0792 1076  C:\Windows\System32\IPSECSVC.DLL - ok
14:04:30.0808 1076  [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
14:04:30.0808 1076  C:\Windows\System32\FwRemoteSvr.dll - ok
14:04:30.0808 1076  [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
14:04:30.0808 1076  C:\Windows\System32\AtBroker.exe - ok
14:04:30.0808 1076  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
14:04:30.0808 1076  C:\Windows\System32\mpr.dll - ok
14:04:30.0808 1076  [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
14:04:30.0808 1076  C:\Windows\explorer.exe - ok
14:04:30.0839 1076  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
14:04:30.0839 1076  C:\Windows\System32\userinit.exe - ok
14:04:30.0870 1076  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
14:04:30.0870 1076  C:\Windows\System32\ExplorerFrame.dll - ok
14:04:30.0870 1076  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
14:04:30.0870 1076  C:\Windows\System32\apphelp.dll - ok
14:04:30.0886 1076  [ 5877A3341AA7DF58789294CEBA38AE2B ] C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
14:04:30.0886 1076  C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll - ok
14:04:30.0901 1076  [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
14:04:30.0901 1076  C:\Windows\System32\dbghelp.dll - ok
14:04:30.0901 1076  [ BE165318E0052A91F7EA36F515B5F2B1 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll
14:04:30.0901 1076  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll - ok
14:04:30.0917 1076  [ 0D7BE936A44E6B70F822D272A5CEBC22 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
14:04:30.0917 1076  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll - ok
14:04:30.0917 1076  [ 513505892E55B392B3E5B7C9A5E9F5DE ] C:\Program Files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
14:04:30.0917 1076  C:\Program Files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll - ok
14:04:30.0917 1076  [ CB0B52D8854BED5F67781D52A8723922 ] C:\Program Files (x86)\EgisTec MyWinLocker\x64\sysenv.dll
14:04:30.0917 1076  C:\Program Files (x86)\EgisTec MyWinLocker\x64\sysenv.dll - ok
14:04:30.0917 1076  [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
14:04:30.0917 1076  C:\Windows\System32\netapi32.dll - ok
14:04:30.0933 1076  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
14:04:30.0933 1076  C:\Windows\System32\EhStorShell.dll - ok
14:04:30.0933 1076  [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
14:04:30.0933 1076  C:\Windows\System32\ntshrui.dll - ok
14:04:30.0933 1076  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
14:04:30.0933 1076  C:\Windows\System32\cscapi.dll - ok
14:04:30.0933 1076  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
14:04:30.0933 1076  C:\Windows\System32\IconCodecService.dll - ok
14:04:30.0933 1076  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
14:04:30.0933 1076  C:\Windows\System32\runonce.exe - ok
14:04:30.0948 1076  [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
14:04:30.0948 1076  C:\Windows\SysWOW64\ntdll.dll - ok
14:04:30.0948 1076  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
14:04:30.0948 1076  C:\Windows\SysWOW64\runonce.exe - ok
14:04:30.0948 1076  [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
14:04:30.0948 1076  C:\Windows\System32\wow64.dll - ok
14:04:30.0948 1076  [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
14:04:30.0948 1076  C:\Windows\System32\wow64win.dll - ok
14:04:30.0979 1076  [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
14:04:30.0979 1076  C:\Windows\System32\wow64cpu.dll - ok
14:04:30.0979 1076  [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
14:04:30.0979 1076  C:\Windows\SysWOW64\kernel32.dll - ok
14:04:30.0979 1076  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
14:04:30.0979 1076  C:\Windows\SysWOW64\advapi32.dll - ok
14:04:30.0995 1076  [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
14:04:30.0995 1076  C:\Windows\SysWOW64\KernelBase.dll - ok
14:04:30.0995 1076  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
14:04:30.0995 1076  C:\Windows\SysWOW64\msvcrt.dll - ok
14:04:30.0995 1076  [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
14:04:30.0995 1076  C:\Windows\SysWOW64\rpcrt4.dll - ok
14:04:30.0995 1076  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
14:04:30.0995 1076  C:\Windows\SysWOW64\sechost.dll - ok
14:04:30.0995 1076  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
14:04:30.0995 1076  C:\Windows\SysWOW64\cryptbase.dll - ok
14:04:31.0042 1076  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
14:04:31.0042 1076  C:\Windows\SysWOW64\gdi32.dll - ok
14:04:31.0042 1076  [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
14:04:31.0042 1076  C:\Windows\SysWOW64\sspicli.dll - ok
14:04:31.0042 1076  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
14:04:31.0042 1076  C:\Windows\SysWOW64\user32.dll - ok
14:04:31.0057 1076  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
14:04:31.0057 1076  C:\Windows\SysWOW64\lpk.dll - ok
14:04:31.0057 1076  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
14:04:31.0057 1076  C:\Windows\SysWOW64\usp10.dll - ok
14:04:31.0057 1076  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
14:04:31.0057 1076  C:\Windows\SysWOW64\shlwapi.dll - ok
14:04:31.0057 1076  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
14:04:31.0057 1076  C:\Windows\SysWOW64\ole32.dll - ok
14:04:31.0073 1076  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
14:04:31.0073 1076  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
14:04:31.0073 1076  [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
14:04:31.0073 1076  C:\Windows\SysWOW64\shell32.dll - ok
14:04:31.0073 1076  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
14:04:31.0073 1076  C:\Windows\SysWOW64\imm32.dll - ok
14:04:31.0073 1076  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
14:04:31.0073 1076  C:\Windows\SysWOW64\msctf.dll - ok
14:04:31.0104 1076  [ 42B6A94DD747DF2B5F628A2752E62A98 ] C:\Windows\System32\ctfmon.exe
14:04:31.0104 1076  C:\Windows\System32\ctfmon.exe - ok
14:04:31.0104 1076  [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
14:04:31.0104 1076  C:\Windows\System32\timedate.cpl - ok
14:04:31.0104 1076  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
14:04:31.0104 1076  C:\Windows\System32\MsCtfMonitor.dll - ok
14:04:31.0104 1076  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
14:04:31.0104 1076  C:\Windows\System32\msutb.dll - ok
14:04:31.0120 1076  [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll
14:04:31.0120 1076  C:\Windows\System32\oleres.dll - ok
14:04:31.0120 1076  [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
14:04:31.0120 1076  C:\Windows\System32\shdocvw.dll - ok
14:04:31.0120 1076  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
14:04:31.0120 1076  C:\Windows\System32\linkinfo.dll - ok
14:04:31.0120 1076  [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
14:04:31.0120 1076  C:\Windows\System32\msi.dll - ok
14:04:31.0135 1076  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
14:04:31.0135 1076  C:\Windows\System32\msiltcfg.dll - ok
14:04:31.0135 1076  [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
14:04:31.0135 1076  C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
14:04:31.0135 1076  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
14:04:31.0135 1076  C:\Windows\System32\msftedit.dll - ok
14:04:31.0135 1076  [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
14:04:31.0135 1076  C:\Windows\System32\gameux.dll - ok
14:04:31.0151 1076  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
14:04:31.0151 1076  C:\Windows\System32\wer.dll - ok
14:04:31.0151 1076  [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
14:04:31.0151 1076  C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
14:04:31.0151 1076  [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
14:04:31.0151 1076  C:\Windows\System32\msls31.dll - ok
14:04:31.0151 1076  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
14:04:31.0151 1076  C:\Windows\System32\DeviceCenter.dll - ok
14:04:31.0198 1076  [ 35126DDDE8241C4C4A5F15F6CDDF4434 ] C:\Windows\System32\ieframe.dll
14:04:31.0198 1076  C:\Windows\System32\ieframe.dll - ok
14:04:31.0198 1076  [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
14:04:31.0198 1076  C:\Windows\System32\oleacc.dll - ok
14:04:31.0198 1076  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
14:04:31.0198 1076  C:\Windows\System32\networkexplorer.dll - ok
14:04:31.0198 1076  [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
14:04:31.0198 1076  C:\Windows\System32\drprov.dll - ok
14:04:31.0213 1076  [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
