1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible Trojan:DOS/Alureon.A

Discussion in 'Virus & Other Malware Removal' started by batsinthedark, Feb 19, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. batsinthedark

    batsinthedark Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    16
    Hi. A while back I started having problems with my PC. It starts acting weird whenever it is connected to the internet. For a few minutes, it works fine. After that, I can't start any windows programs, like Solitaire or Media player or Task Manager. Also, after I open a certain number of web pages the internet becomes very slow and non-responsive. It also has problems shutting down correctly. If I never let my computer connect to the internet, it works fine. Sometimes, my computer works just fine with the internet. I have no way of knowing until it messes up. Recently, I was putting in Windows updates and some failed because of an FFFFFFFE error, indicating that there was malware in my PC. The Windows Malware Removal tool ran with the updates and said I had a Trojan:DOS/Alureon.A and that it had partially removed it. It also told me to run a full scan with an antivirus software to completely get rid of it. I ran a full scan with McAfee and it found nothing, but the problems continue. Please help me.
    I should mention that when HijackThis was scanning for the log it said it was "denied write access to the Hosts file".

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:06:25 PM, on 2/19/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17197)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\miranda\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27361209f745l03g4z195t48j2x22p
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27361209f745l03g4z195t48j2x22p
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27361209f745l03g4z195t48j2x22p
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - {5a64f979-2f93-4707-884b-1003bdf91fe4} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101130161414.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKCU\..\Run: [75535025] C:\ProgramData\75535025\75535025.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
    O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/cinematycoon.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/BINGAME/POPCAPLOADER_V10.CAB
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15047 bytes
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Please download the latest version of TDSSKiller from here:
    http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


      [​IMG]

    • Put a checkmark beside loaded modules.


      [​IMG]

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.


      [​IMG]

    • Click the Start Scan button.


      [​IMG]

    • The scan will be quick.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.


      [​IMG]

    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin....
     
  3. batsinthedark

    batsinthedark Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    16
    It created three logs, but this is the most recent.

    16:08:22.0171 2344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    16:08:24.0199 2344 ============================================================
    16:08:24.0199 2344 Current date / time: 2013/02/19 16:08:24.0199
    16:08:24.0199 2344 SystemInfo:
    16:08:24.0199 2344
    16:08:24.0199 2344 OS Version: 6.1.7600 ServicePack: 0.0
    16:08:24.0199 2344 Product type: Workstation
    16:08:24.0199 2344 ComputerName: MIRANDA-PC
    16:08:24.0199 2344 UserName: miranda
    16:08:24.0199 2344 Windows directory: C:\Windows
    16:08:24.0199 2344 System windows directory: C:\Windows
    16:08:24.0199 2344 Running under WOW64
    16:08:24.0199 2344 Processor architecture: Intel x64
    16:08:24.0199 2344 Number of processors: 1
    16:08:24.0199 2344 Page size: 0x1000
    16:08:24.0199 2344 Boot type: Normal boot
    16:08:24.0199 2344 ============================================================
    16:08:27.0631 2344 BG loaded
    16:08:28.0520 2344 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:08:28.0536 2344 ============================================================
    16:08:28.0536 2344 \Device\Harddisk0\DR0:
    16:08:28.0536 2344 MBR partitions:
    16:08:28.0536 2344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
    16:08:28.0536 2344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
    16:08:28.0536 2344 ============================================================
    16:08:28.0567 2344 C: <-> \Device\Harddisk0\DR0\Partition2
    16:08:28.0567 2344 ============================================================
    16:08:28.0567 2344 Initialize success
    16:08:28.0567 2344 ============================================================
    16:09:25.0201 3068 Deinitialize success
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    That one is not correct, does not show a full log..
     
  5. batsinthedark

    batsinthedark Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    16
    Is it this one? It's the longest one.

    15:57:03.0818 3204 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    15:57:04.0832 3204 ============================================================
    15:57:04.0832 3204 Current date / time: 2013/02/19 15:57:04.0832
    15:57:04.0832 3204 SystemInfo:
    15:57:04.0832 3204
    15:57:04.0832 3204 OS Version: 6.1.7600 ServicePack: 0.0
    15:57:04.0832 3204 Product type: Workstation
    15:57:04.0832 3204 ComputerName: MIRANDA-PC
    15:57:04.0832 3204 UserName: miranda
    15:57:04.0832 3204 Windows directory: C:\Windows
    15:57:04.0832 3204 System windows directory: C:\Windows
    15:57:04.0832 3204 Running under WOW64
    15:57:04.0832 3204 Processor architecture: Intel x64
    15:57:04.0832 3204 Number of processors: 1
    15:57:04.0832 3204 Page size: 0x1000
    15:57:04.0832 3204 Boot type: Normal boot
    15:57:04.0832 3204 ============================================================
    15:57:06.0408 3204 BG loaded
    15:57:07.0843 3204 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:57:07.0843 3204 ============================================================
    15:57:07.0843 3204 \Device\Harddisk0\DR0:
    15:57:07.0843 3204 MBR partitions:
    15:57:07.0843 3204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
    15:57:07.0843 3204 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
    15:57:07.0843 3204 ============================================================
    15:57:07.0874 3204 C: <-> \Device\Harddisk0\DR0\Partition2
    15:57:07.0874 3204 ============================================================
    15:57:07.0874 3204 Initialize success
    15:57:07.0874 3204 ============================================================
    16:00:31.0285 3240 ============================================================
    16:00:31.0285 3240 Scan started
    16:00:31.0285 3240 Mode: Manual; SigCheck; TDLFS;
    16:00:31.0285 3240 ============================================================
    16:00:36.0059 3240 ================ Scan system memory ========================
    16:00:36.0059 3240 System memory - ok
    16:00:36.0137 3240 ================ Scan services =============================
    16:00:36.0433 3240 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    16:00:38.0493 3240 1394ohci - ok
    16:00:38.0617 3240 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    16:00:38.0649 3240 ACPI - ok
    16:00:38.0680 3240 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    16:00:38.0836 3240 AcpiPmi - ok
    16:00:39.0148 3240 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:00:39.0241 3240 AdobeARMservice - ok
    16:00:39.0351 3240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    16:00:39.0413 3240 adp94xx - ok
    16:00:39.0475 3240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    16:00:39.0522 3240 adpahci - ok
    16:00:39.0663 3240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    16:00:39.0756 3240 adpu320 - ok
    16:00:39.0850 3240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:00:40.0271 3240 AeLookupSvc - ok
    16:00:40.0365 3240 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    16:00:40.0692 3240 AFD - ok
    16:00:40.0739 3240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    16:00:40.0770 3240 agp440 - ok
    16:00:40.0848 3240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    16:00:41.0363 3240 ALG - ok
    16:00:41.0394 3240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    16:00:41.0425 3240 aliide - ok
    16:00:41.0488 3240 [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    16:00:41.0956 3240 AMD External Events Utility - ok
    16:00:41.0987 3240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    16:00:42.0018 3240 amdide - ok
    16:00:42.0205 3240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    16:00:42.0393 3240 AmdK8 - ok
    16:00:42.0424 3240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    16:00:42.0580 3240 AmdPPM - ok
    16:00:42.0673 3240 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    16:00:42.0829 3240 amdsata - ok
    16:00:42.0954 3240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    16:00:43.0001 3240 amdsbs - ok
    16:00:43.0063 3240 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    16:00:43.0204 3240 amdxata - ok
    16:00:43.0266 3240 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    16:00:43.0516 3240 AppID - ok
    16:00:43.0563 3240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    16:00:43.0765 3240 AppIDSvc - ok
    16:00:43.0859 3240 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    16:00:44.0077 3240 Appinfo - ok
    16:00:44.0155 3240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    16:00:44.0187 3240 arc - ok
    16:00:44.0218 3240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    16:00:44.0265 3240 arcsas - ok
    16:00:44.0530 3240 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:00:44.0701 3240 aspnet_state - ok
    16:00:44.0779 3240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:00:44.0904 3240 AsyncMac - ok
    16:00:44.0951 3240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    16:00:44.0982 3240 atapi - ok
    16:00:45.0201 3240 [ B2C3A8618867404475228F7DD260698B ] athr C:\Windows\system32\DRIVERS\athrx.sys
    16:00:45.0403 3240 athr - ok
    16:00:45.0871 3240 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    16:00:46.0605 3240 atikmdag - ok
    16:00:46.0745 3240 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    16:00:46.0901 3240 AtiPcie - ok
    16:00:47.0182 3240 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
    16:00:47.0463 3240 atksgt - ok
    16:00:47.0665 3240 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:00:47.0837 3240 AudioEndpointBuilder - ok
    16:00:47.0993 3240 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    16:00:48.0102 3240 AudioSrv - ok
    16:00:48.0165 3240 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    16:00:48.0336 3240 AxInstSV - ok
    16:00:48.0414 3240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    16:00:48.0570 3240 b06bdrv - ok
    16:00:48.0633 3240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:00:48.0757 3240 b57nd60a - ok
    16:00:49.0007 3240 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    16:00:49.0366 3240 BCM43XX - ok
    16:00:49.0413 3240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    16:00:49.0553 3240 BDESVC - ok
    16:00:49.0615 3240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:00:49.0740 3240 Beep - ok
    16:00:49.0849 3240 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    16:00:49.0974 3240 BFE - ok
    16:00:50.0099 3240 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
    16:00:50.0224 3240 BITS - ok
    16:00:50.0302 3240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    16:00:50.0364 3240 blbdrive - ok
    16:00:50.0411 3240 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:00:50.0645 3240 bowser - ok
    16:00:50.0692 3240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:00:50.0770 3240 BrFiltLo - ok
    16:00:50.0785 3240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:00:50.0832 3240 BrFiltUp - ok
    16:00:50.0910 3240 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    16:00:51.0097 3240 Browser - ok
    16:00:51.0144 3240 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    16:00:51.0253 3240 Brserid - ok
    16:00:51.0285 3240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    16:00:51.0347 3240 BrSerWdm - ok
    16:00:51.0363 3240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:00:51.0409 3240 BrUsbMdm - ok
    16:00:51.0487 3240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    16:00:51.0534 3240 BrUsbSer - ok
    16:00:51.0690 3240 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
    16:00:51.0706 3240 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
    16:00:51.0706 3240 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
    16:00:51.0737 3240 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    16:00:51.0799 3240 BTHMODEM - ok
    16:00:51.0924 3240 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    16:00:52.0033 3240 bthserv - ok
    16:00:52.0065 3240 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:00:52.0189 3240 cdfs - ok
    16:00:52.0252 3240 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:00:52.0314 3240 cdrom - ok
    16:00:52.0361 3240 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    16:00:52.0501 3240 CertPropSvc - ok
    16:00:52.0548 3240 [ E02C9CDB15F13DE4EB2FF67660E62317 ] cfwids C:\Windows\system32\drivers\cfwids.sys
    16:00:52.0564 3240 cfwids - ok
    16:00:52.0626 3240 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    16:00:52.0735 3240 circlass - ok
    16:00:52.0829 3240 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    16:00:52.0891 3240 CLFS - ok
    16:00:53.0001 3240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:00:53.0032 3240 clr_optimization_v2.0.50727_32 - ok
    16:00:53.0905 3240 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:00:54.0171 3240 clr_optimization_v2.0.50727_64 - ok
    16:00:54.0358 3240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:00:55.0247 3240 clr_optimization_v4.0.30319_32 - ok
    16:00:55.0325 3240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:00:55.0559 3240 clr_optimization_v4.0.30319_64 - ok
    16:00:55.0637 3240 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    16:00:55.0762 3240 CmBatt - ok
    16:00:55.0793 3240 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    16:00:55.0824 3240 cmdide - ok
    16:00:55.0933 3240 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    16:00:56.0355 3240 CNG - ok
    16:00:56.0433 3240 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    16:00:56.0464 3240 Compbatt - ok
    16:00:56.0511 3240 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    16:00:56.0573 3240 CompositeBus - ok
    16:00:56.0604 3240 COMSysApp - ok
    16:00:56.0635 3240 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    16:00:56.0667 3240 crcdisk - ok
    16:00:56.0791 3240 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:00:57.0025 3240 CryptSvc - ok
    16:00:57.0135 3240 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:00:57.0244 3240 DcomLaunch - ok
    16:00:57.0337 3240 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    16:00:57.0493 3240 defragsvc - ok
    16:00:57.0587 3240 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:00:57.0805 3240 DfsC - ok
    16:00:57.0993 3240 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    16:00:58.0149 3240 Dhcp - ok
    16:00:58.0195 3240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    16:00:58.0336 3240 discache - ok
    16:00:58.0367 3240 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    16:00:58.0414 3240 Disk - ok
    16:00:58.0663 3240 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
    16:00:58.0819 3240 DKbFltr - ok
    16:00:58.0944 3240 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:00:59.0116 3240 Dnscache - ok
    16:00:59.0178 3240 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    16:00:59.0287 3240 dot3svc - ok
    16:00:59.0334 3240 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    16:00:59.0443 3240 DPS - ok
    16:00:59.0568 3240 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:00:59.0646 3240 drmkaud - ok
    16:00:59.0849 3240 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:01:00.0255 3240 DXGKrnl - ok
    16:01:00.0301 3240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    16:01:00.0504 3240 EapHost - ok
    16:01:01.0269 3240 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    16:01:01.0877 3240 ebdrv - ok
    16:01:01.0924 3240 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    16:01:02.0158 3240 EFS - ok
    16:01:02.0345 3240 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:01:02.0548 3240 ehRecvr - ok
    16:01:02.0579 3240 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    16:01:02.0657 3240 ehSched - ok
    16:01:02.0735 3240 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    16:01:02.0782 3240 elxstor - ok
    16:01:02.0969 3240 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    16:01:03.0109 3240 ePowerSvc - ok
    16:01:03.0156 3240 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    16:01:03.0219 3240 ErrDev - ok
    16:01:03.0328 3240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    16:01:03.0453 3240 EventSystem - ok
    16:01:03.0499 3240 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    16:01:03.0609 3240 exfat - ok
    16:01:03.0671 3240 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:01:03.0796 3240 fastfat - ok
    16:01:03.0983 3240 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    16:01:04.0092 3240 Fax - ok
    16:01:04.0170 3240 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    16:01:04.0248 3240 fdc - ok
    16:01:04.0342 3240 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    16:01:04.0420 3240 fdPHost - ok
    16:01:04.0451 3240 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    16:01:04.0560 3240 FDResPub - ok
    16:01:04.0591 3240 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:01:04.0623 3240 FileInfo - ok
    16:01:04.0654 3240 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:01:04.0779 3240 Filetrace - ok
    16:01:04.0810 3240 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    16:01:04.0872 3240 flpydisk - ok
    16:01:04.0997 3240 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:01:05.0044 3240 FltMgr - ok
    16:01:05.0153 3240 [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys
    16:01:05.0387 3240 FlyUsb - ok
    16:01:05.0481 3240 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    16:01:05.0605 3240 FontCache - ok
    16:01:05.0699 3240 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:01:05.0730 3240 FontCache3.0.0.0 - ok
    16:01:05.0777 3240 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    16:01:05.0808 3240 FsDepends - ok
    16:01:05.0995 3240 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    16:01:06.0214 3240 fssfltr - ok
    16:01:06.0619 3240 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    16:01:07.0446 3240 fsssvc - ok
    16:01:07.0493 3240 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:01:07.0633 3240 Fs_Rec - ok
    16:01:07.0727 3240 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    16:01:07.0867 3240 fvevol - ok
    16:01:07.0945 3240 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:01:07.0992 3240 gagp30kx - ok
    16:01:08.0070 3240 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    16:01:08.0179 3240 gpsvc - ok
    16:01:08.0445 3240 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    16:01:10.0535 3240 Greg_Service - ok
    16:01:10.0582 3240 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    16:01:10.0675 3240 hcw85cir - ok
    16:01:10.0769 3240 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:01:10.0847 3240 HdAudAddService - ok
    16:01:10.0941 3240 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:01:11.0019 3240 HDAudBus - ok
    16:01:11.0065 3240 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    16:01:11.0190 3240 HidBatt - ok
    16:01:11.0237 3240 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    16:01:11.0299 3240 HidBth - ok
    16:01:11.0315 3240 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    16:01:11.0377 3240 HidIr - ok
    16:01:11.0440 3240 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    16:01:11.0565 3240 hidserv - ok
    16:01:11.0689 3240 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:01:11.0736 3240 HidUsb - ok
    16:01:11.0814 3240 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:01:12.0033 3240 hkmsvc - ok
    16:01:12.0157 3240 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:01:12.0267 3240 HomeGroupListener - ok
    16:01:12.0360 3240 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:01:12.0407 3240 HomeGroupProvider - ok
    16:01:12.0469 3240 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    16:01:12.0516 3240 HpSAMD - ok
    16:01:12.0579 3240 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:01:12.0719 3240 HTTP - ok
    16:01:12.0750 3240 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:01:12.0797 3240 hwpolicy - ok
    16:01:12.0875 3240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    16:01:12.0922 3240 i8042prt - ok
    16:01:13.0078 3240 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:01:13.0312 3240 iaStorV - ok
    16:01:13.0593 3240 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    16:01:14.0607 3240 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    16:01:14.0607 3240 IDriverT - detected UnsignedFile.Multi.Generic (1)
    16:01:14.0763 3240 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:01:15.0090 3240 idsvc - ok
    16:01:15.0246 3240 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    16:01:15.0277 3240 iirsp - ok
    16:01:15.0340 3240 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    16:01:15.0480 3240 IKEEXT - ok
    16:01:15.0933 3240 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    16:01:16.0369 3240 IntcAzAudAddService - ok
    16:01:16.0432 3240 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    16:01:16.0463 3240 intelide - ok
    16:01:16.0822 3240 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    16:01:17.0259 3240 intelppm - ok
    16:01:17.0493 3240 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:01:17.0602 3240 IPBusEnum - ok
    16:01:17.0664 3240 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:01:17.0742 3240 IpFilterDriver - ok
    16:01:17.0789 3240 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    16:01:17.0898 3240 iphlpsvc - ok
    16:01:17.0945 3240 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    16:01:17.0992 3240 IPMIDRV - ok
    16:01:18.0054 3240 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:01:18.0148 3240 IPNAT - ok
    16:01:18.0273 3240 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:01:18.0319 3240 IRENUM - ok
    16:01:18.0413 3240 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    16:01:18.0444 3240 isapnp - ok
    16:01:18.0522 3240 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    16:01:18.0569 3240 iScsiPrt - ok
    16:01:18.0756 3240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:01:18.0787 3240 kbdclass - ok
    16:01:18.0959 3240 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    16:01:19.0053 3240 kbdhid - ok
    16:01:19.0131 3240 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    16:01:19.0162 3240 KeyIso - ok
    16:01:19.0255 3240 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:01:19.0411 3240 KSecDD - ok
    16:01:19.0458 3240 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:01:19.0599 3240 KSecPkg - ok
    16:01:19.0677 3240 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    16:01:19.0817 3240 ksthunk - ok
    16:01:19.0895 3240 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:01:20.0004 3240 KtmRm - ok
    16:01:20.0067 3240 [ 2377EC4CC3E356655B996F39B43486B6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    16:01:20.0332 3240 L1C - ok
    16:01:20.0550 3240 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
    16:01:20.0737 3240 LanmanServer - ok
    16:01:20.0925 3240 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:01:21.0221 3240 LanmanWorkstation - ok
    16:01:21.0377 3240 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
    16:01:22.0032 3240 lirsgt - ok
    16:01:22.0126 3240 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:01:22.0282 3240 lltdio - ok
    16:01:22.0407 3240 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:01:22.0547 3240 lltdsvc - ok
    16:01:22.0594 3240 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:01:22.0687 3240 lmhosts - ok
    16:01:22.0750 3240 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:01:22.0781 3240 LSI_FC - ok
    16:01:22.0906 3240 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:01:22.0937 3240 LSI_SAS - ok
    16:01:23.0031 3240 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:01:23.0062 3240 LSI_SAS2 - ok
    16:01:23.0140 3240 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:01:23.0171 3240 LSI_SCSI - ok
    16:01:23.0218 3240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    16:01:23.0374 3240 luafv - ok