14:04:31.0213 1076  C:\Windows\System32\ntlanman.dll - ok
14:04:31.0213 1076  [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
14:04:31.0213 1076  C:\Windows\System32\davclnt.dll - ok
14:04:31.0213 1076  [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
14:04:31.0213 1076  C:\Windows\System32\davhlpr.dll - ok
14:04:31.0213 1076  [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
14:04:31.0213 1076  C:\Windows\System32\thumbcache.dll - ok
14:04:31.0245 1076  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
14:04:31.0245 1076  C:\Windows\System32\winmm.dll - ok
14:04:31.0245 1076  [ BBD351CB2E5455F0E96FE4460EC05F52 ] C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
14:04:31.0245 1076  C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe - ok
14:04:31.0245 1076  [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
14:04:31.0245 1076  C:\Windows\System32\wdmaud.drv - ok
14:04:31.0260 1076  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
14:04:31.0260 1076  C:\Windows\System32\avrt.dll - ok
14:04:31.0260 1076  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
14:04:31.0260 1076  C:\Windows\System32\ksuser.dll - ok
14:04:31.0260 1076  [ 2809F6A69068C6C56860E6B8B8DB4AFB ] C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
14:04:31.0260 1076  C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe - ok
14:04:31.0260 1076  [ 40EEDE4EE98C716827148172ECC898D4 ] C:\Windows\Installer\{0225AD21-F3E2-4916-BFF3-65D3F9052582}\iTunesIco.exe
14:04:31.0260 1076  C:\Windows\Installer\{0225AD21-F3E2-4916-BFF3-65D3F9052582}\iTunesIco.exe - ok
14:04:31.0260 1076  [ BBAAE027C176402E221CADBFCAEB5407 ] C:\Windows\System32\zipfldr.dll
14:04:31.0260 1076  C:\Windows\System32\zipfldr.dll - ok
14:04:31.0276 1076  [ 637A86CE9F7F276EFA56092E0CBACB82 ] C:\Users\Deb\Desktop\HitmanPro_x64.exe
14:04:31.0276 1076  C:\Users\Deb\Desktop\HitmanPro_x64.exe - ok
14:04:31.0276 1076  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
14:04:31.0276 1076  C:\Windows\System32\stobject.dll - ok
14:04:31.0276 1076  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
14:04:31.0276 1076  C:\Windows\System32\batmeter.dll - ok
14:04:31.0276 1076  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
14:04:31.0276 1076  C:\Windows\System32\es.dll - ok
14:04:31.0291 1076  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
14:04:31.0291 1076  C:\Windows\System32\prnfldr.dll - ok
14:04:31.0291 1076  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
14:04:31.0291 1076  C:\Windows\System32\winspool.drv - ok
14:04:31.0291 1076  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
14:04:31.0291 1076  C:\Windows\System32\DXP.dll - ok
14:04:31.0291 1076  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
14:04:31.0291 1076  C:\Windows\System32\Syncreg.dll - ok
14:04:31.0323 1076  [ DB70FE36AC8F594E9E69479C076BADB8 ] C:\Windows\System32\HelpPaneProxy.dll
14:04:31.0323 1076  C:\Windows\System32\HelpPaneProxy.dll - ok
14:04:31.0323 1076  [ CD47548A52B02D254BF6D7F7A5F2BFD3 ] C:\Windows\HelpPane.exe
14:04:31.0323 1076  C:\Windows\HelpPane.exe - ok
14:04:31.0323 1076  [ 86F1F949DD51FB5A044F1BD34CBE4AA8 ] C:\Windows\System32\apds.dll
14:04:31.0323 1076  C:\Windows\System32\apds.dll - ok
14:04:31.0323 1076  [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
14:04:31.0323 1076  C:\Windows\System32\msxml3.dll - ok
14:04:31.0338 1076  [ 04CB7C8FDC6D9640DD82A527208F72C4 ] C:\Windows\System32\UIAnimation.dll
14:04:31.0338 1076  C:\Windows\System32\UIAnimation.dll - ok
14:04:31.0338 1076  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
14:04:31.0338 1076  C:\Windows\System32\AltTab.dll - ok
14:04:31.0338 1076  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
14:04:31.0338 1076  C:\Windows\System32\pnidui.dll - ok
14:04:31.0338 1076  [ 14DEB733ACB08A71CC0783ED02FF1F8D ] C:\Windows\System32\mshtml.dll
14:04:31.0338 1076  C:\Windows\System32\mshtml.dll - ok
14:04:31.0354 1076  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
14:04:31.0354 1076  C:\Windows\System32\QUTIL.DLL - ok
14:04:31.0354 1076  [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
14:04:31.0354 1076  C:\Windows\System32\ActionCenter.dll - ok
14:04:31.0354 1076  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
14:04:31.0354 1076  C:\Windows\System32\bthprops.cpl - ok
14:04:31.0354 1076  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
14:04:31.0354 1076  C:\Windows\System32\netman.dll - ok
14:04:31.0385 1076  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
14:04:31.0385 1076  C:\Windows\System32\netshell.dll - ok
14:04:31.0385 1076  [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
14:04:31.0385 1076  C:\Windows\System32\nlaapi.dll - ok
14:04:31.0385 1076  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
14:04:31.0385 1076  C:\Windows\System32\npmproxy.dll - ok
14:04:31.0401 1076  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
14:04:31.0401 1076  C:\Windows\System32\rasdlg.dll - ok
14:04:31.0401 1076  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
14:04:31.0401 1076  C:\Windows\System32\ktmw32.dll - ok
14:04:31.0401 1076  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
14:04:31.0401 1076  C:\Windows\System32\mprapi.dll - ok
14:04:31.0401 1076  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
14:04:31.0401 1076  C:\Windows\System32\rasapi32.dll - ok
14:04:31.0401 1076  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
14:04:31.0401 1076  C:\Windows\System32\rasman.dll - ok
14:04:31.0416 1076  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
14:04:31.0416 1076  C:\Windows\System32\rtutils.dll - ok
14:04:31.0416 1076  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
14:04:31.0416 1076  C:\Windows\System32\FXSST.dll - ok
14:04:31.0416 1076  [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
14:04:31.0416 1076  C:\Windows\System32\NapiNSP.dll - ok
14:04:31.0416 1076  [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
14:04:31.0416 1076  C:\Windows\System32\pnrpnsp.dll - ok
14:04:31.0432 1076  [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
14:04:31.0432 1076  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
14:04:31.0432 1076  [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
14:04:31.0432 1076  C:\Windows\System32\winrnr.dll - ok
14:04:31.0432 1076  [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
14:04:31.0432 1076  C:\Program Files\Bonjour\mdnsNSP.dll - ok
14:04:31.0432 1076  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
14:04:31.0432 1076  C:\Windows\System32\rasadhlp.dll - ok
14:04:31.0463 1076  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
14:04:31.0463 1076  C:\Windows\System32\dot3api.dll - ok
14:04:31.0463 1076  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
14:04:31.0463 1076  C:\Windows\System32\FXSAPI.dll - ok
14:04:31.0463 1076  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
14:04:31.0463 1076  C:\Windows\System32\wlanhlp.dll - ok
14:04:31.0463 1076  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
14:04:31.0463 1076  C:\Windows\System32\wlanapi.dll - ok
14:04:31.0479 1076  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
14:04:31.0479 1076  C:\Windows\System32\hnetcfg.dll - ok
14:04:31.0479 1076  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
14:04:31.0479 1076  C:\Windows\System32\FXSRESM.dll - ok
14:04:31.0479 1076  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
14:04:31.0479 1076  C:\Windows\System32\FXSSVC.exe - ok
14:04:31.0479 1076  [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
14:04:31.0479 1076  C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
14:04:31.0494 1076  [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
14:04:31.0494 1076  C:\Program Files\Windows Media Player\wmpnssci.dll - ok
14:04:31.0494 1076  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
14:04:31.0494 1076  C:\Windows\System32\WWanAPI.dll - ok
14:04:31.0494 1076  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
14:04:31.0494 1076  C:\Windows\System32\wwapi.dll - ok
14:04:31.0494 1076  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
14:04:31.0494 1076  C:\Windows\System32\QAGENT.DLL - ok
14:04:31.0525 1076  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
14:04:31.0525 1076  C:\Windows\ehome\ehSSO.dll - ok
14:04:31.0557 1076  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
14:04:31.0557 1076  C:\Windows\System32\WPDShServiceObj.dll - ok
14:04:31.0557 1076  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
14:04:31.0557 1076  C:\Windows\System32\PortableDeviceTypes.dll - ok
14:04:31.0572 1076  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