    16:01:23.0530 3240 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
    16:01:24.0279 3240 McAfee SiteAdvisor Service - ok
    16:01:24.0918 3240 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
    16:01:25.0542 3240 McComponentHostService - ok
    16:01:25.0917 3240 [ 458A013DF72EAAB91877FA03533E2C8B ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:01:25.0963 3240 McMPFSvc - ok
    16:01:26.0119 3240 [ 458A013DF72EAAB91877FA03533E2C8B ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:01:26.0166 3240 mcmscsvc - ok
    16:01:26.0229 3240 [ 458A013DF72EAAB91877FA03533E2C8B ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:01:26.0260 3240 McNaiAnn - ok
    16:01:26.0338 3240 [ 458A013DF72EAAB91877FA03533E2C8B ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:01:26.0385 3240 McNASvc - ok
    16:01:26.0650 3240 [ 3809B77EB1734CD5FB317425F188ABC1 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
    16:01:26.0697 3240 McODS - ok
    16:01:26.0790 3240 [ 458A013DF72EAAB91877FA03533E2C8B ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:01:26.0837 3240 McProxy - ok
    16:01:27.0180 3240 [ 461EABB62F1827B965F508092160EDDC ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    16:01:27.0726 3240 McShield - ok
    16:01:27.0773 3240 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:01:27.0835 3240 Mcx2Svc - ok
    16:01:27.0898 3240 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    16:01:27.0929 3240 megasas - ok
    16:01:27.0976 3240 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    16:01:28.0023 3240 MegaSR - ok
    16:01:28.0272 3240 [ C1556CA9695FCD6BBD23D75D402FD43D ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    16:01:28.0303 3240 mfeapfk - ok
    16:01:28.0350 3240 [ 8857EE8B49F3338FC1FAD476BFCCA146 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    16:01:28.0522 3240 mfeavfk - ok
    16:01:28.0678 3240 mfeavfk01 - ok
    16:01:28.0756 3240 [ DD92E94E265864306377F091B100D0D0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    16:01:28.0927 3240 mfefire - ok
    16:01:29.0083 3240 [ 19C44295F6BF085C83352D48397F7870 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    16:01:29.0271 3240 mfefirek - ok
    16:01:29.0395 3240 [ 5F915E20AB56121C41C6BF9A91A83BDA ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    16:01:29.0614 3240 mfehidk - ok
    16:01:29.0723 3240 [ 23AE332E32FF615CA5E5224C8D91AF11 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
    16:01:29.0910 3240 mfenlfk - ok
    16:01:29.0988 3240 [ 9C7A9273E345F8D653394B5C542BF86A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    16:01:30.0191 3240 mferkdet - ok
    16:01:30.0253 3240 [ AECD0C9ABDFDC61BE31163B624C4170F ] mfevtp C:\Windows\system32\mfevtps.exe
    16:01:30.0487 3240 mfevtp - ok
    16:01:30.0597 3240 [ 3140B2C56D7119BA314F68FC785683F0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    16:01:30.0815 3240 mfewfpk - ok
    16:01:30.0955 3240 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    16:01:31.0065 3240 MMCSS - ok
    16:01:31.0143 3240 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    16:01:31.0236 3240 Modem - ok
    16:01:31.0299 3240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:01:31.0361 3240 monitor - ok
    16:01:31.0423 3240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:01:31.0455 3240 mouclass - ok
    16:01:31.0501 3240 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:01:31.0564 3240 mouhid - ok
    16:01:31.0595 3240 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:01:31.0642 3240 mountmgr - ok
    16:01:31.0813 3240 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:01:32.0001 3240 MozillaMaintenance - ok
    16:01:32.0063 3240 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    16:01:32.0110 3240 mpio - ok
    16:01:32.0203 3240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:01:32.0297 3240 mpsdrv - ok
    16:01:32.0453 3240 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    16:01:32.0593 3240 MpsSvc - ok
    16:01:32.0656 3240 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:01:32.0827 3240 MRxDAV - ok
    16:01:32.0937 3240 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:01:33.0514 3240 mrxsmb - ok
    16:01:33.0701 3240 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:01:33.0904 3240 mrxsmb10 - ok
    16:01:33.0966 3240 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:01:34.0138 3240 mrxsmb20 - ok
    16:01:34.0169 3240 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    16:01:34.0200 3240 msahci - ok
    16:01:34.0247 3240 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    16:01:34.0294 3240 msdsm - ok
    16:01:34.0325 3240 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    16:01:34.0434 3240 MSDTC - ok
    16:01:34.0497 3240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:01:34.0590 3240 Msfs - ok
    16:01:34.0668 3240 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:01:34.0777 3240 mshidkmdf - ok
    16:01:34.0809 3240 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    16:01:34.0840 3240 msisadrv - ok
    16:01:34.0980 3240 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:01:35.0105 3240 MSiSCSI - ok
    16:01:35.0121 3240 msiserver - ok
    16:01:35.0167 3240 [ 458A013DF72EAAB91877FA03533E2C8B ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:01:40.0081 3240 MSK80Service - ok
    16:01:40.0237 3240 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:01:40.0409 3240 MSKSSRV - ok
    16:01:40.0440 3240 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:01:40.0565 3240 MSPCLOCK - ok
    16:01:40.0581 3240 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:01:40.0690 3240 MSPQM - ok
    16:01:40.0737 3240 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:01:40.0783 3240 MsRPC - ok
    16:01:40.0893 3240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    16:01:40.0908 3240 mssmbios - ok
    16:01:41.0220 3240 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:01:41.0329 3240 MSTEE - ok
    16:01:41.0517 3240 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    16:01:41.0610 3240 MTConfig - ok
    16:01:41.0657 3240 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:01:41.0688 3240 Mup - ok
    16:01:41.0751 3240 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
    16:01:41.0891 3240 mwlPSDFilter - ok
    16:01:41.0953 3240 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
    16:01:42.0078 3240 mwlPSDNServ - ok
    16:01:42.0156 3240 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
    16:01:42.0359 3240 mwlPSDVDisk - ok
    16:01:42.0546 3240 [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    16:01:42.0780 3240 MWLService - ok
    16:01:43.0108 3240 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    16:01:43.0295 3240 napagent - ok
    16:01:43.0560 3240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:01:43.0685 3240 NativeWifiP - ok
    16:01:43.0825 3240 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:01:43.0872 3240 NDIS - ok
    16:01:43.0966 3240 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:01:44.0106 3240 NdisCap - ok
    16:01:44.0215 3240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:01:44.0293 3240 NdisTapi - ok
    16:01:44.0371 3240 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:01:44.0496 3240 Ndisuio - ok
    16:01:44.0590 3240 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:01:44.0668 3240 NdisWan - ok
    16:01:44.0699 3240 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:01:44.0793 3240 NDProxy - ok
    16:01:44.0871 3240 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:01:45.0027 3240 NetBIOS - ok
    16:01:45.0245 3240 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:01:45.0479 3240 NetBT - ok
    16:01:45.0495 3240 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    16:01:45.0541 3240 Netlogon - ok
    16:01:45.0666 3240 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    16:01:45.0807 3240 Netman - ok
    16:01:46.0087 3240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:01:46.0696 3240 NetMsmqActivator - ok
    16:01:46.0836 3240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:01:46.0867 3240 NetPipeActivator - ok
    16:01:47.0008 3240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    16:01:47.0101 3240 netprofm - ok
    16:01:47.0226 3240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:01:47.0242 3240 NetTcpActivator - ok
    16:01:47.0273 3240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:01:47.0289 3240 NetTcpPortSharing - ok
    16:01:47.0413 3240 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    16:01:47.0445 3240 nfrd960 - ok
    16:01:47.0523 3240 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:01:47.0616 3240 NlaSvc - ok
    16:01:47.0710 3240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:01:47.0866 3240 Npfs - ok
    16:01:47.0928 3240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:01:48.0100 3240 nsi - ok
    16:01:48.0131 3240 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:01:48.0225 3240 nsiproxy - ok
    16:01:49.0738 3240 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:01:50.0221 3240 Ntfs - ok
    16:01:50.0736 3240 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    16:01:51.0017 3240 NTIBackupSvc - ok
    16:01:51.0126 3240 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
    16:01:54.0505 3240 NTIDrvr - ok
    16:01:54.0586 3240 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    16:01:54.0991 3240 NTISchedulerSvc - ok
    16:01:55.0447 3240 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    16:01:55.0619 3240 Null - ok
    16:01:56.0180 3240 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:01:56.0648 3240 nvraid - ok
    16:01:56.0913 3240 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:01:57.0101 3240 nvstor - ok
    16:01:57.0319 3240 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    16:01:57.0350 3240 nv_agp - ok
    16:01:57.0506 3240 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:01:57.0756 3240 odserv - ok
    16:01:57.0834 3240 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    16:01:57.0896 3240 ohci1394 - ok
    16:01:58.0005 3240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:01:58.0208 3240 ose - ok
    16:01:58.0255 3240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:01:58.0380 3240 p2pimsvc - ok
    16:01:58.0411 3240 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:01:58.0473 3240 p2psvc - ok
    16:01:58.0520 3240 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:01:58.0583 3240 Parport - ok
    16:01:58.0661 3240 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:01:58.0754 3240 partmgr - ok
    16:01:58.0801 3240 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:01:58.0926 3240 PcaSvc - ok
    16:01:59.0004 3240 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    16:01:59.0035 3240 pci - ok
    16:01:59.0066 3240 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    16:01:59.0097 3240 pciide - ok
    16:01:59.0144 3240 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:01:59.0207 3240 pcmcia - ok
    16:01:59.0222 3240 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:01:59.0269 3240 pcw - ok
    16:01:59.0456 3240 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    16:01:59.0612 3240 PDFProFiltSrvPP - ok
    16:01:59.0737 3240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:01:59.0893 3240 PEAUTH - ok
    16:02:00.0018 3240 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:02:00.0096 3240 PerfHost - ok
    16:02:00.0283 3240 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    16:02:00.0533 3240 pla - ok
    16:02:00.0626 3240 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:02:00.0751 3240 PlugPlay - ok
    16:02:00.0782 3240 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:02:00.0860 3240 PNRPAutoReg - ok
    16:02:00.0954 3240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:02:00.0985 3240 PNRPsvc - ok
    16:02:01.0094 3240 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:02:01.0219 3240 PolicyAgent - ok
    16:02:01.0281 3240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    16:02:01.0375 3240 Power - ok
    16:02:01.0437 3240 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:02:01.0515 3240 PptpMiniport - ok
    16:02:01.0547 3240 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    16:02:01.0625 3240 Processor - ok
    16:02:01.0718 3240 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    16:02:01.0921 3240 ProfSvc - ok
    16:02:01.0937 3240 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:02:01.0968 3240 ProtectedStorage - ok
    16:02:02.0030 3240 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:02:02.0124 3240 Psched - ok
    16:02:02.0186 3240 [ 8BD7C1DAACF386FAEFE92B9F19230E51 ] PTDLBus C:\Windows\system32\DRIVERS\PTDLBus.sys
    16:02:02.0436 3240 PTDLBus - ok
    16:02:02.0514 3240 [ B4CA2DC784740F6C02C65B0208AA5C89 ] PTDLMdm C:\Windows\system32\DRIVERS\PTDLMdm.sys
    16:02:02.0732 3240 PTDLMdm - ok
    16:02:02.0795 3240 [ 17788B6C7AB8DD099195BD0CD8F64679 ] PTDLVsp C:\Windows\system32\DRIVERS\PTDLVsp.sys
    16:02:03.0029 3240 PTDLVsp - ok
    16:02:03.0122 3240 [ 24735093A8AAEE9014BED6BE130D7FC6 ] PTDLWWAN C:\Windows\system32\DRIVERS\PTDLWWAN.sys
    16:02:03.0294 3240 PTDLWWAN - ok
    16:02:03.0419 3240 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    16:02:03.0543 3240 ql2300 - ok
    16:02:03.0621 3240 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    16:02:03.0653 3240 ql40xx - ok
    16:02:03.0731 3240 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:02:03.0793 3240 QWAVE - ok
    16:02:03.0902 3240 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:02:03.0965 3240 QWAVEdrv - ok
    16:02:04.0011 3240 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:02:04.0152 3240 RasAcd - ok
    16:02:04.0230 3240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:02:04.0308 3240 RasAgileVpn - ok
    16:02:04.0355 3240 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:02:04.0495 3240 RasAuto - ok
    16:02:04.0557 3240 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:02:04.0667 3240 Rasl2tp - ok
    16:02:04.0760 3240 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    16:02:04.0854 3240 RasMan - ok
    16:02:04.0994 3240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:02:05.0088 3240 RasPppoe - ok
    16:02:05.0119 3240 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:02:05.0213 3240 RasSstp - ok
    16:02:05.0306 3240 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:02:05.0400 3240 rdbss - ok
    16:02:05.0431 3240 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    16:02:05.0525 3240 rdpbus - ok
    16:02:05.0603 3240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:02:05.0665 3240 RDPCDD - ok
    16:02:05.0759 3240 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:02:05.0852 3240 RDPENCDD - ok
    16:02:05.0899 3240 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:02:05.0977 3240 RDPREFMP - ok
    16:02:06.0039 3240 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:02:06.0195 3240 RDPWD - ok
    16:02:06.0289 3240 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:02:06.0336 3240 rdyboost - ok
    16:02:06.0414 3240 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:02:06.0617 3240 RemoteAccess - ok
    16:02:06.0679 3240 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:02:06.0804 3240 RemoteRegistry - ok
    16:02:06.0991 3240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:02:07.0116 3240 RpcEptMapper - ok
    16:02:07.0241 3240 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    16:02:07.0287 3240 RpcLocator - ok
    16:02:07.0412 3240 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    16:02:07.0490 3240 RpcSs - ok
    16:02:07.0599 3240 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:02:07.0693 3240 rspndr - ok
    16:02:07.0771 3240 [ FB39AF63D6617F028BA0EBC21B83360D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    16:02:08.0021 3240 RSUSBSTOR - ok
    16:02:08.0052 3240 RtsUIR - ok
    16:02:08.0145 3240 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    16:02:08.0177 3240 SamSs - ok
    16:02:08.0255 3240 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    16:02:08.0286 3240 sbp2port - ok
    16:02:08.0364 3240 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:02:08.0535 3240 SCardSvr - ok
    16:02:08.0567 3240 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:02:08.0754 3240 scfilter - ok
    16:02:09.0003 3240 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    16:02:09.0253 3240 Schedule - ok
    16:02:09.0300 3240 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:02:09.0378 3240 SCPolicySvc - ok
    16:02:09.0487 3240 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:02:09.0612 3240 SDRSVC - ok
    16:02:09.0752 3240 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:02:09.0861 3240 secdrv - ok
    16:02:09.0955 3240 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    16:02:10.0064 3240 seclogon - ok
    16:02:10.0111 3240 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    16:02:10.0205 3240 SENS - ok
    16:02:10.0345 3240 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:02:10.0439 3240 SensrSvc - ok
    16:02:10.0517 3240 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:02:10.0563 3240 Serenum - ok
    16:02:10.0610 3240 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:02:10.0657 3240 Serial - ok
    16:02:10.0688 3240 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    16:02:10.0766 3240 sermouse - ok
    16:02:10.0844 3240 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    16:02:10.0922 3240 SessionEnv - ok
    16:02:10.0969 3240 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    16:02:11.0063 3240 sffdisk - ok
    16:02:11.0109 3240 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    16:02:11.0172 3240 sffp_mmc - ok
    16:02:11.0219 3240 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    16:02:11.0265 3240 sffp_sd - ok
    16:02:11.0328 3240 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    16:02:11.0375 3240 sfloppy - ok
    16:02:11.0499 3240 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    16:02:11.0624 3240 SharedAccess - ok
    16:02:11.0702 3240 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:02:11.0780 3240 ShellHWDetection - ok
    16:02:11.0905 3240 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:02:11.0952 3240 SiSRaid2 - ok
    16:02:12.0014 3240 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    16:02:12.0045 3240 SiSRaid4 - ok
    16:02:12.0092 3240 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:02:12.0170 3240 Smb - ok
    16:02:12.0248 3240 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:02:12.0311 3240 SNMPTRAP - ok
    16:02:12.0357 3240 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:02:12.0389 3240 spldr - ok
    16:02:12.0576 3240 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    16:02:12.0732 3240 Spooler - ok
    16:02:13.0075 3240 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    16:02:13.0231 3240 sppsvc - ok
    16:02:13.0325 3240 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:02:13.0465 3240 sppuinotify - ok
    16:02:13.0559 3240 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:02:13.0777 3240 srv - ok
    16:02:13.0808 3240 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:02:14.0042 3240 srv2 - ok
    16:02:14.0089 3240 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:02:14.0307 3240 srvnet - ok
    16:02:14.0495 3240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:02:14.0557 3240 SSDPSRV - ok
    16:02:14.0666 3240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:02:14.0760 3240 SstpSvc - ok
    16:02:14.0807 3240 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    16:02:14.0838 3240 stexstor - ok
    16:02:15.0009 3240 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    16:02:15.0056 3240 StillCam - ok
    16:02:15.0212 3240 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    16:02:15.0337 3240 stisvc - ok
    16:02:15.0477 3240 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    16:02:15.0524 3240 swenum - ok
    16:02:15.0665 3240 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    16:02:15.0821 3240 swprv - ok
    16:02:16.0273 3240 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    16:02:18.0987 3240 SynTP - ok