14:04:31.0572 1076  C:\Windows\System32\PortableDeviceApi.dll - ok
14:04:31.0588 1076  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
14:04:31.0588 1076  C:\Windows\System32\srchadmin.dll - ok
14:04:31.0588 1076  [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
14:04:31.0588 1076  C:\Windows\System32\webcheck.dll - ok
14:04:31.0588 1076  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
14:04:31.0588 1076  C:\Windows\System32\mlang.dll - ok
14:04:31.0603 1076  [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
14:04:31.0603 1076  C:\Windows\System32\SyncCenter.dll - ok
14:04:31.0603 1076  [ 2614EBAD05870AB3189637828197B54B ] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthCopyHook.dll
14:04:31.0603 1076  C:\Program Files (x86)\Atheros\Bluetooth Suite\AthCopyHook.dll - ok
14:04:31.0603 1076  [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
14:04:31.0603 1076  C:\Windows\System32\imapi2.dll - ok
14:04:31.0603 1076  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
14:04:31.0603 1076  C:\Windows\System32\taskschd.dll - ok
14:04:31.0619 1076  [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
14:04:31.0619 1076  C:\Windows\System32\mstask.dll - ok
14:04:31.0619 1076  [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
14:04:31.0619 1076  C:\Windows\System32\hgcpl.dll - ok
14:04:31.0619 1076  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
14:04:31.0619 1076  C:\Windows\System32\actxprxy.dll - ok
14:04:31.0635 1076  [ 66E4246FEF8C364611F9782AA0809F42 ] C:\Program Files\Internet Explorer\ieproxy.dll
14:04:31.0635 1076  C:\Program Files\Internet Explorer\ieproxy.dll - ok
14:04:31.0635 1076  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
14:04:31.0635 1076  C:\Windows\System32\fundisc.dll - ok
14:04:31.0635 1076  [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
14:04:31.0635 1076  C:\Windows\System32\fdProxy.dll - ok
14:04:31.0635 1076  [ 470C237C9174BC3D3CBF68DA8A9A0C01 ] C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
14:04:31.0635 1076  C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll - ok
14:04:31.0635 1076  [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
14:04:31.0635 1076  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
14:04:31.0666 1076  [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
14:04:31.0666 1076  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
14:04:31.0666 1076  [ 4715F8F8CDBFFF2728BA38B789A1D7C7 ] C:\Windows\System32\wpdshext.dll
14:04:31.0666 1076  C:\Windows\System32\wpdshext.dll - ok
14:04:31.0666 1076  [ 4E81439902079C348B61D7FF027FE147 ] C:\Windows\System32\StructuredQuery.dll
14:04:31.0666 1076  C:\Windows\System32\StructuredQuery.dll - ok
14:04:31.0681 1076  [ 03AB2A2E426C2AD400AC8315226347F8 ] C:\Windows\System32\EhStorAPI.dll
14:04:31.0681 1076  C:\Windows\System32\EhStorAPI.dll - ok
14:04:31.0681 1076  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
14:04:31.0681 1076  C:\Windows\System32\sfc.dll - ok
14:04:31.0681 1076  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
14:04:31.0681 1076  C:\Windows\System32\sfc_os.dll - ok
14:04:31.0681 1076  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Deb\Desktop\tdsskiller\TDSSKiller.exe
14:04:31.0681 1076  C:\Users\Deb\Desktop\tdsskiller\TDSSKiller.exe - ok
14:04:31.0681 1076  [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
14:04:31.0681 1076  C:\Windows\SysWOW64\crypt32.dll - ok
14:04:31.0728 1076  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
14:04:31.0728 1076  C:\Windows\SysWOW64\msasn1.dll - ok
14:04:31.0728 1076  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
14:04:31.0728 1076  C:\Windows\SysWOW64\oleaut32.dll - ok
14:04:31.0728 1076  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
14:04:31.0728 1076  C:\Windows\SysWOW64\setupapi.dll - ok
14:04:31.0744 1076  [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
14:04:31.0744 1076  C:\Windows\SysWOW64\cfgmgr32.dll - ok
14:04:31.0744 1076  [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
14:04:31.0744 1076  C:\Windows\SysWOW64\devobj.dll - ok
14:04:31.0744 1076  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
14:04:31.0744 1076  C:\Windows\SysWOW64\version.dll - ok
14:04:31.0744 1076  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
14:04:31.0744 1076  C:\Windows\SysWOW64\webio.dll - ok
14:04:31.0759 1076  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
14:04:31.0759 1076  C:\Windows\SysWOW64\winhttp.dll - ok
14:04:31.0759 1076  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
14:04:31.0759 1076  C:\Windows\SysWOW64\wintrust.dll - ok
14:04:31.0759 1076  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
14:04:31.0759 1076  C:\Windows\SysWOW64\uxtheme.dll - ok
14:04:31.0759 1076  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
14:04:31.0759 1076  C:\Windows\SysWOW64\ws2_32.dll - ok
14:04:31.0775 1076  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
14:04:31.0775 1076  C:\Windows\SysWOW64\nsi.dll - ok
14:04:31.0791 1076  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
14:04:31.0791 1076  C:\Windows\SysWOW64\credssp.dll - ok
14:04:31.0791 1076  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
14:04:31.0791 1076  C:\Windows\SysWOW64\cryptsp.dll - ok
14:04:31.0791 1076  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
14:04:31.0791 1076  C:\Windows\SysWOW64\mswsock.dll - ok
14:04:31.0806 1076  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
14:04:31.0806 1076  C:\Windows\SysWOW64\dnsapi.dll - ok
14:04:31.0806 1076  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
14:04:31.0806 1076  C:\Windows\SysWOW64\wship6.dll - ok
14:04:31.0806 1076  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
14:04:31.0806 1076  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
14:04:31.0806 1076  [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
14:04:31.0806 1076  C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
14:04:31.0822 1076  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
14:04:31.0822 1076  C:\Windows\SysWOW64\psapi.dll - ok
14:04:31.0822 1076  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
14:04:31.0822 1076  C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
14:04:31.0822 1076  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
14:04:31.0822 1076  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
14:04:31.0822 1076  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
14:04:31.0822 1076  C:\Windows\SysWOW64\rasadhlp.dll - ok
14:04:31.0837 1076  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
14:04:31.0837 1076  C:\Windows\SysWOW64\winnsi.dll - ok
14:04:31.0837 1076  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
14:04:31.0837 1076  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
14:04:31.0837 1076  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\46130849.sys
14:04:31.0837 1076  C:\Windows\System32\drivers\46130849.sys - ok
14:04:31.0837 1076  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
14:04:31.0837 1076  C:\Windows\SysWOW64\msi.dll - ok
14:04:31.0869 1076  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
14:04:31.0869 1076  C:\Windows\SysWOW64\profapi.dll - ok
14:04:31.0869 1076  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
14:04:31.0869 1076  C:\Windows\SysWOW64\userenv.dll - ok
14:04:31.0869 1076  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
14:04:31.0869 1076  C:\Windows\SysWOW64\riched20.dll - ok
14:04:31.0869 1076  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
14:04:31.0869 1076  C:\Windows\SysWOW64\clbcatq.dll - ok
14:04:31.0884 1076  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
14:04:31.0884 1076  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
14:04:31.0884 1076  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
14:04:31.0884 1076  C:\Windows\SysWOW64\duser.dll - ok
14:04:31.0884 1076  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
14:04:31.0884 1076  C:\Windows\SysWOW64\dui70.dll - ok
14:04:31.0884 1076  [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
14:04:31.0884 1076  C:\Windows\System32\wmp.dll - ok
14:04:31.0900 1076  [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
14:04:31.0900 1076  C:\Windows\System32\wmploc.DLL - ok
14:04:31.0900 1076  ============================================================
14:04:31.0900 1076  Scan finished
14:04:31.0900 1076  ============================================================
14:04:31.0900 1468  Detected object count: 1
14:04:31.0900 1468  Actual detected object count: 1
14:06:44.0874 1468  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
14:06:44.0874 1468  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
END USER LICENSE AGREEMENT
 
Kaspersky Lab ZAO (the “Rightholder”) is an owner of all rights, whether exclusive or otherwise to the Software.
 
By using the Software You consent to be bound by the terms and conditions of this agreement.
 
The Rightholder hereby grants You a non-exclusive perpetual license to store, load, install, execute, and display (to “use”) the free of charge Software that will substantially perform within the scope of functionality set forth on http://support.kaspersky.com/viruses. The Software should be used as an auxiliary tool for removing threats from Your computer as described on http://support.kaspersky.com/viruses. The Rightholder doesn’t guarantee complete removal of threats and fixing issues caused by these threats.
 
No technical support for the Software is available.
 
You shall not emulate, modify, decompile, or reverse engineer the Software or disassemble or create derivative works based on the Software or any portion thereof with the sole exception of a non-waivable right granted to You by applicable legislation.
 
THE SOFTWARE IS PROVIDED "AS IS" AND THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY AS TO ITS USE OR PERFORMANCE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM THE EXTENT TO WHICH CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW THE RIGHTHOLDER AND ITS PARTNERS MAKE NO WARRANTY, CONDITION, REPRESENTATION, OR TERM (EXPRESS OR IMPLIED, WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, SATISFACTORY QUALITY, INTEGRATION, OR APPLICABILITY FOR A PARTICULAR PURPOSE. YOU ASSUME ALL FAULTS, AND THE ENTIRE RISK AS TO PERFORMANCE AND RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE. WITHOUT LIMITING THE FOREGOING PROVISIONS, THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET ANY OR ALL YOUR REQUIREMENTS WHETHER OR NOT DICLOSED TO THE RIGHTHOLDER.
 
© 1997-2011 Kaspersky Lab ZAO. All Rights Reserved.
 
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-12 14:14:22
-----------------------------
14:14:22.376    OS Version: Windows x64 6.1.7601 Service Pack 1
14:14:22.376    Number of processors: 2 586 0x2505
14:14:22.376    ComputerName: DEB-PC  UserName: Deb
14:14:23.593    Initialize success
14:15:46.211    AVAST engine defs: 13031200
14:17:47.782    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:17:47.782    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
14:17:47.798    Disk 0 MBR read successfully
14:17:47.798    Disk 0 MBR scan
14:17:47.798    Disk 0 Windows 7 default MBR code
14:17:47.829    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14336 MB offset 2048
14:17:47.844    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 29362176
14:17:47.860    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       462502 MB offset 29566976
14:17:47.876    Disk 0 scanning C:\Windows\system32\drivers
14:17:58.218    Service scanning
14:18:27.749    Modules scanning
14:18:27.749    Disk 0 trace - called modules:
14:18:27.765    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
14:18:27.780    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800510f060]
14:18:27.780    3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f8f050]
14:18:28.716    AVAST engine scan C:\Windows
14:18:31.524    AVAST engine scan C:\Windows\system32
14:21:12.486    AVAST engine scan C:\Windows\system32\drivers
14:21:24.622    AVAST engine scan C:\Users\Deb
14:48:58.163    AVAST engine scan C:\ProgramData
14:57:29.501    Scan finished successfully
15:05:15.083    Disk 0 MBR has been saved successfully to "F:\malware\MBR.dat"
15:05:15.692    The log file has been saved successfully to "F:\malware\aswMBR_Report.txt"
 
C:\Users\All Users\egidPXEnjJF.exe a variant of Win32/Kryptik.AWOB trojan
C:\ProgramData\egidPXEnjJF.exe a variant of Win32/Kryptik.AWOB trojan cleaned by deleting - quarantined
C:\Users\Deb\AppData\Local\Temp\ojtn3i4kwu0fmbyotr.exe a variant of Win32/Kryptik.AWOB trojan cleaned by deleting - quarantined
 


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 PM

Posted 13 March 2013 - 12:11 AM

Reboot to normal mode now

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#9 happydeb

happydeb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:11:49 AM

Posted 13 March 2013 - 03:09 AM

Okay, that kept me busy for a while. First I just want to say thank you so much! :bananas: You not only helped me to resolve my fatal error but everything else that has been making me :devil: and want to :smash: . I can pretty much resolve. No more expensive resource hogs posing as malware detctors that are almost worse than malware! So I just want to say :flowers:  :flowers: . Really. Deb

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Deb (administrator) on 12-03-2013 at 23:58:33
Running from "C:\Users\Deb\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Deb-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 02-F4-6A-84-10-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 18-F4-6A-84-10-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1450:72a3:4396:dc4%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 12, 2013 11:34:27 PM
   Lease Expires . . . . . . . . . . : Saturday, April 19, 2149 6:26:58 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 219739242
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-96-3A-14-1C-75-08-4A-0A-D3
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 1C-75-08-4A-0A-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1cec:1365:b738:6f7c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1cec:1365:b738:6f7c%18(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4007:800::1004
   74.125.239.1
   74.125.239.2
   74.125.239.3
   74.125.239.4
   74.125.239.5
   74.125.239.6
   74.125.239.7
   74.125.239.8
   74.125.239.9
   74.125.239.14
   74.125.239.0


Pinging google.com [74.125.239.1] with 32 bytes of data:
Reply from 74.125.239.1: bytes=32 time=40ms TTL=55
Reply from 74.125.239.1: bytes=32 time=42ms TTL=55

Ping statistics for 74.125.239.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 42ms, Average = 41ms
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=505ms TTL=52
Reply from 98.139.183.24: bytes=32 time=443ms TTL=52

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 443ms, Maximum = 505ms, Average = 474ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...02 f4 6a 84 10 ef ......Microsoft Virtual WiFi Miniport Adapter
 11...18 f4 6a 84 10 ef ......Atheros AR5B97 Wireless Network Adapter
 10...1c 75 08 4a 0a d3 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.4    281
      192.168.2.4  255.255.255.255         On-link       192.168.2.4    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 18     58 2001::/32                On-link
 18    306 2001:0:9d38:6ab8:1cec:1365:b738:6f7c/128
                                    On-link
 11    281 fe80::/64                On-link
 18    306 fe80::/64                On-link
 11    281 fe80::1450:72a3:4396:dc4/128
                                    On-link
 18    306 fe80::1cec:1365:b738:6f7c/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/12/2013 11:08:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2013 02:11:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2013 01:59:14 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Error: (03/12/2013 01:09:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2013 09:27:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2013 09:26:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2013 06:02:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (03/11/2013 04:06:03 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {59807748-98b8-40ed-b551-65a6a5b7237a}

Error: (03/09/2013 07:58:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12636

Error: (03/09/2013 07:58:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12636


System errors:
=============
Error: (03/12/2013 11:35:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/12/2013 11:35:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/12/2013 11:29:52 PM) (Source: Service Control Manager) (User: )
Description: The XoftSpyService service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/12/2013 11:07:35 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/12/2013 11:07:35 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/12/2013 11:08:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\malware\esetsmartinstaller_enu.exe

Error: (03/12/2013 02:11:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\malware\esetsmartinstaller_enu.exe

Error: (03/12/2013 01:59:14 PM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x8007043c

Error: (03/12/2013 01:09:49 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\malware\esetsmartinstaller_enu.exe

Error: (03/11/2013 09:27:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deb\Desktop\esetsmartinstaller_enu.exe

Error: (03/11/2013 09:26:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\malware\esetsmartinstaller_enu.exe

Error: (03/11/2013 06:02:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (03/11/2013 04:06:03 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {59807748-98b8-40ed-b551-65a6a5b7237a}

Error: (03/09/2013 07:58:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12636

Error: (03/09/2013 07:58:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12636