    16:02:20.0376 3240 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    16:02:20.0625 3240 SysMain - ok
    16:02:20.0735 3240 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:02:20.0875 3240 TabletInputService - ok
    16:02:20.0984 3240 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:02:21.0327 3240 TapiSrv - ok
    16:02:21.0390 3240 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    16:02:21.0499 3240 TBS - ok
    16:02:21.0717 3240 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:02:22.0045 3240 Tcpip - ok
    16:02:22.0279 3240 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:02:22.0341 3240 TCPIP6 - ok
    16:02:22.0419 3240 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:02:22.0513 3240 tcpipreg - ok
    16:02:22.0669 3240 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:02:22.0778 3240 TDPIPE - ok
    16:02:22.0856 3240 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:02:23.0121 3240 TDTCP - ok
    16:02:23.0215 3240 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:02:23.0340 3240 tdx - ok
    16:02:23.0402 3240 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    16:02:23.0433 3240 TermDD - ok
    16:02:23.0636 3240 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    16:02:23.0870 3240 TermService - ok
    16:02:23.0933 3240 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    16:02:24.0042 3240 Themes - ok
    16:02:24.0089 3240 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    16:02:24.0167 3240 THREADORDER - ok
    16:02:24.0260 3240 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    16:02:24.0463 3240 TrkWks - ok
    16:02:24.0541 3240 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:02:24.0588 3240 TrustedInstaller - ok
    16:02:24.0619 3240 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:02:24.0853 3240 tssecsrv - ok
    16:02:25.0025 3240 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:02:25.0149 3240 tunnel - ok
    16:02:25.0181 3240 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    16:02:25.0212 3240 uagp35 - ok
    16:02:25.0274 3240 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
    16:02:25.0508 3240 UBHelper - ok
    16:02:25.0571 3240 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:02:25.0758 3240 udfs - ok
    16:02:25.0820 3240 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:02:25.0867 3240 UI0Detect - ok
    16:02:25.0945 3240 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    16:02:25.0976 3240 uliagpkx - ok
    16:02:26.0039 3240 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    16:02:26.0101 3240 umbus - ok
    16:02:26.0148 3240 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    16:02:26.0226 3240 UmPass - ok
    16:02:26.0460 3240 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    16:02:27.0115 3240 Updater Service - ok
    16:02:27.0193 3240 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    16:02:27.0318 3240 upnphost - ok
    16:02:27.0365 3240 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:02:27.0677 3240 usbccgp - ok
    16:02:27.0692 3240 USBCCID - ok
    16:02:27.0817 3240 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    16:02:27.0895 3240 usbcir - ok
    16:02:27.0989 3240 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    16:02:28.0129 3240 usbehci - ok
    16:02:28.0191 3240 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    16:02:28.0878 3240 usbfilter - ok
    16:02:29.0003 3240 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:02:29.0159 3240 usbhub - ok
    16:02:29.0221 3240 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    16:02:29.0439 3240 usbohci - ok
    16:02:29.0517 3240 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:02:29.0798 3240 usbprint - ok
    16:02:29.0861 3240 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:02:31.0327 3240 USBSTOR - ok
    16:02:31.0545 3240 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    16:02:32.0466 3240 usbuhci - ok
    16:02:32.0591 3240 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    16:02:32.0903 3240 usbvideo - ok
    16:02:32.0996 3240 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    16:02:33.0121 3240 UxSms - ok
    16:02:33.0152 3240 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    16:02:33.0215 3240 VaultSvc - ok
    16:02:33.0324 3240 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    16:02:33.0371 3240 vdrvroot - ok
    16:02:33.0449 3240 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    16:02:33.0589 3240 vds - ok
    16:02:33.0636 3240 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:02:33.0698 3240 vga - ok
    16:02:33.0776 3240 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:02:33.0901 3240 VgaSave - ok
    16:02:33.0963 3240 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    16:02:34.0010 3240 vhdmp - ok
    16:02:34.0057 3240 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    16:02:34.0088 3240 viaide - ok
    16:02:34.0119 3240 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    16:02:34.0151 3240 volmgr - ok
    16:02:34.0197 3240 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:02:34.0291 3240 volmgrx - ok
    16:02:34.0369 3240 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:02:34.0619 3240 volsnap - ok
    16:02:34.0712 3240 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    16:02:34.0759 3240 vsmraid - ok
    16:02:34.0993 3240 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    16:02:35.0211 3240 VSS - ok
    16:02:35.0274 3240 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    16:02:35.0477 3240 vwifibus - ok
    16:02:35.0586 3240 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    16:02:35.0664 3240 vwififlt - ok
    16:02:35.0789 3240 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    16:02:35.0882 3240 W32Time - ok
    16:02:36.0054 3240 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    16:02:36.0179 3240 WacomPen - ok
    16:02:36.0303 3240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:02:36.0397 3240 WANARP - ok
    16:02:36.0584 3240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:02:36.0678 3240 Wanarpv6 - ok
    16:02:36.0959 3240 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:02:37.0099 3240 WatAdminSvc - ok
    16:02:37.0567 3240 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    16:02:37.0801 3240 wbengine - ok
    16:02:37.0863 3240 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:02:37.0926 3240 WbioSrvc - ok
    16:02:38.0051 3240 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:02:38.0363 3240 wcncsvc - ok
    16:02:38.0550 3240 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:02:38.0643 3240 WcsPlugInService - ok
    16:02:38.0721 3240 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    16:02:38.0768 3240 Wd - ok
    16:02:39.0018 3240 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:02:39.0189 3240 Wdf01000 - ok
    16:02:39.0314 3240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:02:39.0408 3240 WdiServiceHost - ok
    16:02:39.0439 3240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:02:39.0470 3240 WdiSystemHost - ok
    16:02:39.0564 3240 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    16:02:39.0845 3240 WebClient - ok
    16:02:40.0203 3240 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:02:40.0328 3240 Wecsvc - ok
    16:02:40.0406 3240 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:02:40.0484 3240 wercplsupport - ok
    16:02:40.0656 3240 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:02:40.0765 3240 WerSvc - ok
    16:02:40.0859 3240 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:02:40.0983 3240 WfpLwf - ok
    16:02:41.0030 3240 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:02:41.0061 3240 WIMMount - ok
    16:02:41.0108 3240 WinDefend - ok
    16:02:41.0171 3240 WinHttpAutoProxySvc - ok
    16:02:41.0389 3240 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:02:41.0561 3240 Winmgmt - ok
    16:02:41.0795 3240 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    16:02:42.0060 3240 WinRM - ok
    16:02:42.0169 3240 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    16:02:42.0325 3240 WinUsb - ok
    16:02:42.0512 3240 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:02:42.0668 3240 Wlansvc - ok
    16:02:42.0777 3240 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:02:42.0871 3240 wlcrasvc - ok
    16:02:43.0745 3240 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:02:44.0353 3240 wlidsvc - ok
    16:02:44.0540 3240 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    16:02:44.0603 3240 WmiAcpi - ok
    16:02:44.0712 3240 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:02:44.0837 3240 wmiApSrv - ok
    16:02:44.0915 3240 WMPNetworkSvc - ok
    16:02:45.0117 3240 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:02:45.0180 3240 WPCSvc - ok
    16:02:45.0258 3240 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:02:45.0383 3240 WPDBusEnum - ok
    16:02:45.0461 3240 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:02:45.0539 3240 ws2ifsl - ok
    16:02:45.0632 3240 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
    16:02:45.0726 3240 wscsvc - ok
    16:02:45.0741 3240 WSearch - ok
    16:02:46.0163 3240 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    16:02:46.0272 3240 wuauserv - ok
    16:02:46.0397 3240 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:02:46.0584 3240 WudfPf - ok
    16:02:46.0740 3240 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:02:46.0958 3240 WUDFRd - ok
    16:02:47.0021 3240 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:02:47.0223 3240 wudfsvc - ok
    16:02:47.0286 3240 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:02:47.0379 3240 WwanSvc - ok
    16:02:47.0426 3240 ================ Scan global ===============================
    16:02:47.0582 3240 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    16:02:47.0660 3240 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
    16:02:47.0676 3240 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
    16:02:47.0801 3240 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    16:02:47.0925 3240 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    16:02:47.0941 3240 [Global] - ok
    16:02:47.0941 3240 ================ Scan MBR ==================================
    16:02:47.0941 3240 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    16:02:47.0957 3240 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    16:02:48.0097 3240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    16:02:48.0097 3240 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    16:02:48.0206 3240 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    16:02:48.0206 3240 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    16:02:48.0222 3240 ================ Scan VBR ==================================
    16:02:48.0222 3240 [ 42E6284647EDFBB932566B6C5739EB20 ] \Device\Harddisk0\DR0\Partition1
    16:02:48.0222 3240 \Device\Harddisk0\DR0\Partition1 - ok
    16:02:48.0269 3240 [ 8B4F59DCB47223DCD49A3941CF1390DC ] \Device\Harddisk0\DR0\Partition2
    16:02:48.0269 3240 \Device\Harddisk0\DR0\Partition2 - ok
    16:02:48.0269 3240 ================ Scan active images ========================
    16:02:48.0284 3240 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
    16:02:48.0284 3240 C:\Windows\System32\drivers\crashdmp.sys - ok
    16:02:48.0284 3240 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
    16:02:48.0284 3240 C:\Windows\System32\drivers\Dumpata.sys - ok
    16:02:48.0300 3240 [ 5C37497276E3B3A5488B23A326A754B7 ] C:\Windows\System32\drivers\msahci.sys
    16:02:48.0300 3240 C:\Windows\System32\drivers\msahci.sys - ok
    16:02:48.0315 3240 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
    16:02:48.0315 3240 C:\Windows\System32\drivers\dumpfve.sys - ok
    16:02:48.0331 3240 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
    16:02:48.0331 3240 C:\Windows\System32\drivers\beep.sys - ok
    16:02:48.0331 3240 [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
    16:02:48.0331 3240 C:\Windows\System32\drivers\cdrom.sys - ok
    16:02:48.0347 3240 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] C:\Windows\System32\drivers\mwlPSDFilter.sys
    16:02:48.0347 3240 C:\Windows\System32\drivers\mwlPSDFilter.sys - ok
    16:02:48.0362 3240 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
    16:02:48.0362 3240 C:\Windows\System32\drivers\null.sys - ok
    16:02:48.0362 3240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
    16:02:48.0378 3240 C:\Windows\System32\drivers\RDPCDD.sys - ok
    16:02:48.0378 3240 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
    16:02:48.0378 3240 C:\Windows\System32\drivers\vga.sys - ok
    16:02:48.0393 3240 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
    16:02:48.0393 3240 C:\Windows\System32\drivers\videoprt.sys - ok
    16:02:48.0409 3240 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
    16:02:48.0409 3240 C:\Windows\System32\drivers\watchdog.sys - ok
    16:02:48.0409 3240 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
    16:02:48.0409 3240 C:\Windows\System32\drivers\RDPENCDD.sys - ok
    16:02:48.0425 3240 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
    16:02:48.0425 3240 C:\Windows\System32\drivers\RDPREFMP.sys - ok
    16:02:48.0440 3240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
    16:02:48.0440 3240 C:\Windows\System32\drivers\msfs.sys - ok
    16:02:48.0456 3240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
    16:02:48.0456 3240 C:\Windows\System32\drivers\npfs.sys - ok
    16:02:48.0456 3240 [ 2FFDCD3E5ABAC88C3C193F3AC3360ED9 ] C:\Windows\System32\drivers\FWPKCLNT.SYS
    16:02:48.0456 3240 C:\Windows\System32\drivers\FWPKCLNT.SYS - ok
    16:02:48.0471 3240 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] C:\Windows\System32\drivers\tcpip.sys
    16:02:48.0471 3240 C:\Windows\System32\drivers\tcpip.sys - ok
    16:02:48.0487 3240 [ 3140B2C56D7119BA314F68FC785683F0 ] C:\Windows\System32\drivers\mfewfpk.sys
    16:02:48.0487 3240 C:\Windows\System32\drivers\mfewfpk.sys - ok
    16:02:48.0503 3240 [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
    16:02:48.0503 3240 C:\Windows\System32\drivers\tdi.sys - ok
    16:02:48.0503 3240 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
    16:02:48.0503 3240 C:\Windows\System32\drivers\tdx.sys - ok
    16:02:48.0518 3240 [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
    16:02:48.0518 3240 C:\Windows\System32\drivers\netbt.sys - ok
    16:02:48.0534 3240 [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys
    16:02:48.0534 3240 C:\Windows\System32\drivers\afd.sys - ok
    16:02:48.0534 3240 [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
    16:02:48.0534 3240 C:\Windows\System32\drivers\pacer.sys - ok
    16:02:48.0549 3240 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
    16:02:48.0549 3240 C:\Windows\System32\drivers\wfplwf.sys - ok
    16:02:48.0565 3240 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
    16:02:48.0565 3240 C:\Windows\System32\drivers\vwififlt.sys - ok
    16:02:48.0581 3240 [ 23AE332E32FF615CA5E5224C8D91AF11 ] C:\Windows\System32\drivers\mfenlfk.sys
    16:02:48.0581 3240 C:\Windows\System32\drivers\mfenlfk.sys - ok
    16:02:48.0581 3240 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
    16:02:48.0581 3240 C:\Windows\System32\drivers\netbios.sys - ok
    16:02:48.0596 3240 [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
    16:02:48.0596 3240 C:\Windows\System32\drivers\termdd.sys - ok
    16:02:48.0612 3240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
    16:02:48.0612 3240 C:\Windows\System32\drivers\wanarp.sys - ok
    16:02:48.0612 3240 [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
    16:02:48.0612 3240 C:\Windows\System32\drivers\rdbss.sys - ok
    16:02:48.0627 3240 [ 0BEFE32CA56D6EE89D58175725596A85 ] C:\Windows\System32\drivers\mwlPSDNserv.sys
    16:02:48.0627 3240 C:\Windows\System32\drivers\mwlPSDNserv.sys - ok
    16:02:48.0643 3240 [ D43BC633B8660463E446E28E14A51262 ] C:\Windows\System32\drivers\mwlPSDVDisk.sys
    16:02:48.0643 3240 C:\Windows\System32\drivers\mwlPSDVDisk.sys - ok
    16:02:48.0659 3240 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
    16:02:48.0659 3240 C:\Windows\System32\drivers\nsiproxy.sys - ok
    16:02:48.0659 3240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
    16:02:48.0659 3240 C:\Windows\System32\drivers\discache.sys - ok
    16:02:48.0674 3240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
    16:02:48.0674 3240 C:\Windows\System32\drivers\mssmbios.sys - ok
    16:02:48.0690 3240 [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
    16:02:48.0690 3240 C:\Windows\System32\drivers\dfsc.sys - ok
    16:02:48.0690 3240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
    16:02:48.0690 3240 C:\Windows\System32\drivers\blbdrive.sys - ok
    16:02:48.0705 3240 [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
    16:02:48.0705 3240 C:\Windows\System32\drivers\tunnel.sys - ok
    16:02:48.0721 3240 [ 7024F087CFF1833A806193EF9D22CDA9 ] C:\Windows\System32\drivers\amdk8.sys
    16:02:48.0721 3240 C:\Windows\System32\drivers\amdk8.sys - ok
    16:02:48.0737 3240 [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll
    16:02:48.0737 3240 C:\Windows\System32\ntdll.dll - ok
    16:02:48.0737 3240 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
    16:02:48.0737 3240 C:\Windows\System32\smss.exe - ok
    16:02:48.0752 3240 [ 8B7F8E882A649D81CEA1EDE9BBB68FFF ] C:\Windows\System32\autochk.exe
    16:02:48.0752 3240 C:\Windows\System32\autochk.exe - ok
    16:02:48.0768 3240 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] C:\Windows\System32\drivers\atikmdag.sys
    16:02:48.0768 3240 C:\Windows\System32\drivers\atikmdag.sys - ok
    16:02:48.0768 3240 [ 1633B9ABF52784A1331476397A48CBEF ] C:\Windows\System32\drivers\dxgkrnl.sys
    16:02:48.0768 3240 C:\Windows\System32\drivers\dxgkrnl.sys - ok
    16:02:48.0783 3240 [ 3238B9078E0766AB5E62DC737A809ADB ] C:\Windows\System32\drivers\dxgmms1.sys
    16:02:48.0783 3240 C:\Windows\System32\drivers\dxgmms1.sys - ok
    16:02:48.0799 3240 [ B2C3A8618867404475228F7DD260698B ] C:\Windows\System32\drivers\athrx.sys
    16:02:48.0799 3240 C:\Windows\System32\drivers\athrx.sys - ok
    16:02:48.0815 3240 [ 2377EC4CC3E356655B996F39B43486B6 ] C:\Windows\System32\drivers\L1C62x64.sys
    16:02:48.0815 3240 C:\Windows\System32\drivers\L1C62x64.sys - ok
    16:02:48.0830 3240 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
    16:02:48.0830 3240 C:\Windows\System32\drivers\vwifibus.sys - ok
    16:02:48.0830 3240 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] C:\Windows\System32\drivers\NTIDrvr.sys
    16:02:48.0830 3240 C:\Windows\System32\drivers\NTIDrvr.sys - ok
    16:02:48.0846 3240 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] C:\Windows\System32\drivers\UBHelper.sys
    16:02:48.0846 3240 C:\Windows\System32\drivers\UBHelper.sys - ok
    16:02:48.0861 3240 [ BBF36EB7117F6B976975C9D8D877DF18 ] C:\Windows\System32\drivers\usbport.sys
    16:02:48.0861 3240 C:\Windows\System32\drivers\usbport.sys - ok
    16:02:48.0861 3240 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] C:\Windows\System32\drivers\usbohci.sys
    16:02:48.0861 3240 C:\Windows\System32\drivers\usbohci.sys - ok
    16:02:48.0877 3240 [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
    16:02:48.0877 3240 C:\Windows\System32\drivers\hdaudbus.sys - ok
    16:02:48.0893 3240 [ 92969BA5AC44E229C55A332864F79677 ] C:\Windows\System32\drivers\usbehci.sys
    16:02:48.0893 3240 C:\Windows\System32\drivers\usbehci.sys - ok
    16:02:48.0908 3240 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] C:\Windows\System32\drivers\usbfilter.sys
    16:02:48.0908 3240 C:\Windows\System32\drivers\usbfilter.sys - ok
    16:02:48.0908 3240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
    16:02:48.0908 3240 C:\Windows\System32\drivers\i8042prt.sys - ok
    16:02:48.0924 3240 [ D5BCB77BE83CF99F508943945D46343D ] C:\Windows\SysWOW64\drivers\DKbFltr.sys
    16:02:48.0924 3240 C:\Windows\SysWOW64\drivers\DKbFltr.sys - ok
    16:02:48.0939 3240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
    16:02:48.0939 3240 C:\Windows\System32\drivers\kbdclass.sys - ok
    16:02:48.0939 3240 [ 70B5A5A7E0DDD5EBAF6E35B7257A6B9D ] C:\Windows\System32\drivers\usbd.sys
    16:02:48.0939 3240 C:\Windows\System32\drivers\usbd.sys - ok
    16:02:48.0955 3240 [ BCF305959B53B200CEB2AD25AD22F8A7 ] C:\Windows\System32\drivers\SynTP.sys
    16:02:48.0955 3240 C:\Windows\System32\drivers\SynTP.sys - ok
    16:02:48.0971 3240 [ 43DB3433F141F01E53D1C5AA0F434098 ] C:\Windows\System32\kernel32.dll
    16:02:48.0971 3240 C:\Windows\System32\kernel32.dll - ok
    16:02:48.0986 3240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
    16:02:48.0986 3240 C:\Windows\System32\drivers\mouclass.sys - ok
    16:02:48.0986 3240 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
    16:02:48.0986 3240 C:\Windows\System32\drivers\wmiacpi.sys - ok
    16:02:49.0002 3240 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
    16:02:49.0002 3240 C:\Windows\System32\drivers\CmBatt.sys - ok
    16:02:49.0017 3240 [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
    16:02:49.0017 3240 C:\Windows\System32\drivers\CompositeBus.sys - ok
    16:02:49.0033 3240 [ DECACB6921DED1A38642642685D77DAC ] C:\Windows\System32\drivers\serscan.sys
    16:02:49.0033 3240 C:\Windows\System32\drivers\serscan.sys - ok
    16:02:49.0049 3240 [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys
    16:02:49.0049 3240 C:\Windows\System32\drivers\ks.sys - ok
    16:02:49.0049 3240 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
    16:02:49.0049 3240 C:\Windows\System32\drivers\ksthunk.sys - ok
    16:02:49.0064 3240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
    16:02:49.0064 3240 C:\Windows\System32\drivers\agilevpn.sys - ok
    16:02:49.0080 3240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
    16:02:49.0080 3240 C:\Windows\System32\drivers\ndistapi.sys - ok
    16:02:49.0080 3240 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
    16:02:49.0080 3240 C:\Windows\System32\drivers\ndiswan.sys - ok
    16:02:49.0095 3240 [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
    16:02:49.0095 3240 C:\Windows\System32\drivers\rasl2tp.sys - ok
    16:02:49.0111 3240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
    16:02:49.0111 3240 C:\Windows\System32\drivers\raspppoe.sys - ok
    16:02:49.0127 3240 [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
    16:02:49.0127 3240 C:\Windows\System32\drivers\raspptp.sys - ok
    16:02:49.0127 3240 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
    16:02:49.0127 3240 C:\Windows\System32\drivers\rassstp.sys - ok
    16:02:49.0142 3240 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
    16:02:49.0142 3240 C:\Windows\System32\drivers\swenum.sys - ok
    16:02:49.0158 3240 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
    16:02:49.0158 3240 C:\Windows\System32\drivers\umbus.sys - ok
    16:02:49.0173 3240 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] C:\Windows\System32\drivers\usbhub.sys
    16:02:49.0173 3240 C:\Windows\System32\drivers\usbhub.sys - ok
    16:02:49.0173 3240 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
    16:02:49.0173 3240 C:\Windows\System32\advapi32.dll - ok
    16:02:49.0189 3240 [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
    16:02:49.0189 3240 C:\Windows\System32\drivers\ndproxy.sys - ok
    16:02:49.0205 3240 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
    16:02:49.0205 3240 C:\Windows\System32\drivers\drmk.sys - ok
    16:02:49.0205 3240 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
    16:02:49.0205 3240 C:\Windows\System32\drivers\portcls.sys - ok
    16:02:49.0220 3240 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] C:\Windows\System32\drivers\RTKVHD64.sys
    16:02:49.0220 3240 C:\Windows\System32\drivers\RTKVHD64.sys - ok
    16:02:49.0236 3240 [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
    16:02:49.0236 3240 C:\Windows\System32\user32.dll - ok
    16:02:49.0251 3240 [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
    16:02:49.0251 3240 C:\Windows\System32\ws2_32.dll - ok
    16:02:49.0251 3240 [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
    16:02:49.0251 3240 C:\Windows\System32\ole32.dll - ok
    16:02:49.0267 3240 [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll
    16:02:49.0267 3240 C:\Windows\System32\oleaut32.dll - ok
    16:02:49.0283 3240 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
    16:02:49.0283 3240 C:\Windows\System32\clbcatq.dll - ok
    16:02:49.0283 3240 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
    16:02:49.0283 3240 C:\Windows\System32\msctf.dll - ok
    16:02:49.0298 3240 [ CDFCA9C3AA9E95CA2FA2D998BBFC3E92 ] C:\Windows\System32\urlmon.dll
    16:02:49.0298 3240 C:\Windows\System32\urlmon.dll - ok
    16:02:49.0314 3240 [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
    16:02:49.0314 3240 C:\Windows\System32\msvcrt.dll - ok
    16:02:49.0314 3240 [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
    16:02:49.0314 3240 C:\Windows\System32\gdi32.dll - ok
    16:02:49.0329 3240 [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
    16:02:49.0329 3240 C:\Windows\System32\comdlg32.dll - ok
    16:02:49.0345 3240 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
    16:02:49.0345 3240 C:\Windows\System32\psapi.dll - ok
    16:02:49.0361 3240 [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
    16:02:49.0361 3240 C:\Windows\System32\setupapi.dll - ok
    16:02:49.0361 3240 [ 7B0C153254450192EAD602B992009F72 ] C:\Windows\System32\wininet.dll
    16:02:49.0361 3240 C:\Windows\System32\wininet.dll - ok
    16:02:49.0376 3240 [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll
    16:02:49.0376 3240 C:\Windows\System32\imagehlp.dll - ok
    16:02:49.0392 3240 [ BD09B1361E5945A0ED2E25B8FEA33401 ] C:\Windows\System32\iertutil.dll
    16:02:49.0392 3240 C:\Windows\System32\iertutil.dll - ok
    16:02:49.0392 3240 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
    16:02:49.0392 3240 C:\Windows\System32\lpk.dll - ok
    16:02:49.0407 3240 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
    16:02:49.0407 3240 C:\Windows\System32\difxapi.dll - ok
    16:02:49.0423 3240 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
    16:02:49.0423 3240 C:\Windows\System32\imm32.dll - ok
    16:02:49.0423 3240 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
    16:02:49.0423 3240 C:\Windows\System32\nsi.dll - ok
    16:02:49.0439 3240 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
    16:02:49.0439 3240 C:\Windows\System32\normaliz.dll - ok
    16:02:49.0454 3240 [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
    16:02:49.0454 3240 C:\Windows\System32\Wldap32.dll - ok
    16:02:49.0470 3240 [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll
    16:02:49.0470 3240 C:\Windows\System32\shell32.dll - ok
    16:02:49.0470 3240 [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
    16:02:49.0470 3240 C:\Windows\System32\rpcrt4.dll - ok
    16:02:49.0485 3240 [ 8857EE8B49F3338FC1FAD476BFCCA146 ] C:\Windows\System32\drivers\mfeavfk.sys
    16:02:49.0485 3240 C:\Windows\System32\drivers\mfeavfk.sys - ok
    16:02:49.0501 3240 [ 19C44295F6BF085C83352D48397F7870 ] C:\Windows\System32\drivers\mfefirek.sys
    16:02:49.0501 3240 C:\Windows\System32\drivers\mfefirek.sys - ok
    16:02:49.0501 3240 [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
    16:02:49.0501 3240 C:\Windows\System32\shlwapi.dll - ok
    16:02:49.0517 3240 [ BD5153969C41F697E23B9A43EF9228CE ] C:\Windows\System32\usp10.dll
    16:02:49.0517 3240 C:\Windows\System32\usp10.dll - ok
    16:02:49.0532 3240 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
    16:02:49.0532 3240 C:\Windows\System32\comctl32.dll - ok
    16:02:49.0548 3240 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
    16:02:49.0548 3240 C:\Windows\System32\sechost.dll - ok
    16:02:49.0548 3240 [ D256EB74BF77026FC9A3D7193861C7AD ] C:\Windows\System32\crypt32.dll
    16:02:49.0548 3240 C:\Windows\System32\crypt32.dll - ok
    16:02:49.0563 3240 [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
    16:02:49.0563 3240 C:\Windows\System32\cfgmgr32.dll - ok
    16:02:49.0579 3240 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
    16:02:49.0579 3240 C:\Windows\System32\devobj.dll - ok
    16:02:49.0579 3240 [ C5097B45DE21ADF2469B69DFC64DCE55 ] C:\Windows\System32\KernelBase.dll
    16:02:49.0579 3240 C:\Windows\System32\KernelBase.dll - ok
    16:02:49.0595 3240 [ 987508ED06FC097E754A91BA8A8AAD0E ] C:\Windows\System32\wintrust.dll
    16:02:49.0595 3240 C:\Windows\System32\wintrust.dll - ok
    16:02:49.0610 3240 [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
    16:02:49.0610 3240 C:\Windows\System32\msasn1.dll - ok
    16:02:49.0626 3240 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
    16:02:49.0626 3240 C:\Windows\SysWOW64\normaliz.dll - ok
    16:02:49.0626 3240 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
    16:02:49.0626 3240 C:\Windows\System32\drivers\dxapi.sys - ok
    16:02:49.0641 3240 [ 4B8FAB281A9310C45A4F65378E5F7D81 ] C:\Windows\System32\win32k.sys
    16:02:49.0641 3240 C:\Windows\System32\win32k.sys - ok
    16:02:49.0657 3240 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
    16:02:49.0657 3240 C:\Windows\System32\csrss.exe - ok
    16:02:49.0657 3240 [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
    16:02:49.0657 3240 C:\Windows\System32\csrsrv.dll - ok
    16:02:49.0673 3240 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
    16:02:49.0673 3240 C:\Windows\System32\basesrv.dll - ok
    16:02:49.0688 3240 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\System32\winsrv.dll
    16:02:49.0688 3240 C:\Windows\System32\winsrv.dll - ok
    16:02:49.0704 3240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
    16:02:49.0704 3240 C:\Windows\System32\drivers\monitor.sys - ok
    16:02:49.0704 3240 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
    16:02:49.0704 3240 C:\Windows\System32\tsddd.dll - ok
    16:02:49.0719 3240 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
    16:02:49.0719 3240 C:\Windows\System32\sxssrv.dll - ok
    16:02:49.0735 3240 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
    16:02:49.0735 3240 C:\Windows\System32\wininit.exe - ok
    16:02:49.0735 3240 [ 100BDF2F89D6056CEE900BB6156DA737 ] C:\Windows\System32\cdd.dll
    16:02:49.0735 3240 C:\Windows\System32\cdd.dll - ok
    16:02:49.0751 3240 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
    16:02:49.0751 3240 C:\Windows\System32\profapi.dll - ok
    16:02:49.0766 3240 [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
    16:02:49.0766 3240 C:\Windows\System32\RpcRtRemote.dll - ok
    16:02:49.0766 3240 [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
    16:02:49.0766 3240 C:\Windows\System32\KBDUS.DLL - ok
    16:02:49.0782 3240 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
    16:02:49.0782 3240 C:\Windows\System32\WlS0WndH.dll - ok
    16:02:49.0797 3240 [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
    16:02:49.0797 3240 C:\Windows\System32\sxs.dll - ok
    16:02:49.0797 3240 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
    16:02:49.0797 3240 C:\Windows\System32\cryptbase.dll - ok
    16:02:49.0813 3240 [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
    16:02:49.0813 3240 C:\Windows\System32\apphelp.dll - ok
    16:02:49.0829 3240 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
    16:02:49.0829 3240 C:\Windows\System32\services.exe - ok
    16:02:49.0844 3240 [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe
    16:02:49.0844 3240 C:\Windows\System32\lsass.exe - ok
    16:02:49.0844 3240 [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
    16:02:49.0844 3240 C:\Windows\System32\lsm.exe - ok
    16:02:49.0860 3240 [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe
    16:02:49.0860 3240 C:\Windows\System32\winlogon.exe - ok
    16:02:49.0875 3240 [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll
    16:02:49.0875 3240 C:\Windows\System32\sspicli.dll - ok
    16:02:49.0891 3240 [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll
    16:02:49.0891 3240 C:\Windows\System32\sspisrv.dll - ok
    16:02:49.0891 3240 [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll
    16:02:49.0891 3240 C:\Windows\System32\winsta.dll - ok
    16:02:49.0907 3240 [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll
    16:02:49.0907 3240 C:\Windows\System32\lsasrv.dll - ok
    16:02:49.0922 3240 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
    16:02:49.0922 3240 C:\Windows\System32\sysntfy.dll - ok
    16:02:49.0922 3240 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
    16:02:49.0922 3240 C:\Windows\System32\wmsgapi.dll - ok
    16:02:49.0938 3240 [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
    16:02:49.0938 3240 C:\Windows\System32\samsrv.dll - ok
    16:02:49.0953 3240 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
    16:02:49.0953 3240 C:\Windows\System32\cryptdll.dll - ok
    16:02:49.0969 3240 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
    16:02:49.0969 3240 C:\Windows\System32\wevtapi.dll - ok
    16:02:49.0969 3240 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
    16:02:49.0969 3240 C:\Windows\System32\authz.dll - ok
    16:02:49.0985 3240 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
    16:02:49.0985 3240 C:\Windows\System32\cngaudit.dll - ok
    16:02:50.0000 3240 [ E2D60E901428A72BB47931C938A1ED95 ] C:\Windows\System32\ncrypt.dll
    16:02:50.0000 3240 C:\Windows\System32\ncrypt.dll - ok
    16:02:50.0000 3240 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
    16:02:50.0000 3240 C:\Windows\System32\scext.dll - ok
    16:02:50.0016 3240 [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
    16:02:50.0016 3240 C:\Windows\System32\scesrv.dll - ok
    16:02:50.0031 3240 [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll
    16:02:50.0031 3240 C:\Windows\System32\secur32.dll - ok
    16:02:50.0031 3240 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
    16:02:50.0031 3240 C:\Windows\System32\bcrypt.dll - ok
    16:02:50.0047 3240 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
    16:02:50.0047 3240 C:\Windows\System32\msprivs.dll - ok
    16:02:50.0063 3240 [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
    16:02:50.0063 3240 C:\Windows\System32\netjoin.dll - ok
    16:02:50.0078 3240 [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
    16:02:50.0078 3240 C:\Windows\System32\srvcli.dll - ok
    16:02:50.0078 3240 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
    16:02:50.0078 3240 C:\Windows\System32\negoexts.dll - ok
    16:02:50.0094 3240 [ 00B40A10E3DB79E4D3E127B9C2233A6B ] C:\Windows\System32\kerberos.dll
    16:02:50.0094 3240 C:\Windows\System32\kerberos.dll - ok
    16:02:50.0109 3240 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
    16:02:50.0109 3240 C:\Windows\System32\cryptsp.dll - ok
    16:02:50.0109 3240 [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
    16:02:50.0109 3240 C:\Windows\System32\mswsock.dll - ok
    16:02:50.0125 3240 [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
    16:02:50.0125 3240 C:\Windows\System32\msv1_0.dll - ok
    16:02:50.0141 3240 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
    16:02:50.0141 3240 C:\Windows\System32\wship6.dll - ok
    16:02:50.0156 3240 [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
    16:02:50.0156 3240 C:\Windows\System32\netlogon.dll - ok
    16:02:50.0156 3240 [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
    16:02:50.0156 3240 C:\Windows\System32\dnsapi.dll - ok
    16:02:50.0172 3240 [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
    16:02:50.0172 3240 C:\Windows\System32\logoncli.dll - ok
    16:02:50.0187 3240 [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll
    16:02:50.0187 3240 C:\Windows\System32\schannel.dll - ok
    16:02:50.0187 3240 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
    16:02:50.0187 3240 C:\Windows\System32\wdigest.dll - ok
    16:02:50.0203 3240 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
    16:02:50.0203 3240 C:\Windows\System32\rsaenh.dll - ok
    16:02:50.0219 3240 [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
    16:02:50.0219 3240 C:\Windows\System32\TSpkg.dll - ok
    16:02:50.0219 3240 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
    16:02:50.0219 3240 C:\Windows\System32\pku2u.dll - ok
    16:02:50.0234 3240 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
    16:02:50.0234 3240 C:\Windows\System32\LIVESSP.DLL - ok
    16:02:50.0250 3240 [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
    16:02:50.0250 3240 C:\Windows\System32\bcryptprimitives.dll - ok
    16:02:50.0265 3240 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
    16:02:50.0265 3240 C:\Windows\System32\efslsaext.dll - ok
    16:02:50.0265 3240 [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
    16:02:50.0265 3240 C:\Windows\System32\credssp.dll - ok
    16:02:50.0281 3240 [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
    16:02:50.0281 3240 C:\Windows\System32\scecli.dll - ok
    16:02:50.0297 3240 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
    16:02:50.0297 3240 C:\Windows\System32\ubpm.dll - ok
    16:02:50.0297 3240 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
    16:02:50.0297 3240 C:\Windows\System32\svchost.exe - ok
    16:02:50.0312 3240 [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll
    16:02:50.0312 3240 C:\Windows\System32\umpnpmgr.dll - ok
    16:02:50.0328 3240 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
    16:02:50.0328 3240 C:\Windows\System32\SPInf.dll - ok
    16:02:50.0328 3240 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
    16:02:50.0328 3240 C:\Windows\System32\devrtl.dll - ok
    16:02:50.0343 3240 [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll
    16:02:50.0343 3240 C:\Windows\System32\userenv.dll - ok
    16:02:50.0359 3240 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
    16:02:50.0359 3240 C:\Windows\System32\gpapi.dll - ok
    16:02:50.0375 3240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
    16:02:50.0375 3240 C:\Windows\System32\umpo.dll - ok
    16:02:50.0375 3240 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
    16:02:50.0375 3240 C:\Windows\System32\pcwum.dll - ok
    16:02:50.0390 3240 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
    16:02:50.0390 3240 C:\Windows\System32\powrprof.dll - ok
    16:02:50.0406 3240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
    16:02:50.0406 3240 C:\Windows\System32\drivers\luafv.sys - ok
    16:02:50.0406 3240 [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll
    16:02:50.0406 3240 C:\Windows\System32\rpcss.dll - ok
    16:02:50.0421 3240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
    16:02:50.0421 3240 C:\Windows\System32\RpcEpMap.dll - ok
    16:02:50.0437 3240 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
    16:02:50.0437 3240 C:\Windows\System32\wshqos.dll - ok
    16:02:50.0453 3240 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
    16:02:50.0453 3240 C:\Windows\System32\WSHTCPIP.DLL - ok
    16:02:50.0453 3240 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
    16:02:50.0453 3240 C:\Windows\System32\FirewallAPI.dll - ok
    16:02:50.0468 3240 [ F238BE4FA4E55EB67F17281FADF69851 ] C:\Windows\System32\atiesrxx.exe
    16:02:50.0468 3240 C:\Windows\System32\atiesrxx.exe - ok
    16:02:50.0484 3240 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
    16:02:50.0484 3240 C:\Windows\System32\wtsapi32.dll - ok
    16:02:50.0484 3240 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
    16:02:50.0484 3240 C:\Windows\System32\version.dll - ok
    16:02:50.0499 3240 [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe
    16:02:50.0499 3240 C:\Windows\System32\LogonUI.exe - ok
    16:02:50.0515 3240 [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll
    16:02:50.0515 3240 C:\Windows\System32\authui.dll - ok
    16:02:50.0515 3240 [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll
    16:02:50.0515 3240 C:\Windows\System32\cryptui.dll - ok
    16:02:50.0531 3240 [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
    16:02:50.0531 3240 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok
    16:02:50.0546 3240 [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll
    16:02:50.0546 3240 C:\Windows\System32\shacct.dll - ok
    16:02:50.0562 3240 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
    16:02:50.0562 3240 C:\Windows\System32\samlib.dll - ok
    16:02:50.0562 3240 [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll
    16:02:50.0562 3240 C:\Windows\System32\propsys.dll - ok
    16:02:50.0577 3240 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
    16:02:50.0577 3240 C:\Windows\System32\uxtheme.dll - ok
    16:02:50.0593 3240 [ DD0701DE0AAA010E6EBD0F53B672DCEE ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll
    16:02:50.0593 3240 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll - ok
    16:02:50.0609 3240 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
    16:02:50.0609 3240 C:\Windows\System32\dui70.dll - ok
    16:02:50.0609 3240 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
    16:02:50.0609 3240 C:\Windows\System32\duser.dll - ok
    16:02:50.0624 3240 [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll
    16:02:50.0624 3240 C:\Windows\System32\SndVolSSO.dll - ok
    16:02:50.0640 3240 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
    16:02:50.0640 3240 C:\Windows\System32\hid.dll - ok
    16:02:50.0640 3240 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
    16:02:50.0640 3240 C:\Windows\System32\MMDevAPI.dll - ok
    16:02:50.0655 3240 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
    16:02:50.0655 3240 C:\Windows\System32\dwmapi.dll - ok
    16:02:50.0671 3240 [ 39F91A948E6017B732C4A0B3086A8E32 ] C:\Windows\System32\xmllite.dll
    16:02:50.0671 3240 C:\Windows\System32\xmllite.dll - ok
    16:02:50.0671 3240 [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll
    16:02:50.0671 3240 C:\Windows\System32\WindowsCodecs.dll - ok
    16:02:50.0687 3240 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
    16:02:50.0687 3240 C:\Windows\System32\winbrand.dll - ok
    16:02:50.0702 3240 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
    16:02:50.0702 3240 C:\Windows\System32\VaultCredProvider.dll - ok
    16:02:50.0718 3240 [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll
    16:02:50.0718 3240 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
    16:02:50.0718 3240 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
    16:02:50.0718 3240 C:\Windows\System32\BioCredProv.dll - ok
    16:02:50.0733 3240 [ 97D38371502AA797DB14EB1FA5FCE4CD ] C:\Windows\System32\credui.dll
    16:02:50.0733 3240 C:\Windows\System32\credui.dll - ok
    16:02:50.0749 3240 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
    16:02:50.0749 3240 C:\Windows\System32\winbio.dll - ok
    16:02:50.0749 3240 [ 3C27B50BC43D5FED43081A784DD17190 ] C:\Windows\System32\netapi32.dll
    16:02:50.0749 3240 C:\Windows\System32\netapi32.dll - ok
    16:02:50.0765 3240 [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll
    16:02:50.0765 3240 C:\Windows\System32\netutils.dll - ok
    16:02:50.0780 3240 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
    16:02:50.0780 3240 C:\Windows\System32\vaultcli.dll - ok
    16:02:50.0796 3240 [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll
    16:02:50.0796 3240 C:\Windows\System32\wkscli.dll - ok
    16:02:50.0796 3240 [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll
    16:02:50.0796 3240 C:\Windows\System32\samcli.dll - ok
    16:02:50.0811 3240 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
    16:02:50.0811 3240 C:\Windows\System32\certCredProvider.dll - ok
    16:02:50.0827 3240 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
    16:02:50.0827 3240 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
    16:02:50.0843 3240 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
    16:02:50.0843 3240 C:\Windows\System32\rasplap.dll - ok
    16:02:50.0843 3240 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
    16:02:50.0843 3240 C:\Windows\System32\rasapi32.dll - ok
    16:02:50.0858 3240 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
    16:02:50.0858 3240 C:\Windows\System32\rasman.dll - ok
    16:02:50.0874 3240 [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll
    16:02:50.0874 3240 C:\Windows\System32\rtutils.dll - ok
    16:02:50.0874 3240 [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll
    16:02:50.0874 3240 C:\Windows\System32\wevtsvc.dll - ok
    16:02:50.0889 3240 [ 07721A77180EDD4D39CCB865BF63C7FD ] C:\Windows\System32\audiosrv.dll
    16:02:50.0889 3240 C:\Windows\System32\audiosrv.dll - ok
    16:02:50.0905 3240 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
    16:02:50.0905 3240 C:\Windows\System32\avrt.dll - ok
    16:02:50.0905 3240 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
    16:02:50.0905 3240 C:\Windows\System32\mmcss.dll - ok
    16:02:50.0921 3240 [ D152EBC32A23069F8AA1D1F24B15E3F9 ] C:\Windows\System32\audiodg.exe
    16:02:50.0921 3240 C:\Windows\System32\audiodg.exe - ok
    16:02:50.0936 3240 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
    16:02:50.0936 3240 C:\Windows\System32\ntmarta.dll - ok
    16:02:50.0952 3240 [ FE5AB4525BC2EC68B9119A6E5D40128B ] C:\Windows\System32\gpsvc.dll
    16:02:50.0952 3240 C:\Windows\System32\gpsvc.dll - ok
    16:02:50.0952 3240 [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll
    16:02:50.0952 3240 C:\Windows\System32\nlaapi.dll - ok
    16:02:50.0967 3240 [ 97293447431311C06703368AD0F6C4BE ] C:\Windows\System32\profsvc.dll
    16:02:50.0967 3240 C:\Windows\System32\profsvc.dll - ok
    16:02:50.0983 3240 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
    16:02:50.0983 3240 C:\Windows\System32\atl.dll - ok
    16:02:50.0983 3240 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
    16:02:50.0983 3240 C:\Windows\System32\themeservice.dll - ok
    16:02:50.0999 3240 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
    16:02:50.0999 3240 C:\Windows\System32\dsrole.dll - ok
    16:02:51.0014 3240 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
    16:02:51.0014 3240 C:\Windows\System32\slc.dll - ok
    16:02:51.0030 3240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
    16:02:51.0030 3240 C:\Windows\System32\es.dll - ok
    16:02:51.0030 3240 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
    16:02:51.0030 3240 C:\Windows\System32\Sens.dll - ok
    16:02:51.0045 3240 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
    16:02:51.0045 3240 C:\Windows\System32\comres.dll - ok
    16:02:51.0061 3240 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
    16:02:51.0061 3240 C:\Windows\System32\UXInit.dll - ok
    16:02:51.0061 3240 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
    16:02:51.0061 3240 C:\Windows\System32\uxsms.dll - ok
    16:02:51.0077 3240 [ AECAB449567D1846DAD63ECE49E893E3 ] C:\Windows\System32\MPSSVC.dll
    16:02:51.0077 3240 C:\Windows\System32\MPSSVC.dll - ok
    16:02:51.0092 3240 [ CE817ABFB8B4E713F96DA32326779358 ] C:\Windows\System32\atieclxx.exe
    16:02:51.0092 3240 C:\Windows\System32\atieclxx.exe - ok
    16:02:51.0092 3240 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
    16:02:51.0092 3240 C:\Windows\System32\drivers\lltdio.sys - ok
    16:02:51.0108 3240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
    16:02:51.0108 3240 C:\Windows\System32\drivers\nwifi.sys - ok
    16:02:51.0123 3240 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] C:\Windows\System32\drivers\ndisuio.sys
    16:02:51.0123 3240 C:\Windows\System32\drivers\ndisuio.sys - ok
    16:02:51.0139 3240 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
    16:02:51.0139 3240 C:\Windows\System32\drivers\rspndr.sys - ok
    16:02:51.0139 3240 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
    16:02:51.0139 3240 C:\Windows\System32\imageres.dll - ok
    16:02:51.0155 3240 [ 84CA64001AD7609F2E047BDC0929E2D5 ] C:\Windows\System32\atiadlxx.dll
    16:02:51.0155 3240 C:\Windows\System32\atiadlxx.dll - ok
    16:02:51.0170 3240 [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL
    16:02:51.0170 3240 C:\Windows\System32\IPHLPAPI.DLL - ok
    16:02:51.0170 3240 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
    16:02:51.0170 3240 C:\Windows\System32\lmhsvc.dll - ok
    16:02:51.0186 3240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
    16:02:51.0186 3240 C:\Windows\System32\nsisvc.dll - ok
    16:02:51.0201 3240 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
    16:02:51.0201 3240 C:\Windows\System32\adtschema.dll - ok
    16:02:51.0201 3240 [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll
    16:02:51.0201 3240 C:\Windows\System32\nrpsrv.dll - ok
    16:02:51.0217 3240 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
    16:02:51.0217 3240 C:\Windows\System32\winnsi.dll - ok
    16:02:51.0233 3240 [ DF9FAF4053C09AB5BAF4A48F38223B6B ] C:\Windows\System32\atimuixx.dll
    16:02:51.0233 3240 C:\Windows\System32\atimuixx.dll - ok
    16:02:51.0248 3240 [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys
    16:02:51.0248 3240 C:\Windows\System32\drivers\fltMgr.sys - ok
    16:02:51.0248 3240 [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll
    16:02:51.0248 3240 C:\Windows\System32\dhcpcore.dll - ok
    16:02:51.0264 3240 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
    16:02:51.0264 3240 C:\Windows\System32\PSHED.DLL - ok
    16:02:51.0279 3240 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
    16:02:51.0279 3240 C:\Windows\System32\dhcpcore6.dll - ok
    16:02:51.0279 3240 [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll
    16:02:51.0279 3240 C:\Windows\System32\dnsrslvr.dll - ok
    16:02:51.0295 3240 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
    16:02:51.0295 3240 C:\Windows\System32\keyiso.dll - ok
    16:02:51.0311 3240 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
    16:02:51.0311 3240 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
    16:02:51.0326 3240 [ 982F5395AD181179320083A4FA7E7CA8 ] C:\Windows\System32\eapphost.dll
    16:02:51.0326 3240 C:\Windows\System32\eapphost.dll - ok
    16:02:51.0342 3240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
    16:02:51.0342 3240 C:\Windows\System32\eapsvc.dll - ok
    16:02:51.0342 3240 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
    16:02:51.0342 3240 C:\Windows\System32\FWPUCLNT.DLL - ok
    16:02:51.0357 3240 [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll
    16:02:51.0357 3240 C:\Windows\System32\umb.dll - ok
    16:02:51.0373 3240 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
    16:02:51.0373 3240 C:\Windows\System32\dnsext.dll - ok
    16:02:51.0373 3240 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
    16:02:51.0373 3240 C:\Windows\System32\wlansvc.dll - ok
    16:02:51.0389 3240 [ 48A31B7CF046702059A86836DC21D786 ] C:\Windows\System32\wlanmsm.dll
    16:02:51.0389 3240 C:\Windows\System32\wlanmsm.dll - ok
    16:02:51.0404 3240 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
    16:02:51.0404 3240 C:\Windows\System32\dhcpcsvc.dll - ok
    16:02:51.0404 3240 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
    16:02:51.0404 3240 C:\Windows\System32\wlansec.dll - ok
    16:02:51.0420 3240 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
    16:02:51.0420 3240 C:\Windows\System32\dhcpcsvc6.dll - ok
    16:02:51.0435 3240 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
    16:02:51.0435 3240 C:\Windows\System32\eappprxy.dll - ok
    16:02:51.0451 3240 [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll
    16:02:51.0451 3240 C:\Windows\System32\onex.dll - ok
    16:02:51.0467 3240 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
    16:02:51.0467 3240 C:\Windows\System32\eappcfg.dll - ok
    16:02:51.0467 3240 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
    16:02:51.0467 3240 C:\Windows\System32\l2gpstore.dll - ok
    16:02:51.0482 3240 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
    16:02:51.0482 3240 C:\Windows\System32\wlanutil.dll - ok
    16:02:51.0498 3240 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
    16:02:51.0498 3240 C:\Windows\System32\wlgpclnt.dll - ok
    16:02:51.0498 3240 [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll
    16:02:51.0498 3240 C:\Windows\System32\WinSCard.dll - ok
    16:02:51.0513 3240 [ 7C02AD2F4BEF1D5C51CB9B402AB3603F ] C:\Windows\System32\msxml6.dll
    16:02:51.0513 3240 C:\Windows\System32\msxml6.dll - ok
    16:02:51.0529 3240 [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll
    16:02:51.0529 3240 C:\Windows\System32\netcfgx.dll - ok
    16:02:51.0545 3240 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] C:\Windows\System32\shsvcs.dll
    16:02:51.0545 3240 C:\Windows\System32\shsvcs.dll - ok
    16:02:51.0545 3240 [ 624D0F5FF99428BB90A5B8A4123E918E ] C:\Windows\System32\schedsvc.dll
    16:02:51.0545 3240 C:\Windows\System32\schedsvc.dll - ok
    16:02:51.0560 3240 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
    16:02:51.0560 3240 C:\Windows\System32\ktmw32.dll - ok
    16:02:51.0576 3240 [ 1B38A0F123FCF1546FACEAF1EFAFAA00 ] C:\Windows\System32\fveapi.dll
    16:02:51.0576 3240 C:\Windows\System32\fveapi.dll - ok
    16:02:51.0576 3240 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
    16:02:51.0576 3240 C:\Windows\System32\fvecerts.dll - ok
    16:02:51.0591 3240 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
    16:02:51.0591 3240 C:\Windows\System32\tbs.dll - ok
    16:02:51.0607 3240 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
    16:02:51.0607 3240 C:\Windows\System32\wiarpc.dll - ok
    16:02:51.0607 3240 [ 1B547066D0A6CD40EB3BAAC6A9C7E7A9 ] C:\Windows\System32\taskcomp.dll
    16:02:51.0607 3240 C:\Windows\System32\taskcomp.dll - ok
    16:02:51.0623 3240 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] C:\Windows\System32\drivers\http.sys
    16:02:51.0623 3240 C:\Windows\System32\drivers\http.sys - ok
    16:02:51.0638 3240 [ 567977DC43CC13C4C35ED7084C0B84D5 ] C:\Windows\System32\spoolsv.exe
    16:02:51.0638 3240 C:\Windows\System32\spoolsv.exe - ok
    16:02:51.0654 3240 [ 4992C609A6315671463E30F6512BC022 ] C:\Windows\System32\BFE.DLL
    16:02:51.0654 3240 C:\Windows\System32\BFE.DLL - ok
    16:02:51.0654 3240 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
    16:02:51.0654 3240 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
    16:02:51.0669 3240 [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys
    16:02:51.0669 3240 C:\Windows\System32\drivers\bowser.sys - ok
    16:02:51.0685 3240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
    16:02:51.0685 3240 C:\Windows\System32\drivers\mpsdrv.sys - ok
    16:02:51.0685 3240 [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys
    16:02:51.0701 3240 C:\Windows\System32\drivers\mrxsmb.sys - ok
    16:02:51.0701 3240 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
    16:02:51.0701 3240 C:\Windows\System32\wfapigp.dll - ok
    16:02:51.0716 3240 [ 961036B3C6282C646B9ADBC8BB32C983 ] C:\Windows\System32\mscms.dll
    16:02:51.0716 3240 C:\Windows\System32\mscms.dll - ok
    16:02:51.0732 3240 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
    16:02:51.0732 3240 C:\Windows\System32\pcasvc.dll - ok
    16:02:51.0732 3240 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
    16:02:51.0732 3240 C:\Windows\System32\snmptrap.exe - ok
    16:02:51.0747 3240 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
    16:02:51.0747 3240 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
    16:02:51.0763 3240 [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    16:02:51.0763 3240 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
    16:02:51.0763 3240 [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll
    16:02:51.0763 3240 C:\Windows\System32\provsvc.dll - ok
    16:02:51.0779 3240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
    16:02:51.0779 3240 C:\Windows\System32\sstpsvc.dll - ok
    16:02:51.0794 3240 [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys
    16:02:51.0794 3240 C:\Windows\System32\drivers\mrxsmb10.sys - ok
    16:02:51.0997 3240 [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys
    16:02:51.0997 3240 C:\Windows\System32\drivers\mrxsmb20.sys - ok
    16:02:51.0997 3240 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll
    16:02:51.0997 3240 C:\Windows\System32\wkssvc.dll - ok
    16:02:52.0013 3240 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
    16:02:52.0013 3240 C:\Windows\System32\dllhost.exe - ok
    16:02:52.0028 3240 [ 11A52CF7B265631DEEB24C6149309EFF ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:02:52.0028 3240 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
    16:02:52.0044 3240 [ DB6DD54A93522CA3572D04B56C5DB890 ] C:\Windows\SysWOW64\ntdll.dll
    16:02:52.0044 3240 C:\Windows\SysWOW64\ntdll.dll - ok
    16:02:52.0044 3240 [ 0060718115F3590EACEB860DFFE95A0C ] C:\Windows\System32\wow64.dll
    16:02:52.0044 3240 C:\Windows\System32\wow64.dll - ok
    16:02:52.0059 3240 [ 865C5A432F2855F0669DCE66547CC237 ] C:\Windows\System32\wow64win.dll
    16:02:52.0059 3240 C:\Windows\System32\wow64win.dll - ok
    16:02:52.0075 3240 [ 3CEE7783176FA7BED592E4C14BDE241E ] C:\Windows\System32\wow64cpu.dll
    16:02:52.0075 3240 C:\Windows\System32\wow64cpu.dll - ok
    16:02:52.0075 3240 [ 385BE92E3106491BBB542F8F1C06C606 ] C:\Windows\SysWOW64\kernel32.dll
    16:02:52.0075 3240 C:\Windows\SysWOW64\kernel32.dll - ok
    16:02:52.0091 3240 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
    16:02:52.0091 3240 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok
    16:02:52.0106 3240 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
    16:02:52.0106 3240 C:\Windows\System32\IDStore.dll - ok
    16:02:52.0122 3240 [ 3EEFB971D61EF9638FD21F14C703CA11 ] C:\Windows\System32\taskhost.exe
    16:02:52.0122 3240 C:\Windows\System32\taskhost.exe - ok
    16:02:52.0122 3240 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
    16:02:52.0122 3240 C:\Windows\System32\AtBroker.exe - ok
    16:02:52.0137 3240 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
    16:02:52.0137 3240 C:\Windows\System32\mpr.dll - ok
    16:02:52.0153 3240 [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe
    16:02:52.0153 3240 C:\Windows\System32\userinit.exe - ok
    16:02:52.0153 3240 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    16:02:52.0153 3240 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
    16:02:52.0169 3240 [ 6E26AABE8342B18A9215CC71039AD7B4 ] C:\Windows\SysWOW64\KernelBase.dll
    16:02:52.0169 3240 C:\Windows\SysWOW64\KernelBase.dll - ok
    16:02:52.0184 3240 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
    16:02:52.0184 3240 C:\Windows\SysWOW64\psapi.dll - ok
    16:02:52.0200 3240 [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll
    16:02:52.0200 3240 C:\Windows\SysWOW64\user32.dll - ok
    16:02:52.0200 3240 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
    16:02:52.0200 3240 C:\Windows\System32\rasadhlp.dll - ok
    16:02:52.0215 3240 [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll
    16:02:52.0215 3240 C:\Windows\SysWOW64\gdi32.dll - ok
    16:02:52.0231 3240 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
    16:02:52.0231 3240 C:\Windows\System32\dwm.exe - ok
    16:02:52.0231 3240 [ 8CFACC72081C21519676BF4AAA1A88A9 ] C:\Windows\System32\localspl.dll
    16:02:52.0231 3240 C:\Windows\System32\localspl.dll - ok
    16:02:52.0247 3240 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
    16:02:52.0247 3240 C:\Windows\SysWOW64\lpk.dll - ok
    16:02:52.0262 3240 [ 011B7A81E28C748D7631CF3D72323DD2 ] C:\Windows\SysWOW64\usp10.dll
    16:02:52.0262 3240 C:\Windows\SysWOW64\usp10.dll - ok
    16:02:52.0278 3240 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
    16:02:52.0278 3240 C:\Windows\System32\PlaySndSrv.dll - ok
    16:02:52.0278 3240 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
    16:02:52.0278 3240 C:\Windows\System32\spoolss.dll - ok
    16:02:52.0293 3240 [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv
    16:02:52.0293 3240 C:\Windows\System32\winspool.drv - ok
    16:02:52.0309 3240 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll
    16:02:52.0309 3240 C:\Windows\SysWOW64\msvcrt.dll - ok
    16:02:52.0309 3240 [ 20BEB8C403C6E28C9B13644787F5177D ] C:\Windows\System32\FXSMON.dll