=========================== Installed Programs ============================

18 Wheels of Steel - American Long Haul (Version: 2.2.0.95)
7-zip v9.20 (Version: v9.20)
Acer Backup Manager (Version: 2.0.0.68)
Acer Crystal Eye Webcam (Version: 5.3.30.1)
Acer ePower Management (Version: 5.00.3005)
Acer eRecovery Management (Version: 4.05.3013)
Acer Game Console
Acer Games (Version: 1.0.1.3)
Acer Registration (Version: 1.03.3003)
Acer ScreenSaver (Version: 1.1.0707.2010)
Acer Updater (Version: 1.02.3001)
Acrobat.com (Version: 1.6.65)
AddThis Toolbar (Version: 1.658)
Adobe Acrobat  9 Standard (Version: 9.5.4)
Adobe Acrobat 9.5.4 - CPSID_83708
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
Akamai NetSession Interface
Akamai NetSession Interface Service
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros WLAN and Bluetooth Client Installation Program (Version: 9.0)
Backup Manager Basic (Version: 2.0.0.68)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.1.361.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bluetooth Win7 Suite (64) (Version: 7.02.000.6)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
Brother MFL-Pro Suite MFC-J6710DW (Version: 1.0.27.0)
Build-a-lot 2 (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CNDDB RareFind 3 Commercial (Version: 3.01.01)
CyberLink PowerDVD 9 (Version: 9.0.3216.50)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DNRGarmin (Version: 5.04.0001)
Dora's Carnival Adventure (Version: 2.2.0.95)
Dropbox (Version: 1.6.16)
eBay Worldwide (Version: 2.1.0901)
eMusic Download Manager (Version: 5.0.5)
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
eSobi v2 (Version: 2.0.4.000274)
ETDWare PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5)
FATE (Version: 2.2.0.95)
GEPath 1.4.4a
Google Chrome (Version: 25.0.1364.152)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 3.15.2.12038)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
High-Definition Video Playback (Version: 11.1.11500.4.273)
iCloud (Version: 2.1.1.3)
Identity Card (Version: 1.00.3003)
InstallIQ Updater (Version: 1.4.3.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Processor Graphics (Version: 8.15.10.2622)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 11.0.2.26)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.0 (Version: 2.1.0)
Jewel Quest - Heritage (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 4.0.14)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MusicOasis (Version: 1.0.3)
MyWinLocker (Version: 3.1.212.0)
MyWinLocker Suite (Version: 3.1.212.0)
Nero 10 Menu TemplatePack Basic (Version: 10.6.10000.0.0)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 10 (Version: 5.8.10600.6.100)
Nero BackItUp 10 Help (CHM) (Version: 10.6.10600)
Nero Burning ROM 10 (Version: 10.6.10700.5.100)
Nero BurningROM 10 Help (CHM) (Version: 10.6.10600)
Nero BurnRights 10 (Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (Version: 10.6.10600)
Nero Control Center 10 (Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (Version: 10.6.10700)
Nero Core Components 10 (Version: 2.0.19900.9.11)
Nero CoverDesigner 10 (Version: 5.6.10600.4.100)
Nero CoverDesigner 10 Help (CHM) (Version: 10.6.10600)
Nero DiscSpeed 10 (Version: 6.4.10500.1.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.6.10600)
Nero Express 10 (Version: 10.6.10800.6.100)
Nero Express 10 Help (CHM) (Version: 10.6.10600)
Nero InfoTool 10 (Version: 7.4.10300.1.100)
Nero InfoTool 10 Help (CHM) (Version: 10.6.10600)
Nero Kwik Media (Version: 1.6.16600.75.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10300)
Nero Multimedia Suite 10 (Version: 10.6.11300)
Nero PhotoShow Express (Version: 3.0)
Nero Recode 10 (Version: 4.10.10700.5.100)
Nero Recode 10 Help (CHM) (Version: 10.6.10600)
Nero RescueAgent 10 (Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.6.10700)
Nero SoundTrax 10 (Version: 4.10.10500.4.100)
Nero SoundTrax 10 Help (CHM) (Version: 10.6.10600)
Nero StartSmart 10 (Version: 10.6.10500.3.100)
Nero StartSmart 10 Help (CHM) (Version: 10.6.10600)
Nero Suite
Nero Update (Version: 11.0.11500.28.0)
Nero Vision 10 (Version: 7.4.11000.9.100)
Nero Vision 10 Help (CHM) (Version: 10.6.10600)
Nero WaveEditor 10 (Version: 5.10.10700.6.100)
Nero WaveEditor 10 Help (CHM) (Version: 10.6.10600)
NOOK for PC (Version: 2.5.1.237)
Norton Online Backup (Version: 2.1.17869)
NTI Media Maker 9 (Version: 9.0.2.8939)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
Paint.NET v3.5.8 (Version: 3.58.0)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
Penguins! (Version: 2.2.0.95)
Picasa 3 (Version: 3.8)
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Quicken 2009 (Version: 18.1.1.29)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30122)
Scansoft PDF Professional
Shredder (Version: 2.0.8.3)
Times Reader (Version: 2.055)
TweakGDS version 1.1.3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VLC media player 2.0.1 (Version: 2.0.1)
Welcome Center (Version: 1.02.3005)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
XoftSpySE (Version: 7.0.1.0)
Zuma's Revenge (Version: 2.2.0.95)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3766.71 MB
Available physical RAM: 2226.54 MB
Total Pagefile: 7531.61 MB
Available Pagefile: 5873.69 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.3 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:155.05 GB) NTFS
3 Drive e: () (Removable) (Total:14.83 GB) (Free:14.3 GB) FAT32
4 Drive f: () (Removable) (Total:1.94 GB) (Free:0.51 GB) FAT

========================= Users: ========================================

User accounts for \\DEB-PC

Administrator            Deb                      Guest                   


**** End of log ****

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/13/2013 01:00:38 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Deb\Desktop\rkill\rkill-03-13-2013-01-00-42.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

 * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/13/2013 01:01:00 AM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "BrStsMon00" "Brother Status Monitor Application" "Brother Industries, Ltd." "c:\program files (x86)\browny02\brother\brstmonw.exe"
+ "ControlCenter4" "ControlCenter Launcher" "Brother Industries, Ltd." "c:\program files (x86)\controlcenter4\brccboot.exe"
+ "IndexSearch" "PaperPort IndexSearch" "Nuance Communications, Inc." "c:\program files (x86)\nuance\paperport\indexsearch.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "LManager" "Launch Manager" "Dritek System Inc." "c:\program files (x86)\launch manager\lmanager.exe"
+ "NBAgent" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 10\nero backitup\nbagent.exe"
+ "PaperPort PTD" "PaperPort Print to Desktop for NT" "Nuance Communications, Inc." "c:\program files (x86)\nuance\paperport\pptd40nt.exe"
+ "PDF5 Registry Controller" "PDF Converter Registry Controller" "Nuance Communications, Inc." "c:\program files (x86)\nuance\pdf viewer plus\registrycontroller.exe"
+ "PDFHook" "PdfCreateHook Application" "Nuance Communications, Inc." "c:\program files (x86)\nuance\pdf viewer plus\pdfpro5hook.exe"
+ "PPort12reminder" "Ereg" "Nuance Communications, Inc." "c:\program files (x86)\nuance\paperport\ereg\ereg.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropbox.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\25.0.1364.152\installer\chrmstp.exe"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "EPSON Stylus CX4200 Series" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\x64\3\e_iatiaea.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\deb\appdata\local\google\update\googleupdate.exe"
+ "ISUSPM" "Acresso Software Manager" "Acresso Corporation" "c:\programdata\flexnet\connect\11\isuspm.exe"
+ "OfficeSyncProcess" "Microsoft Office Document Cache" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\msosync.exe"
+ "PhotoShow Deluxe Media Manager" "" "" "c:\program files (x86)\ahead\ahead\data\xtras\mssysmgr.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu64.dll"
+ "Atheros" "Bluetooth Application Extension" "Atheros Commnucations" "c:\program files (x86)\atheros\bluetooth suite\btvappext.dll"
+ "EDSshellExt" "Shell Extention" "Egis Technology Inc." "c:\program files (x86)\egistec mywinlocker\x64\mwlshellext.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
+ "xoftspy" "" "ParetoLogic Inc." "c:\program files (x86)\xoftspyse6\paretoshellext64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "EDSshellExt" "Shell Extention" "Egis Technology Inc." "c:\program files (x86)\egistec mywinlocker\x86\mwlshellext.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 10\nero backitup\nbshell.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "FTShellContext" "ShellContextExt Module" "Atheros Commnucations" "c:\program files (x86)\atheros\bluetooth suite\shellcontextext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "ShredderContextMenu" "ShredderContextMenu" "Egis Technology Inc." "c:\program files (x86)\egistec shredder\x64\shreddercontextmenu.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "ShredderContextMenu" "ShredderContextMenu" "Egis Technology Inc." "c:\program files (x86)\egistec shredder\x86\shreddercontextmenu.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EDSshellExt" "Shell Extention" "Egis Technology Inc." "c:\program files (x86)\egistec mywinlocker\x64\mwlshellext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EDSshellExt" "Shell Extention" "Egis Technology Inc." "c:\program files (x86)\egistec mywinlocker\x86\mwlshellext.dll"
+ "NeroShellExt Class" "Nero Burning ROM Shell Extension" "Nero AG" "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Ath_CopyHook" "AthCopyHook Dynamic Link Library" "Atheros Commnucations" "c:\program files (x86)\atheros\bluetooth suite\athcopyhook.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "xoftspy" "" "ParetoLogic Inc." "c:\program files (x86)\xoftspyse6\paretoshellext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "NBShellHook Class" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 10\nero backitup\nbshell.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "NBShellHook" "Nero BackItUp" "Nero AG" "c:\program files (x86)\nero\nero 10\nero backitup\nbshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "egisPSDP" "PSD DragDrop Protection" "Egis Technology Inc." "c:\program files (x86)\egistec mywinlocker\x64\psdprotect.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\deb\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "egisPSDP" "PSD DragDrop Protection" "Egis Technology Inc." "c:\program files (x86)\egistec mywinlocker\x86\psdprotect.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AddThis Toolbar BHO" "FreeCause Toolbar" "" "c:\program files (x86)\addthis toolbar\toolbar.dll"
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\7.1.361.0\bingext.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "PlusIEEventHelper Class" "PlusIEContextMenu.dll" "Zeon Corporation" "c:\program files (x86)\nuance\pdf viewer plus\bin\plusiecontextmenu.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "AddThis Toolbar" "FreeCause Toolbar" "" "c:\program files (x86)\addthis toolbar\toolbar.dll"
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\7.1.361.0\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3898579296-3472376942-2390934350-1000Core" "Google Installer" "Google Inc." "c:\users\deb\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3898579296-3472376942-2390934350-1000UA" "Google Installer" "Google Inc." "c:\users\deb\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\ParetoLogic Anti-Virus PLUS" "" "" "File not found: C:\Program Files (x86)\ParetoLogic\PLAV\Pareto_AV.exe"
+ "\ParetoLogic Anti-Virus PLUS_dbsummary" "" "" "File not found: C:\Program Files (x86)\ParetoLogic\PLAV\Pareto_AV.exe"
+ "\ParetoLogic Registration3" "Product Update Component" "" "c:\program files (x86)\common files\paretologic\uus3\uus3.dll"
+ "\ParetoLogic Update Version3" "Update Application" "" "c:\program files (x86)\common files\paretologic\uus3\pareto_update3.exe"
+ "\ParetoLogic Update Version3 Startup Task" "Update Application" "" "c:\program files (x86)\common files\paretologic\uus3\pareto_update3.exe"
+ "\PC Health Advisor" "" "" "File not found: C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe"
+ "\PC Health Advisor Defrag" "" "" "File not found: C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sidebar.exe"
+ "\XoftSpySE" "" "ParetoLogic Inc." "c:\program files (x86)\xoftspyse6\xoftspyselauncher.exe"
+ "\{A513A0A6-450E-4BC4-8714-A76A0989A77A}" "iTunes" "Apple Inc." "c:\program files (x86)\itunes\itunes.exe"
+ "\{C897E324-1787-445C-9511-E5604B611CAD}" "iTunes" "Apple Inc." "c:\program files (x86)\itunes\itunes.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Akamai" "Provides networking protocol and file transfer technologies. If the service is stopped, those applications that depend on the service may fail to transfer files or otherwise function properly." "Akamai Technologies, Inc." "c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Atheros Bt&Wlan Coex Agent" "Co-existence Coordinator Service between 11a/b/g/n Wireless LAN and Bluetooth." "Atheros" "c:\program files (x86)\atheros\ath_coexagent.exe"
+ "AtherosSvc" "Atheros BT Stack Service Agent" "Atheros Commnucations" "c:\program files (x86)\atheros\bluetooth suite\adminservice.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\7.1.361.0\bbsvc.exe"
+ "BBUpdate" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\7.1.361.0\seaport.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files (x86)\browny02\brynsvc.exe"
+ "DsiWMIService" "Dritek WMI Service" "Dritek System Inc." "c:\program files (x86)\launch manager\dsiwmis.exe"
+ "ePowerSvc" "Acer ePower Service" "Acer Incorporated" "c:\program files\acer\acer epower management\epowersvc.exe"
+ "EPSON_PM_RPCV4_01" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\programdata\epson\epw!3 ssrp\e_s40rpb.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\acer games\acer game console\gameconsoleservice.exe"
+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files (x86)\google\google desktop search\googledesktop.exe"
+ "GREGService" "Global Registration Service" "Acer Incorporated" "c:\program files (x86)\acer\registration\gregsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MWLService" "MyWinLocker Service" "Egis Technology Inc." "c:\program files (x86)\egistec mywinlocker\x86\mwlservice.exe"
+ "NAUpdate" "Provides access to Nero application updates and manages Nero applications." "Nero AG" "c:\program files (x86)\nero\update\nasvc.exe"
+ "NOBU" "Norton Online Backup Service" "Symantec Corporation" "c:\program files (x86)\symantec\norton online backup\nobuagent.exe"
+ "NTI IScheduleSvc" "NTI IShadow Manage backup/Sync jobs and  etc..." "NewTech Infosystems, Inc." "c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "PDFProFiltSrvPP" "PDFPro IFilter Service" "Nuance Communications, Inc." "c:\program files (x86)\nuance\paperport\pdfprofiltsrvpp.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "Updater Service" "Updater Service" "Acer Group" "c:\program files\acer\acer updater\updaterservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "XoftSpyService" "Provides scanning, cleaning, and quarantining of malware items." "ParetoLogic Inc." "c:\program files (x86)\common files\xoftspyse\6\xoftspyservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BTATH_BUS" "Atheros BUS driver" "Atheros" "c:\windows\system32\drivers\btath_bus.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "ETD" "ETD Control Center" "ELAN Microelectronic Corp." "c:\windows\system32\drivers\etd.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "grmnusb" "grmnusb.sys" "GARMIN Corp." "c:\windows\system32\drivers\grmnusb.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "k57nd60a" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60a.sys"
+ "kl1" "Kaspersky Unified Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kl1.sys"
+ "KLIF" "Kaspersky Lab Interceptor and Filter" "Kaspersky Lab" "c:\windows\system32\drivers\klif.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "mwlPSDFilter" "mwlPSDFilter Filter Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdfilter.sys"
+ "mwlPSDNServ" "mwlPSDNServ Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdnserv.sys"
+ "mwlPSDVDisk" "mwlPSDVdisk Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdvdisk.sys"
+ "Netaapl" "Apple Mobile Device Ethernet" "Apple Inc." "c:\windows\system32\drivers\netaapl64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NTI Corporation" "c:\windows\system32\drivers\ntidrvr.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "UBHelper" "NTI CD-ROM Filter Driver" "NTI Corporation" "c:\windows\system32\drivers\ubhelper.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder (PDVD9)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD9)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD9)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter (PDVD9)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudiocd.ax"
+ "Cyberlink Demuxer 2.0" "CLDemuxer2" "Cyberlink" "c:\program files (x86)\cyberlink\powerdvd9\navfilter\cldemuxer2.ax"
+ "CyberLink Digest Filter (PDVD9)" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\cyberlink\powerdvd9\digestfilter.dll"
+ "CyberLink DVD Navigator (PDVD9)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clnavx.ax"
+ "CyberLink FLV Splitter (PDVD9)" "CyberLink FLV Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clflvsplitter.ax"
+ "CyberLink HD/BD Mixer (PDVD9)" "CLHBMixer" " " "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clhbmixer.ax"
+ "CyberLink Line21 Decoder (PDVD9)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clline21.ax"
+ "CyberLink Matroska Splitter (PDVD9)" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clmkvsplter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD9)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clm4splt.ax"
+ "CyberLink RealAudio Decoder (PDVD9)" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clrmaud.ax"
+ "CyberLink RealMedia Splitter (PDVD9)" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clrmsplitter.ax"
+ "CyberLink RealVideo Decoder (PDVD9)" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clrmvd.ax"
+ "Cyberlink SubTitle Importor (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD9)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clauts.ax"
+ "CyberLink Tzan Filter (PDVD9)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\cltzan.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clvsd.ax"
+ "DV Scenes" "NeroVision Express" "Ahead Software AG" "c:\program files (x86)\ahead\nerovision\nvdv.dll"
+ "DV Source Filter" "NeroVision Express" "Ahead Software AG" "c:\program files (x86)\ahead\nerovision\nvdv.dll"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Encoder" " " "Ahead Software AG
Karlsbad
Germany
Phone: ++49-7248-911-800
Fax: ++49-7248-911-888
E-Mail: info@nero.com" "c:\program files (x86)\common files\ahead\dsfilter\neaudioenc.ax"
+ "Nero Audio Processor" "Audio Processor" "Ahead Software AG
 " "c:\program files (x86)\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Digital Audio Decoding Filter" "Ahead Software AG and its licensors" "c:\program files (x86)\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital Audio Encoder" "LC AAC and HE AAC encoder" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital File Writer" "Muxing filter for NeroDigital file format" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Muxer" "Muxing filter for NeroDigital file format" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\ndparser.ax"
+ "Nero Digital Video Encoder" "MP4 video encoder filter" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nendvid.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 video decoder w/ DxVA" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "Nero DVD Navigator Filter" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero Library" "Ahead Software AG
 " "c:\program files (x86)\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "NeroFormatConv" "" "c:\program files (x86)\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\necapture.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Audio Decoder" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\neqtadec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Video Decoder" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\neqtvdec.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 video decoder w/ DxVA" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Ahead Software AG" "c:\program files (x86)\common files\ahead\dsfilter\nerender.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "SlideShow" "" "" "c:\program files (x86)\nti\nti media maker 9\media maker\slideshow.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~2\Google\GOBCA7~1\GO36F4~1.DLL" "Google Desktop" "Google" "c:\program files (x86)\google\google desktop search\googledesktopnetwork3.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port  Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"
+ "Epson Inbox Language Monitor01" "Epson Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm01.dll"
+ "EPSON Stylus CX4200 Series 64MonitorBA" "EPSON Bi-directional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_ilmaea.dll"



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 PM

Posted 13 March 2013 - 10:51 AM

Other logs?

 

Press Windows+R key and type

 

%temp% and click ok

 

Copy the SMTMP folder to desktop

 

Download UNHIDE from here

 

http://www.bleepingcomputer.com/download/unhide/dl/6/

 

Run it and this should restore the hidden files.



#11 happydeb

happydeb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:11:49 AM

Posted 13 March 2013 - 07:00 PM

I'm confused. You sound as though you did not see all seven of the log files that you requested me to post. They are all there pasted one after another in my reply in the order requested. The files on my desktop were restored after I ran AVAST in safemode. After that everything was okay, except the virus and some of its components were still lurking in my computer but they should be all cleaned out by now since I ran all those scans and removed them. I'm sorry if I wasn't clear on that point. I did the windows+R and %temtp%. It did show me folders in my temp file but it did not include a folder called SMTMP. Everything is fixed now right? I'm only wondering about how to make choices about what startup processes to terminate now.



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 PM

Posted 13 March 2013 - 07:38 PM

You didnot post malwarebytes log,adware cleaner,junkware removal tool log,farbar service scanner log.



#13 happydeb

happydeb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:11:49 AM

Posted 13 March 2013 - 08:28 PM

I'm sorry, I believe too much time elapsed between pasting some of the logs and pasting the rest, although the refresh did not show on my screen. So only part of what I added was actually posted. Or I just got confused about what I had posted, I'm easily confused. This is what I thought I posted minus RKill and Autoruns which you have already seen.

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Deb :: DEB-PC [administrator]

Protection: Disabled

3/12/2013 11:39:20 PM
mbam-log-2013-03-12 (23-39-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225323
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar  Version:05-03-2013
Ran by Deb (administrator) on 12-03-2013 at 23:58:33
Running from "C:\Users\Deb\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Deb-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 02-F4-6A-84-10-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 18-F4-6A-84-10-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1450:72a3:4396:dc4%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 12, 2013 11:34:27 PM
   Lease Expires . . . . . . . . . . : Saturday, April 19, 2149 6:26:58 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 219739242
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-96-3A-14-1C-75-08-4A-0A-D3
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 1C-75-08-4A-0A-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1cec:1365:b738:6f7c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1cec:1365:b738:6f7c%18(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4007:800::1004
   74.125.239.1
   74.125.239.2
   74.125.239.3
   74.125.239.4
   74.125.239.5
   74.125.239.6
   74.125.239.7
   74.125.239.8
   74.125.239.9
   74.125.239.14
   74.125.239.0


Pinging google.com [74.125.239.1] with 32 bytes of data:
Reply from 74.125.239.1: bytes=32 time=40ms TTL=55
Reply from 74.125.239.1: bytes=32 time=42ms TTL=55

Ping statistics for 74.125.239.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 42ms, Average = 41ms
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=505ms TTL=52
Reply from 98.139.183.24: bytes=32 time=443ms TTL=52

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 443ms, Maximum = 505ms, Average = 474ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...02 f4 6a 84 10 ef ......Microsoft Virtual WiFi Miniport Adapter
 11...18 f4 6a 84 10 ef ......Atheros AR5B97 Wireless Network Adapter
 10...1c 75 08 4a 0a d3 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.4    281
      192.168.2.4  255.255.255.255         On-link       192.168.2.4    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 18     58 2001::/32                On-link
 18    306 2001:0:9d38:6ab8:1cec:1365:b738:6f7c/128
                                    On-link
 11    281 fe80::/64                On-link
 18    306 fe80::/64                On-link
 11    281 fe80::1450:72a3:4396:dc4/128
                                    On-link
 18    306 fe80::1cec:1365:b738:6f7c/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/12/2013 11:08:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2013 02:11:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2013 01:59:14 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Error: (03/12/2013 01:09:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2013 09:27:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2013 09:26:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/11/2013 06:02:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (03/11/2013 04:06:03 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {59807748-98b8-40ed-b551-65a6a5b7237a}

Error: (03/09/2013 07:58:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12636

Error: (03/09/2013 07:58:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12636


System errors:
=============
Error: (03/12/2013 11:35:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/12/2013 11:35:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/12/2013 11:29:52 PM) (Source: Service Control Manager) (User: )
Description: The XoftSpyService service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/12/2013 11:07:35 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/12/2013 11:07:35 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/12/2013 07:45:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/12/2013 11:08:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\malware\esetsmartinstaller_enu.exe

Error: (03/12/2013 02:11:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\malware\esetsmartinstaller_enu.exe

Error: (03/12/2013 01:59:14 PM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x8007043c

Error: (03/12/2013 01:09:49 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\malware\esetsmartinstaller_enu.exe

Error: (03/11/2013 09:27:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Deb\Desktop\esetsmartinstaller_enu.exe

Error: (03/11/2013 09:26:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\malware\esetsmartinstaller_enu.exe

Error: (03/11/2013 06:02:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (03/11/2013 04:06:03 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {59807748-98b8-40ed-b551-65a6a5b7237a}

Error: (03/09/2013 07:58:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12636

Error: (03/09/2013 07:58:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12636