    16:02:52.0309 3240 C:\Windows\System32\FXSMON.dll - ok
    16:02:52.0325 3240 [ 33CC7FFA41F6157592E1578BD253F30E ] C:\Windows\System32\PrintIsolationProxy.dll
    16:02:52.0325 3240 C:\Windows\System32\PrintIsolationProxy.dll - ok
    16:02:52.0340 3240 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
    16:02:52.0340 3240 C:\Windows\System32\tcpmon.dll - ok
    16:02:52.0356 3240 [ 7F37322A489E285CFBCC02F6A53B3F1B ] C:\Windows\System32\HotStartUserAgent.dll
    16:02:52.0356 3240 C:\Windows\System32\HotStartUserAgent.dll - ok
    16:02:52.0356 3240 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
    16:02:52.0356 3240 C:\Windows\System32\MsCtfMonitor.dll - ok
    16:02:52.0371 3240 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
    16:02:52.0371 3240 C:\Windows\System32\msutb.dll - ok
    16:02:52.0387 3240 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
    16:02:52.0387 3240 C:\Windows\System32\snmpapi.dll - ok
    16:02:52.0387 3240 [ AD7C70077D4C81558E909D34EF6B995E ] C:\Windows\System32\wsnmp32.dll
    16:02:52.0387 3240 C:\Windows\System32\wsnmp32.dll - ok
    16:02:52.0403 3240 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll
    16:02:52.0403 3240 C:\Windows\SysWOW64\advapi32.dll - ok
    16:02:52.0434 3240 [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll
    16:02:52.0434 3240 C:\Windows\SysWOW64\rpcrt4.dll - ok
    16:02:52.0434 3240 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
    16:02:52.0434 3240 C:\Windows\SysWOW64\sechost.dll - ok
    16:02:52.0465 3240 [ 0862495E0C825893DB75EF44FAEA8E93 ] C:\Windows\explorer.exe
    16:02:52.0465 3240 C:\Windows\explorer.exe - ok
    16:02:52.0465 3240 [ EF184066A851E7838D5BF8C8FAE66CC4 ] C:\Windows\System32\dwmredir.dll
    16:02:52.0465 3240 C:\Windows\System32\dwmredir.dll - ok
    16:02:52.0481 3240 [ 9D8AB964CE511AF81207DF0E1205184C ] C:\Windows\System32\dwmcore.dll
    16:02:52.0481 3240 C:\Windows\System32\dwmcore.dll - ok
    16:02:52.0496 3240 [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll
    16:02:52.0496 3240 C:\Windows\System32\ExplorerFrame.dll - ok
    16:02:52.0496 3240 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
    16:02:52.0496 3240 C:\Windows\SysWOW64\cryptbase.dll - ok
    16:02:52.0512 3240 [ 351F62085F1D007533B4BB159C9EFDE3 ] C:\Windows\SysWOW64\sspicli.dll
    16:02:52.0512 3240 C:\Windows\SysWOW64\sspicli.dll - ok
    16:02:52.0527 3240 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\SysWOW64\shell32.dll
    16:02:52.0527 3240 C:\Windows\SysWOW64\shell32.dll - ok
    16:02:52.0543 3240 [ 58A0C212ED2ABE462B3A9626F5B96261 ] C:\Windows\System32\d3d10_1.dll
    16:02:52.0543 3240 C:\Windows\System32\d3d10_1.dll - ok
    16:02:52.0543 3240 [ AFBBC34687FA48A4928B99AF097C1EC0 ] C:\Windows\System32\d3d10_1core.dll
    16:02:52.0543 3240 C:\Windows\System32\d3d10_1core.dll - ok
    16:02:52.0559 3240 [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll
    16:02:52.0559 3240 C:\Windows\System32\dxgi.dll - ok
    16:02:52.0574 3240 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
    16:02:52.0574 3240 C:\Windows\System32\winmm.dll - ok
    16:02:52.0574 3240 [ BFF939D893D72D93F3808572474B403C ] C:\Windows\System32\atidxx64.dll
    16:02:52.0574 3240 C:\Windows\System32\atidxx64.dll - ok
    16:02:52.0590 3240 [ 34E306CDA632F09793A851C86026B0DC ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    16:02:52.0590 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll - ok
    16:02:52.0605 3240 [ A74316B5C28D94AF0825267D8715549F ] C:\Windows\System32\dbghelp.dll
    16:02:52.0605 3240 C:\Windows\System32\dbghelp.dll - ok
    16:02:52.0621 3240 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
    16:02:52.0621 3240 C:\Windows\System32\uDWM.dll - ok
    16:02:52.0621 3240 [ 3B9F6EDE1288FD756237203460F57FF8 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\sysenv.dll
    16:02:52.0621 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\sysenv.dll - ok
    16:02:52.0637 3240 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
    16:02:52.0637 3240 C:\Windows\System32\EhStorShell.dll - ok
    16:02:52.0652 3240 [ 5F917AEEEA363B8A5DC8624795CB1D60 ] C:\Windows\System32\ntshrui.dll
    16:02:52.0652 3240 C:\Windows\System32\ntshrui.dll - ok
    16:02:52.0652 3240 [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll
    16:02:52.0652 3240 C:\Windows\System32\cscapi.dll - ok
    16:02:52.0668 3240 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
    16:02:52.0668 3240 C:\Windows\System32\IconCodecService.dll - ok
    16:02:52.0683 3240 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll
    16:02:52.0683 3240 C:\Windows\SysWOW64\shlwapi.dll - ok
    16:02:52.0683 3240 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll
    16:02:52.0683 3240 C:\Windows\SysWOW64\ole32.dll - ok
    16:02:52.0699 3240 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\SysWOW64\oleaut32.dll
    16:02:52.0699 3240 C:\Windows\SysWOW64\oleaut32.dll - ok
    16:02:52.0715 3240 [ 7DA089C75B1E92032D0CBE4ADE7C32BC ] C:\Windows\SysWOW64\crypt32.dll
    16:02:52.0715 3240 C:\Windows\SysWOW64\crypt32.dll - ok
    16:02:52.0730 3240 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll
    16:02:52.0730 3240 C:\Windows\SysWOW64\msasn1.dll - ok
    16:02:52.0730 3240 [ 334A663962618F7A136FA1F80F773C5F ] C:\Windows\SysWOW64\wintrust.dll
    16:02:52.0730 3240 C:\Windows\SysWOW64\wintrust.dll - ok
    16:02:52.0746 3240 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
    16:02:52.0746 3240 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
    16:02:52.0761 3240 [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll
    16:02:52.0761 3240 C:\Windows\SysWOW64\imm32.dll - ok
    16:02:52.0777 3240 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
    16:02:52.0777 3240 C:\Windows\SysWOW64\msctf.dll - ok
    16:02:52.0777 3240 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll
    16:02:52.0777 3240 C:\Windows\SysWOW64\ws2_32.dll - ok
    16:02:52.0793 3240 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
    16:02:52.0793 3240 C:\Windows\SysWOW64\atl.dll - ok
    16:02:52.0824 3240 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
    16:02:52.0824 3240 C:\Windows\SysWOW64\nsi.dll - ok
    16:02:52.0824 3240 [ 6EE6F7BFF92590051ACFA519AEE8ACE5 ] C:\Windows\SysWOW64\wininet.dll
    16:02:52.0824 3240 C:\Windows\SysWOW64\wininet.dll - ok
    16:02:52.0839 3240 [ 60C0E7C0953C2022EE72E0C67001F2E0 ] C:\Windows\SysWOW64\urlmon.dll
    16:02:52.0839 3240 C:\Windows\SysWOW64\urlmon.dll - ok
    16:02:52.0855 3240 [ 13BA5B75645F34700D995D58F8860466 ] C:\Windows\SysWOW64\iertutil.dll
    16:02:52.0855 3240 C:\Windows\SysWOW64\iertutil.dll - ok
    16:02:52.0855 3240 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll
    16:02:52.0855 3240 C:\Windows\SysWOW64\winmm.dll - ok
    16:02:52.0871 3240 [ B4BDE3F758A34658A37DFED3D9783CD8 ] C:\Windows\System32\drivers\atksgt.sys
    16:02:52.0871 3240 C:\Windows\System32\drivers\atksgt.sys - ok
    16:02:52.0886 3240 [ 4FAC55936209B4F3EB78532181C9ED5E ] C:\Windows\System32\cryptnet.dll
    16:02:52.0886 3240 C:\Windows\System32\cryptnet.dll - ok
    16:02:52.0902 3240 [ BAF19B633933A9FB4883D27D66C39E9A ] C:\Windows\System32\cryptsvc.dll
    16:02:52.0902 3240 C:\Windows\System32\cryptsvc.dll - ok
    16:02:52.0902 3240 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] C:\Windows\System32\dps.dll
    16:02:52.0902 3240 C:\Windows\System32\dps.dll - ok
    16:02:52.0917 3240 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    16:02:52.0917 3240 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe - ok
    16:02:52.0933 3240 [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll
    16:02:52.0933 3240 C:\Windows\System32\taskschd.dll - ok
    16:02:52.0933 3240 [ BF210F7E658B204295211EA8CA5FFA61 ] C:\Program Files\Acer\Acer ePower Management\PowerSettingControl.dll
    16:02:52.0933 3240 C:\Program Files\Acer\Acer ePower Management\PowerSettingControl.dll - ok
    16:02:52.0949 3240 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
    16:02:52.0949 3240 C:\Windows\System32\wdi.dll - ok
    16:02:52.0964 3240 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
    16:02:52.0964 3240 C:\Windows\System32\usbmon.dll - ok
    16:02:52.0980 3240 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
    16:02:52.0980 3240 C:\Windows\System32\WSDMon.dll - ok
    16:02:52.0980 3240 [ 05FE4A30177E858B51F5E1E970FE9925 ] C:\Windows\System32\WSDApi.dll
    16:02:52.0980 3240 C:\Windows\System32\WSDApi.dll - ok
    16:02:52.0995 3240 [ A3EA403D2B74C5F71B7E8B3DAE92DE1E ] C:\Windows\System32\webservices.dll
    16:02:52.0995 3240 C:\Windows\System32\webservices.dll - ok
    16:02:53.0011 3240 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
    16:02:53.0011 3240 C:\Windows\System32\fundisc.dll - ok
    16:02:53.0011 3240 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
    16:02:53.0011 3240 C:\Windows\System32\fdPnp.dll - ok
    16:02:53.0027 3240 [ 7EDB2BF840ECB14D6E6B11C035708719 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
    16:02:53.0027 3240 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
    16:02:53.0042 3240 [ ABB515748212F8B5D3A9B07041E97B32 ] C:\Windows\System32\win32spl.dll
    16:02:53.0042 3240 C:\Windows\System32\win32spl.dll - ok
    16:02:53.0058 3240 [ 17EAB1AEA937EFFCD107EFBA94FEDB34 ] C:\Windows\System32\inetpp.dll
    16:02:53.0058 3240 C:\Windows\System32\inetpp.dll - ok
    16:02:53.0058 3240 [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll
    16:02:53.0058 3240 C:\Windows\System32\vssapi.dll - ok
    16:02:53.0073 3240 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
    16:02:53.0073 3240 C:\Windows\System32\vsstrace.dll - ok
    16:02:53.0089 3240 [ 438A725C407591F85A1585E00F7E9089 ] C:\Windows\System32\spool\drivers\x64\3\BRUFXA5C.dll
    16:02:53.0089 3240 C:\Windows\System32\spool\drivers\x64\3\BRUFXA5C.dll - ok
    16:02:53.0089 3240 [ EFEC3847B47CC9357D5C33BBAB59B7EB ] C:\Windows\System32\mgmtapi.dll
    16:02:53.0089 3240 C:\Windows\System32\mgmtapi.dll - ok
    16:02:53.0105 3240 [ 79CA5FB6EE4BE3203AD81F3B8722CBF1 ] C:\Windows\System32\spool\drivers\x64\3\BRLFXA5C.DLL
    16:02:53.0105 3240 C:\Windows\System32\spool\drivers\x64\3\BRLFXA5C.DLL - ok
    16:02:53.0120 3240 [ E81F5A2F6D52215C0E84F2849503EBA8 ] C:\Windows\System32\tcpmib.dll
    16:02:53.0120 3240 C:\Windows\System32\tcpmib.dll - ok
    16:02:53.0136 3240 [ 22F020C76E339EB2B2187BA73A7E4173 ] C:\Windows\System32\PrintIsolationHost.exe
    16:02:53.0136 3240 C:\Windows\System32\PrintIsolationHost.exe - ok
    16:02:53.0136 3240 [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
    16:02:53.0136 3240 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
    16:02:53.0151 3240 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
    16:02:53.0151 3240 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
    16:02:53.0167 3240 [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll
    16:02:53.0167 3240 C:\Windows\System32\oleacc.dll - ok
    16:02:53.0183 3240 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
    16:02:53.0183 3240 C:\Windows\System32\FDResPub.dll - ok
    16:02:53.0183 3240 [ 816FD5A6F3C2F3D600900096632FC60E ] C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    16:02:53.0183 3240 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe - ok
    16:02:53.0198 3240 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
    16:02:53.0198 3240 C:\Windows\SysWOW64\version.dll - ok
    16:02:53.0214 3240 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
    16:02:53.0214 3240 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
    16:02:53.0214 3240 [ 955982BF4421B77722196552B62E8DC2 ] C:\Windows\System32\drivers\lirsgt.sys
    16:02:53.0214 3240 C:\Windows\System32\drivers\lirsgt.sys - ok
    16:02:53.0229 3240 [ C5B4683680DF085B57BC53E5EF34861F ] C:\Windows\System32\IKEEXT.DLL
    16:02:53.0229 3240 C:\Windows\System32\IKEEXT.DLL - ok
    16:02:53.0245 3240 [ 0BF0C2A72F2CB0BA4382C392D3E331AF ] C:\Windows\System32\winhttp.dll
    16:02:53.0245 3240 C:\Windows\System32\winhttp.dll - ok
    16:02:53.0245 3240 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll
    16:02:53.0245 3240 C:\Windows\SysWOW64\mswsock.dll - ok
    16:02:53.0261 3240 [ 2196CDBFA4B99BEEDAE300FA21DFE718 ] C:\Windows\System32\webio.dll
    16:02:53.0261 3240 C:\Windows\System32\webio.dll - ok
    16:02:53.0276 3240 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
    16:02:53.0276 3240 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
    16:02:53.0292 3240 [ 4509387963DF66A6401752A0C631F6E8 ] C:\Windows\System32\httpapi.dll
    16:02:53.0292 3240 C:\Windows\System32\httpapi.dll - ok
    16:02:53.0292 3240 [ EAF24A69EC018C6F832DD9C71147AC5B ] C:\Windows\System32\spool\drivers\x64\3\BRPRIB1A.DLL
    16:02:53.0292 3240 C:\Windows\System32\spool\drivers\x64\3\BRPRIB1A.DLL - ok
    16:02:53.0307 3240 [ 1086CC720B1EFACFBD8AF7DAF64A17CE ] C:\Windows\System32\spool\drivers\x64\3\BRUIIB1A.DLL
    16:02:53.0307 3240 C:\Windows\System32\spool\drivers\x64\3\BRUIIB1A.DLL - ok
    16:02:53.0323 3240 [ D1599D3BCFA3DE8E0DB858946B418AE6 ] C:\Windows\System32\spool\drivers\x64\3\BRDSMB00.DLL
    16:02:53.0323 3240 C:\Windows\System32\spool\drivers\x64\3\BRDSMB00.DLL - ok
    16:02:53.0339 3240 [ EEBAC9BBA27FA7344CF18DDEEF2213E1 ] C:\Windows\System32\spool\drivers\x64\3\BRLGIB1A_0409.DLL
    16:02:53.0339 3240 C:\Windows\System32\spool\drivers\x64\3\BRLGIB1A_0409.DLL - ok
    16:02:53.0339 3240 [ 0A8BF3229EE6091B72B9E22C19472C39 ] C:\Windows\System32\spool\drivers\x64\3\BROFXA5C.dll
    16:02:53.0339 3240 C:\Windows\System32\spool\drivers\x64\3\BROFXA5C.dll - ok
    16:02:53.0354 3240 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    16:02:53.0354 3240 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe - ok
    16:02:53.0370 3240 [ F4AB66EC2FB7D1DF0219D59C7CF38BCC ] C:\Program Files (x86)\McAfee\SiteAdvisor\sasshmod.dll
    16:02:53.0370 3240 C:\Program Files (x86)\McAfee\SiteAdvisor\sasshmod.dll - ok
    16:02:53.0385 3240 [ AECD0C9ABDFDC61BE31163B624C4170F ] C:\Windows\System32\mfevtps.exe
    16:02:53.0385 3240 C:\Windows\System32\mfevtps.exe - ok
    16:02:53.0385 3240 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
    16:02:53.0385 3240 C:\Windows\System32\sfc.dll - ok
    16:02:53.0401 3240 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
    16:02:53.0401 3240 C:\Windows\System32\sfc_os.dll - ok
    16:02:53.0417 3240 [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
    16:02:53.0417 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe - ok
    16:02:53.0432 3240 [ F0C3B543A95006ED2B2D07E1DA426813 ] C:\PROGRA~2\McAfee\SITEAD~1\saupkeep.dll
    16:02:53.0432 3240 C:\PROGRA~2\McAfee\SITEAD~1\saupkeep.dll - ok
    16:02:53.0432 3240 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
    16:02:53.0432 3240 C:\Windows\System32\rundll32.exe - ok
    16:02:53.0448 3240 [ F22495B45864F8AABB63105E76A075F9 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\sysenv.dll
    16:02:53.0448 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\sysenv.dll - ok
    16:02:53.0463 3240 [ BB1D82C70960FC9F28BAD16A5D7D010D ] C:\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll
    16:02:53.0463 3240 C:\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll - ok
    16:02:53.0479 3240 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\SysWOW64\rundll32.exe
    16:02:53.0479 3240 C:\Windows\SysWOW64\rundll32.exe - ok
    16:02:53.0479 3240 [ 2F22E4F40CBEBB980F923D64A78FEA2B ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\xmllite.dll
    16:02:53.0479 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\xmllite.dll - ok
    16:02:53.0495 3240 [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\SysWOW64\netapi32.dll
    16:02:53.0495 3240 C:\Windows\SysWOW64\netapi32.dll - ok
    16:02:53.0510 3240 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\SysWOW64\netutils.dll
    16:02:53.0510 3240 C:\Windows\SysWOW64\netutils.dll - ok
    16:02:53.0526 3240 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\SysWOW64\srvcli.dll
    16:02:53.0526 3240 C:\Windows\SysWOW64\srvcli.dll - ok
    16:02:53.0526 3240 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\SysWOW64\wkscli.dll
    16:02:53.0526 3240 C:\Windows\SysWOW64\wkscli.dll - ok
    16:02:53.0541 3240 [ 742AA02BD9FA3492C9E525BBD427D87D ] C:\Windows\SysWOW64\samcli.dll
    16:02:53.0541 3240 C:\Windows\SysWOW64\samcli.dll - ok
    16:02:53.0557 3240 [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\SysWOW64\imagehlp.dll
    16:02:53.0557 3240 C:\Windows\SysWOW64\imagehlp.dll - ok
    16:02:53.0557 3240 [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll
    16:02:53.0557 3240 C:\Windows\SysWOW64\apphelp.dll - ok
    16:02:53.0573 3240 [ CB7633FF7131FB4AA25A09A619082F60 ] C:\Windows\AppPatch\AcLayers.dll
    16:02:53.0573 3240 C:\Windows\AppPatch\AcLayers.dll - ok
    16:02:53.0588 3240 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
    16:02:53.0588 3240 C:\Windows\SysWOW64\profapi.dll - ok
    16:02:53.0588 3240 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll
    16:02:53.0588 3240 C:\Windows\SysWOW64\userenv.dll - ok
    16:02:53.0604 3240 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
    16:02:53.0604 3240 C:\Windows\SysWOW64\mpr.dll - ok
    16:02:53.0619 3240 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\SysWOW64\winspool.drv
    16:02:53.0619 3240 C:\Windows\SysWOW64\winspool.drv - ok
    16:02:53.0635 3240 [ BCD9FB069D5D8E9BE3E7E920132BF02D ] C:\Windows\AppPatch\acwow64.dll
    16:02:53.0635 3240 C:\Windows\AppPatch\acwow64.dll - ok
    16:02:53.0635 3240 [ 43EF8CA8FA9DC5F998FBC4C12C9556E2 ] C:\PROGRA~2\McAfee\SITEAD~1\sahook.dll
    16:02:53.0635 3240 C:\PROGRA~2\McAfee\SITEAD~1\sahook.dll - ok
    16:02:53.0651 3240 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
    16:02:53.0651 3240 C:\Windows\SysWOW64\uxtheme.dll - ok
    16:02:53.0666 3240 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
    16:02:53.0666 3240 C:\Windows\SysWOW64\clbcatq.dll - ok
    16:02:53.0666 3240 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
    16:02:53.0666 3240 C:\Windows\SysWOW64\dwmapi.dll - ok
    16:02:53.0682 3240 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
    16:02:53.0682 3240 C:\Windows\SysWOW64\cryptsp.dll - ok
    16:02:53.0697 3240 [ E49DF2DD8763AD6C53B5E5BD1736115E ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlOP.dll
    16:02:53.0697 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlOP.dll - ok
    16:02:53.0713 3240 [ 955CCE0330AB406DE9B8999C35975187 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
    16:02:53.0713 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll - ok
    16:02:53.0713 3240 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
    16:02:53.0713 3240 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
    16:02:53.0729 3240 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
    16:02:53.0729 3240 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
    16:02:53.0744 3240 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
    16:02:53.0744 3240 C:\Windows\SysWOW64\winnsi.dll - ok
    16:02:53.0760 3240 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
    16:02:53.0760 3240 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
    16:02:53.0760 3240 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
    16:02:53.0760 3240 C:\Windows\SysWOW64\rsaenh.dll - ok
    16:02:53.0775 3240 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll
    16:02:53.0775 3240 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
    16:02:53.0791 3240 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    16:02:53.0791 3240 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe - ok
    16:02:53.0791 3240 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll
    16:02:53.0791 3240 C:\Windows\System32\nlasvc.dll - ok
    16:02:53.0807 3240 [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll
    16:02:53.0807 3240 C:\Windows\System32\ncsi.dll - ok
    16:02:53.0822 3240 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
    16:02:53.0822 3240 C:\Windows\System32\ssdpapi.dll - ok
    16:02:53.0838 3240 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\msvcp71.dll