=========================== Installed Programs ============================

18 Wheels of Steel - American Long Haul (Version: 2.2.0.95)
7-zip v9.20 (Version: v9.20)
Acer Backup Manager (Version: 2.0.0.68)
Acer Crystal Eye Webcam (Version: 5.3.30.1)
Acer ePower Management (Version: 5.00.3005)
Acer eRecovery Management (Version: 4.05.3013)
Acer Game Console
Acer Games (Version: 1.0.1.3)
Acer Registration (Version: 1.03.3003)
Acer ScreenSaver (Version: 1.1.0707.2010)
Acer Updater (Version: 1.02.3001)
Acrobat.com (Version: 1.6.65)
AddThis Toolbar (Version: 1.658)
Adobe Acrobat  9 Standard (Version: 9.5.4)
Adobe Acrobat 9.5.4 - CPSID_83708
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
Akamai NetSession Interface
Akamai NetSession Interface Service
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros WLAN and Bluetooth Client Installation Program (Version: 9.0)
Backup Manager Basic (Version: 2.0.0.68)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.1.361.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bluetooth Win7 Suite (64) (Version: 7.02.000.6)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
Brother MFL-Pro Suite MFC-J6710DW (Version: 1.0.27.0)
Build-a-lot 2 (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CNDDB RareFind 3 Commercial (Version: 3.01.01)
CyberLink PowerDVD 9 (Version: 9.0.3216.50)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DNRGarmin (Version: 5.04.0001)
Dora's Carnival Adventure (Version: 2.2.0.95)
Dropbox (Version: 1.6.16)
eBay Worldwide (Version: 2.1.0901)
eMusic Download Manager (Version: 5.0.5)
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
eSobi v2 (Version: 2.0.4.000274)
ETDWare PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5)
FATE (Version: 2.2.0.95)
GEPath 1.4.4a
Google Chrome (Version: 25.0.1364.152)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 3.15.2.12038)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
High-Definition Video Playback (Version: 11.1.11500.4.273)
iCloud (Version: 2.1.1.3)
Identity Card (Version: 1.00.3003)
InstallIQ Updater (Version: 1.4.3.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Processor Graphics (Version: 8.15.10.2622)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 11.0.2.26)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.0 (Version: 2.1.0)
Jewel Quest - Heritage (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 4.0.14)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MusicOasis (Version: 1.0.3)
MyWinLocker (Version: 3.1.212.0)
MyWinLocker Suite (Version: 3.1.212.0)
Nero 10 Menu TemplatePack Basic (Version: 10.6.10000.0.0)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 10 (Version: 5.8.10600.6.100)
Nero BackItUp 10 Help (CHM) (Version: 10.6.10600)
Nero Burning ROM 10 (Version: 10.6.10700.5.100)
Nero BurningROM 10 Help (CHM) (Version: 10.6.10600)
Nero BurnRights 10 (Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (Version: 10.6.10600)
Nero Control Center 10 (Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (Version: 10.6.10700)
Nero Core Components 10 (Version: 2.0.19900.9.11)
Nero CoverDesigner 10 (Version: 5.6.10600.4.100)
Nero CoverDesigner 10 Help (CHM) (Version: 10.6.10600)
Nero DiscSpeed 10 (Version: 6.4.10500.1.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.6.10600)
Nero Express 10 (Version: 10.6.10800.6.100)
Nero Express 10 Help (CHM) (Version: 10.6.10600)
Nero InfoTool 10 (Version: 7.4.10300.1.100)
Nero InfoTool 10 Help (CHM) (Version: 10.6.10600)
Nero Kwik Media (Version: 1.6.16600.75.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10300)
Nero Multimedia Suite 10 (Version: 10.6.11300)
Nero PhotoShow Express (Version: 3.0)
Nero Recode 10 (Version: 4.10.10700.5.100)
Nero Recode 10 Help (CHM) (Version: 10.6.10600)
Nero RescueAgent 10 (Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (Version: 10.6.10700)
Nero SoundTrax 10 (Version: 4.10.10500.4.100)
Nero SoundTrax 10 Help (CHM) (Version: 10.6.10600)
Nero StartSmart 10 (Version: 10.6.10500.3.100)
Nero StartSmart 10 Help (CHM) (Version: 10.6.10600)
Nero Suite
Nero Update (Version: 11.0.11500.28.0)
Nero Vision 10 (Version: 7.4.11000.9.100)
Nero Vision 10 Help (CHM) (Version: 10.6.10600)
Nero WaveEditor 10 (Version: 5.10.10700.6.100)
Nero WaveEditor 10 Help (CHM) (Version: 10.6.10600)
NOOK for PC (Version: 2.5.1.237)
Norton Online Backup (Version: 2.1.17869)
NTI Media Maker 9 (Version: 9.0.2.8939)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
Paint.NET v3.5.8 (Version: 3.58.0)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
Penguins! (Version: 2.2.0.95)
Picasa 3 (Version: 3.8)
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Quicken 2009 (Version: 18.1.1.29)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30122)
Scansoft PDF Professional
Shredder (Version: 2.0.8.3)
Times Reader (Version: 2.055)
TweakGDS version 1.1.3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VLC media player 2.0.1 (Version: 2.0.1)
Welcome Center (Version: 1.02.3005)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
XoftSpySE (Version: 7.0.1.0)
Zuma's Revenge (Version: 2.2.0.95)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3766.71 MB
Available physical RAM: 2226.54 MB
Total Pagefile: 7531.61 MB
Available Pagefile: 5873.69 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.3 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:155.05 GB) NTFS
3 Drive e: () (Removable) (Total:14.83 GB) (Free:14.3 GB) FAT32
4 Drive f: () (Removable) (Total:1.94 GB) (Free:0.51 GB) FAT

========================= Users: ========================================

User accounts for \\DEB-PC

Administrator            Deb                      Guest                   


**** End of log ****

Farbar Service Scanner Version: 03-03-2013
Ran by Deb (administrator) on 13-03-2013 at 00:02:50
Running from "C:\Users\Deb\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 00:05:07
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Deb - DEB-PC
# Boot Mode : Normal
# Running from : C:\Users\Deb\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Deb\AppData\Local\Conduit
Folder Found : C:\Users\Deb\AppData\LocalLow\Conduit
Folder Found : C:\Users\Deb\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKLM\SOFTWARE\Classes\FCTB000061107.FCTB000061107Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000061107.FCTB000061107Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000061107.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000061107.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000061107.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000061107.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\FCTB000061107
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-3898579296-3472376942-2390934350-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2647 octets] - [13/03/2013 00:05:07]

########## EOF - C:\AdwCleaner[R1].txt - [2707 octets] ##########

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 00:05:48
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Deb - DEB-PC
# Boot Mode : Normal
# Running from : C:\Users\Deb\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Deb\AppData\Local\Conduit
Folder Deleted : C:\Users\Deb\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Deb\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.FCTB000061107Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.FCTB000061107Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000061107
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2774 octets] - [13/03/2013 00:05:07]
AdwCleaner[S1].txt - [2614 octets] - [13/03/2013 00:05:48]

########## EOF - C:\AdwCleaner[S1].txt - [2674 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Deb on Wed 03/13/2013 at  0:21:30.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\Users\Deb\AppData\LocalLow\FCTB000061107
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/13/2013 at  0:38:30.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 PM

Posted 13 March 2013 - 08:36 PM

Launch Adware cleaner and click on DELETE

 

Post the new log

 

Current issues?



#15 happydeb

happydeb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:11:49 AM

Posted 13 March 2013 - 09:18 PM

Back again. Okay here is the new Adware Cleaner log. The only current issues are deleting some popup reminders to schedule or renew my old Pareto logic programs which I have unistalled. I read about how to do that in autoruns. There are some programs I have questions about as far as cleaning things up a bit too. but that is another forum I believe. I can't thank you enough!

Deb

:bowdown:

 

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 18:59:15
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Deb - DEB-PC
# Boot Mode : Normal
# Running from : C:\Users\Deb\Desktop\Keep it Clean\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2774 octets] - [13/03/2013 00:05:07]
AdwCleaner[S1].txt - [2741 octets] - [13/03/2013 00:05:48]
AdwCleaner[S2].txt - [783 octets] - [13/03/2013 18:59:15]

########## EOF - C:\AdwCleaner[S2].txt - [842 octets] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users