    16:02:53.0838 3240 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\msvcp71.dll - ok
    16:02:53.0853 3240 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\msvcr71.dll
    16:02:53.0853 3240 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\msvcr71.dll - ok
    16:02:53.0853 3240 [ 7B93C623333F121DC9E689CCB1B7A733 ] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\MFC71u.dll
    16:02:53.0853 3240 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\MFC71u.dll - ok
    16:02:53.0869 3240 [ 95A225C01B6DD2B855904D0E3A557F52 ] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvcLOC.dll
    16:02:53.0869 3240 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvcLOC.dll - ok
    16:02:53.0885 3240 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
    16:02:53.0885 3240 C:\Windows\System32\aepic.dll - ok
    16:02:53.0900 3240 [ C1C3BAF078BE5A14384A4BA2D730817D ] C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    16:02:53.0900 3240 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe - ok
    16:02:53.0916 3240 [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\SysWOW64\nlaapi.dll
    16:02:53.0916 3240 C:\Windows\SysWOW64\nlaapi.dll - ok
    16:02:53.0916 3240 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll
    16:02:53.0916 3240 C:\Windows\SysWOW64\dnsapi.dll - ok
    16:02:53.0931 3240 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
    16:02:53.0931 3240 C:\Windows\SysWOW64\NapiNSP.dll - ok
    16:02:53.0947 3240 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
    16:02:53.0947 3240 C:\Windows\SysWOW64\winrnr.dll - ok
    16:02:53.0947 3240 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
    16:02:53.0947 3240 C:\Windows\SysWOW64\pnrpnsp.dll - ok
    16:02:53.0963 3240 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
    16:02:53.0963 3240 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
    16:02:53.0978 3240 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
    16:02:53.0978 3240 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
    16:02:53.0994 3240 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
    16:02:53.0994 3240 C:\Windows\SysWOW64\rasadhlp.dll - ok
    16:02:53.0994 3240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
    16:02:53.0994 3240 C:\Windows\System32\drivers\PEAuth.sys - ok
    16:02:54.0009 3240 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
    16:02:54.0009 3240 C:\Windows\System32\drivers\secdrv.sys - ok
    16:02:54.0025 3240 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
    16:02:54.0025 3240 C:\Windows\System32\aeevts.dll - ok
    16:02:54.0041 3240 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] C:\Windows\System32\drivers\srvnet.sys
    16:02:54.0041 3240 C:\Windows\System32\drivers\srvnet.sys - ok
    16:02:54.0041 3240 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] C:\Windows\System32\wiaservc.dll
    16:02:54.0041 3240 C:\Windows\System32\wiaservc.dll - ok
    16:02:54.0056 3240 [ 76D078AF6F587B162D50210F761EB9ED ] C:\Windows\System32\drivers\tcpipreg.sys
    16:02:54.0056 3240 C:\Windows\System32\drivers\tcpipreg.sys - ok
    16:02:54.0072 3240 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
    16:02:54.0072 3240 C:\Windows\System32\wiatrace.dll - ok
    16:02:54.0087 3240 [ 3C1284516A62078FB68F768DE4F1A7BE ] C:\Windows\System32\sysmain.dll
    16:02:54.0087 3240 C:\Windows\System32\sysmain.dll - ok
    16:02:54.0087 3240 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
    16:02:54.0087 3240 C:\Windows\System32\trkwks.dll - ok
    16:02:54.0103 3240 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    16:02:54.0103 3240 C:\Program Files\Acer\Acer Updater\UpdaterService.exe - ok
    16:02:54.0119 3240 [ 28FAFE145206267159B9283B96143E44 ] C:\Windows\System32\wsdchngr.dll
    16:02:54.0119 3240 C:\Windows\System32\wsdchngr.dll - ok
    16:02:54.0134 3240 [ C2E0788F9B6E0EC7D63444115EF76283 ] C:\Windows\System32\BrWi211a.dll
    16:02:54.0134 3240 C:\Windows\System32\BrWi211a.dll - ok
    16:02:54.0134 3240 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\SysWOW64\wtsapi32.dll
    16:02:54.0134 3240 C:\Windows\SysWOW64\wtsapi32.dll - ok
    16:02:54.0150 3240 [ DBB2E77039C6EAF240714BBF03220E98 ] C:\Windows\System32\BrNetSti.dll
    16:02:54.0150 3240 C:\Windows\System32\BrNetSti.dll - ok
    16:02:54.0165 3240 [ E3370E3143ED1FB77D356F688F2EBB2A ] C:\Windows\System32\BrSNMP64.dll
    16:02:54.0165 3240 C:\Windows\System32\BrSNMP64.dll - ok
    16:02:54.0165 3240 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
    16:02:54.0165 3240 C:\Windows\System32\wsock32.dll - ok
    16:02:54.0181 3240 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
    16:02:54.0181 3240 C:\Windows\System32\NapiNSP.dll - ok
    16:02:54.0197 3240 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
    16:02:54.0197 3240 C:\Windows\System32\winrnr.dll - ok
    16:02:54.0212 3240 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
    16:02:54.0212 3240 C:\Windows\System32\pnrpnsp.dll - ok
    16:02:54.0212 3240 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:02:54.0212 3240 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
    16:02:54.0228 3240 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
    16:02:54.0228 3240 C:\Windows\System32\wbem\WMIsvc.dll - ok
    16:02:54.0243 3240 [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll
    16:02:54.0243 3240 C:\Windows\System32\wbemcomn.dll - ok
    16:02:54.0243 3240 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
    16:02:54.0243 3240 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
    16:02:54.0259 3240 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
    16:02:54.0259 3240 C:\Windows\System32\SensApi.dll - ok
    16:02:54.0275 3240 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
    16:02:54.0275 3240 C:\Windows\System32\wer.dll - ok
    16:02:54.0290 3240 [ F8E058D17363EC580E4B7232778B6CB5 ] C:\Windows\System32\iphlpsvc.dll
    16:02:54.0290 3240 C:\Windows\System32\iphlpsvc.dll - ok
    16:02:54.0290 3240 [ 461EABB62F1827B965F508092160EDDC ] C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    16:02:54.0290 3240 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe - ok
    16:02:54.0306 3240 [ 48A6CA43A5C921C465F70D9B42B3EF1A ] C:\Windows\System32\sqmapi.dll
    16:02:54.0306 3240 C:\Windows\System32\sqmapi.dll - ok
    16:02:54.0321 3240 [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll
    16:02:54.0321 3240 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
    16:02:54.0337 3240 [ A6B87A19BAC41A9DF39B57034F6AE6D6 ] C:\Program Files\Common Files\McAfee\SystemCore\lockdown.dll
    16:02:54.0337 3240 C:\Program Files\Common Files\McAfee\SystemCore\lockdown.dll - ok
    16:02:54.0337 3240 [ 295657F93F6B19DEEA804048E1CB4FF9 ] C:\Windows\System32\lz32.dll
    16:02:54.0337 3240 C:\Windows\System32\lz32.dll - ok
    16:02:54.0353 3240 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
    16:02:54.0353 3240 C:\Windows\System32\wdscore.dll - ok
    16:02:54.0368 3240 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
    16:02:54.0368 3240 C:\Windows\System32\wbem\fastprox.dll - ok
    16:02:54.0368 3240 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
    16:02:54.0368 3240 C:\Windows\System32\ntdsapi.dll - ok
    16:02:54.0384 3240 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
    16:02:54.0384 3240 C:\Windows\System32\wbem\WinMgmtR.dll - ok
    16:02:54.0399 3240 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
    16:02:54.0399 3240 C:\Windows\System32\wbem\wbemprox.dll - ok
    16:02:54.0415 3240 [ 88194A4C78F592F63897BE4E4ACD3DBE ] C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll
    16:02:54.0415 3240 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll - ok
    16:02:54.0415 3240 [ 29FA77957D08833DEB17D19CD7794E4F ] C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll
    16:02:54.0415 3240 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll - ok
    16:02:54.0431 3240 [ 66C5255881F6F37F5CB22B9C9C777662 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    16:02:54.0431 3240 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
    16:02:54.0446 3240 [ 61B2873C02ECBF86CD6455A40F24CE33 ] C:\Windows\System32\msxml3.dll
    16:02:54.0446 3240 C:\Windows\System32\msxml3.dll - ok
    16:02:54.0462 3240 [ 46C8C45001D251F77DF301EBF94C1664 ] C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll
    16:02:54.0462 3240 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll - ok
    16:02:54.0462 3240 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
    16:02:54.0462 3240 C:\Windows\System32\shfolder.dll - ok
    16:02:54.0477 3240 [ 6E03C9E362389A768E6C240933352D11 ] C:\Windows\System32\nci.dll
    16:02:54.0477 3240 C:\Windows\System32\nci.dll - ok
    16:02:54.0493 3240 [ 2F1DEA6D10A1EA87562098977320FCA3 ] C:\Program Files\Common Files\McAfee\SystemCore\mcshield.dll
    16:02:54.0493 3240 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.dll - ok
    16:02:54.0493 3240 [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll
    16:02:54.0493 3240 C:\Windows\System32\wbem\wbemcore.dll - ok
    16:02:54.0509 3240 [ 6EF27C4B3D895A731DAA3055EBB6594C ] C:\Program Files\Common Files\McAfee\SystemCore\ftl.dll
    16:02:54.0509 3240 C:\Program Files\Common Files\McAfee\SystemCore\ftl.dll - ok
    16:02:54.0524 3240 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    16:02:54.0524 3240 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
    16:02:54.0540 3240 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
    16:02:54.0540 3240 C:\Windows\System32\wbem\esscli.dll - ok
    16:02:54.0540 3240 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
    16:02:54.0540 3240 C:\Windows\System32\dssenh.dll - ok
    16:02:54.0555 3240 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
    16:02:54.0555 3240 C:\Windows\System32\wbem\wbemsvc.dll - ok
    16:02:54.0571 3240 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
    16:02:54.0571 3240 C:\Windows\System32\hnetcfg.dll - ok
    16:02:54.0571 3240 [ DD92E94E265864306377F091B100D0D0 ] C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    16:02:54.0571 3240 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe - ok
    16:02:54.0587 3240 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
    16:02:54.0587 3240 C:\Windows\System32\wbem\wmiutils.dll - ok
    16:02:54.0602 3240 [ 065FA0AA551A7EA4E536EAA3735DF432 ] C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll
    16:02:54.0602 3240 C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll - ok
    16:02:54.0618 3240 [ 19A891CE707E8B4E5CCAB18C57B492FC ] C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll
    16:02:54.0618 3240 C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll - ok
    16:02:54.0633 3240 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
    16:02:54.0633 3240 C:\Windows\System32\wbem\repdrvfs.dll - ok
    16:02:54.0633 3240 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] C:\Windows\System32\drivers\srv2.sys
    16:02:54.0633 3240 C:\Windows\System32\drivers\srv2.sys - ok
    16:02:54.0649 3240 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] C:\Windows\System32\drivers\srv.sys
    16:02:54.0649 3240 C:\Windows\System32\drivers\srv.sys - ok
    16:02:54.0665 3240 [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll
    16:02:54.0665 3240 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
    16:02:54.0665 3240 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
    16:02:54.0665 3240 C:\Windows\System32\ncobjapi.dll - ok
    16:02:54.0680 3240 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
    16:02:54.0680 3240 C:\Windows\System32\wbem\wbemess.dll - ok
    16:02:54.0696 3240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
    16:02:54.0696 3240 C:\Windows\System32\netprofm.dll - ok
    16:02:54.0696 3240 [ 6B054C67AAA87843504E8E3C09102009 ] C:\Windows\System32\browser.dll
    16:02:54.0696 3240 C:\Windows\System32\browser.dll - ok
    16:02:54.0711 3240 [ 81F1D04D4D0E433099365127375FD501 ] C:\Windows\System32\srvsvc.dll
    16:02:54.0711 3240 C:\Windows\System32\srvsvc.dll - ok
    16:02:54.0727 3240 [ 458A013DF72EAAB91877FA03533E2C8B ] C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:02:54.0727 3240 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe - ok
    16:02:54.0743 3240 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
    16:02:54.0743 3240 C:\Windows\System32\netmsg.dll - ok
    16:02:54.0743 3240 [ 4EAE37133B78A26A84EA1649D9B21A1E ] C:\Windows\System32\clusapi.dll
    16:02:54.0743 3240 C:\Windows\System32\clusapi.dll - ok
    16:02:54.0758 3240 [ 836892094209E5D9CF403B4CF2829B5C ] C:\Windows\System32\sscore.dll
    16:02:54.0758 3240 C:\Windows\System32\sscore.dll - ok
    16:02:54.0774 3240 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
    16:02:54.0774 3240 C:\Windows\System32\resutils.dll - ok
    16:02:54.0774 3240 [ 2FBCFEB2727582AA884728E65231A847 ] C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll
    16:02:54.0774 3240 C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll - ok
    16:02:54.0789 3240 [ 4351ABC17C97BE34AD7083AF919CF53E ] C:\Program Files\McAfee\VirusScan\Engine\5400.1158\mscan64a.dll
    16:02:54.0789 3240 C:\Program Files\McAfee\VirusScan\Engine\5400.1158\mscan64a.dll - ok
    16:02:54.0805 3240 [ A99A83D0E270F45545BC61CBBD81F32A ] C:\PROGRA~1\McAfee\MPF\MpfSvc.dll
    16:02:54.0805 3240 C:\PROGRA~1\McAfee\MPF\MpfSvc.dll - ok
    16:02:54.0821 3240 [ C700B2A7F34434B5AA7BACE9B9F0DAA2 ] C:\Program Files\Common Files\McAfee\McProxy\McProxy.dll
    16:02:54.0821 3240 C:\Program Files\Common Files\McAfee\McProxy\McProxy.dll - ok
    16:02:54.0836 3240 [ 8605FED9E6271AD3DAB6022EF3752043 ] C:\PROGRA~1\McAfee\MSK\msksrvr.dll
    16:02:54.0836 3240 C:\PROGRA~1\McAfee\MSK\msksrvr.dll - ok
    16:02:54.0836 3240 [ 4210F9B5FF8D47148B2255C73AE99955 ] C:\Program Files\Common Files\McAfee\MSC\McRTMui.dll
    16:02:54.0836 3240 C:\Program Files\Common Files\McAfee\MSC\McRTMui.dll - ok
    16:02:54.0852 3240 [ CC09572AD22A433CB6C3F0C35488B40A ] C:\PROGRA~1\McAfee\MSK\mskengn.dll
    16:02:54.0852 3240 C:\PROGRA~1\McAfee\MSK\mskengn.dll - ok
    16:02:54.0867 3240 [ E017D9F1DA62E25678F90C62FAEE1787 ] C:\PROGRA~1\McAfee\MSK\mskupd.dll
    16:02:54.0867 3240 C:\PROGRA~1\McAfee\MSK\mskupd.dll - ok
    16:02:54.0883 3240 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
    16:02:54.0883 3240 C:\Windows\System32\ndiscapCfg.dll - ok
    16:02:54.0883 3240 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
    16:02:54.0883 3240 C:\Windows\System32\rascfg.dll - ok
    16:02:54.0899 3240 [ F3716F111165FF5E5D3E18CAEDBA4151 ] C:\PROGRA~1\McAfee\MSK\mskwm.dll
    16:02:54.0899 3240 C:\PROGRA~1\McAfee\MSK\mskwm.dll - ok
    16:02:54.0914 3240 [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll
    16:02:54.0914 3240 C:\Windows\System32\mprapi.dll - ok
    16:02:54.0914 3240 [ 7F0C02C5077B5563DF4A41049A366688 ] C:\PROGRA~1\McAfee\MSK\mskxaif.dll
    16:02:54.0914 3240 C:\PROGRA~1\McAfee\MSK\mskxaif.dll - ok
    16:02:54.0930 3240 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
    16:02:54.0930 3240 C:\Windows\System32\mprmsg.dll - ok
    16:02:54.0945 3240 [ 3A021D606DD423ACFAAC2EEE0FD1429E ] C:\PROGRA~1\McAfee\MSC\mclwapi.dll
    16:02:54.0945 3240 C:\PROGRA~1\McAfee\MSC\mclwapi.dll - ok
    16:02:54.0945 3240 [ 1FCD619D8542A248D4E1FF72FFB0E56B ] C:\Windows\System32\tcpipcfg.dll
    16:02:54.0945 3240 C:\Windows\System32\tcpipcfg.dll - ok
    16:02:54.0961 3240 [ 07AF368A38104180B3FE66C38699A9C9 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\10_5_1~1\mcutil.dll
    16:02:54.0961 3240 C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\10_5_1~1\mcutil.dll - ok
    16:02:54.0977 3240 [ 0F1085DB4B278019B46E673E709784D5 ] C:\PROGRA~1\McAfee\MPS\mps.dll
    16:02:54.0977 3240 C:\PROGRA~1\McAfee\MPS\mps.dll - ok
    16:02:54.0992 3240 [ 0EC35BBCB20B961BFA28D1EADB6FB3AE ] C:\PROGRA~1\McAfee\MPS\sa_cache_sqlite.dll
    16:02:54.0992 3240 C:\PROGRA~1\McAfee\MPS\sa_cache_sqlite.dll - ok
    16:02:54.0992 3240 [ 5914CB0B7FD581B99A931A8AA58B34D1 ] C:\PROGRA~1\McAfee\MPS\sqlite3.dll
    16:02:54.0992 3240 C:\PROGRA~1\McAfee\MPS\sqlite3.dll - ok
    16:02:55.0008 3240 [ 17D48E711E661179957791A4D7AB8EF7 ] C:\PROGRA~1\McAfee\MPS\sacore.dll
    16:02:55.0008 3240 C:\PROGRA~1\McAfee\MPS\sacore.dll - ok
    16:02:55.0023 3240 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
    16:02:55.0023 3240 C:\Windows\System32\npmproxy.dll - ok
    16:02:55.0039 3240 [ 3074B6A51A83D074D436616C97A05CAA ] C:\PROGRA~1\McAfee\MPS\sa_http_win32.dll
    16:02:55.0039 3240 C:\PROGRA~1\McAfee\MPS\sa_http_win32.dll - ok
    16:02:55.0039 3240 [ 7395E62AE485DD94A2B252EE0B1A0DAF ] C:\PROGRA~1\McAfee\MPS\sa_store_sqlite.dll
    16:02:55.0039 3240 C:\PROGRA~1\McAfee\MPS\sa_store_sqlite.dll - ok
    16:02:55.0055 3240 [ D891293880F2F00AB7BA959910300EF7 ] C:\Windows\System32\diagperf.dll
    16:02:55.0055 3240 C:\Windows\System32\diagperf.dll - ok
    16:02:55.0070 3240 [ 96425CF3A7F481D4C7BB56DEACB28F43 ] C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll
    16:02:55.0070 3240 C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll - ok
    16:02:55.0070 3240 [ D065BE66822847B7F127D1F90158376E ] C:\Windows\System32\appinfo.dll
    16:02:55.0070 3240 C:\Windows\System32\appinfo.dll - ok
    16:02:55.0086 3240 [ 6764549F7841178E2E57B468CB9BB26C ] C:\PROGRA~1\McAfee\MPS\mpscfg.dll
    16:02:55.0086 3240 C:\PROGRA~1\McAfee\MPS\mpscfg.dll - ok
    16:02:55.0101 3240 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
    16:02:55.0101 3240 C:\Windows\System32\perftrack.dll - ok
    16:02:55.0117 3240 [ 2E57DDF2880A7E52E76F41C7E96D327B ] C:\Windows\System32\wpdbusenum.dll
    16:02:55.0117 3240 C:\Windows\System32\wpdbusenum.dll - ok
    16:02:55.0117 3240 [ 267D210894FED57D774796A118B6E232 ] C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll
    16:02:55.0117 3240 C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll - ok
    16:02:55.0133 3240 [ 4DC4A87C1899A98B235B6BD6A8F463A5 ] C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll
    16:02:55.0133 3240 C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll - ok
    16:02:55.0148 3240 [ F61584CA3218AD9074BFD50D4691D030 ] C:\PROGRA~1\McAfee\MPS\mpsevh.dll
    16:02:55.0148 3240 C:\PROGRA~1\McAfee\MPS\mpsevh.dll - ok
    16:02:55.0164 3240 [ ACBD1A564FFAF1ACACA639B9CF8419E1 ] C:\PROGRA~1\McAfee\MPS\MPSMisp.dll
    16:02:55.0164 3240 C:\PROGRA~1\McAfee\MPS\MPSMisp.dll - ok
    16:02:55.0164 3240 [ 973F83DB4F2C132C2B26F5DD760DAA89 ] C:\PROGRA~1\McAfee\MPF\MpfEvt.dll
    16:02:55.0164 3240 C:\PROGRA~1\McAfee\MPF\MpfEvt.dll - ok
    16:02:55.0179 3240 [ 5DA7D8934F7AB0884A6A8FC02E8B2AA7 ] C:\Windows\System32\PortableDeviceApi.dll
    16:02:55.0179 3240 C:\Windows\System32\PortableDeviceApi.dll - ok
    16:02:55.0195 3240 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] C:\Windows\System32\IPSECSVC.DLL
    16:02:55.0195 3240 C:\Windows\System32\IPSECSVC.DLL - ok
    16:02:55.0195 3240 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
    16:02:55.0195 3240 C:\Windows\System32\FwRemoteSvr.dll - ok
    16:02:55.0211 3240 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
    16:02:55.0211 3240 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
    16:02:55.0226 3240 [ 295BBA63A8DAC0691E950328B687D670 ] C:\PROGRA~1\McAfee\MSC\mcmscsub.dll
    16:02:55.0226 3240 C:\PROGRA~1\McAfee\MSC\mcmscsub.dll - ok
    16:02:55.0242 3240 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
    16:02:55.0242 3240 C:\Windows\System32\pnpts.dll - ok
    16:02:55.0242 3240 [ CDF764499A5F51FC11E392070692ECAC ] C:\Program Files\Common Files\McAfee\MSC\LangSel.dll
    16:02:55.0242 3240 C:\Program Files\Common Files\McAfee\MSC\LangSel.dll - ok
    16:02:55.0257 3240 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
    16:02:55.0257 3240 C:\Windows\System32\radardt.dll - ok
    16:02:55.0273 3240 [ 65AF044B5570D355124DCD1E099AA98F ] C:\Windows\System32\wdiasqmmodule.dll
    16:02:55.0273 3240 C:\Windows\System32\wdiasqmmodule.dll - ok
    16:02:55.0273 3240 [ 2CDF92E2B87D80F76206359B0CE7C78C ] C:\PROGRA~1\McAfee\MSC\mcregobj\10_5_1~1\mcregobj.dll
    16:02:55.0273 3240 C:\PROGRA~1\McAfee\MSC\mcregobj\10_5_1~1\mcregobj.dll - ok
    16:02:55.0289 3240 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
    16:02:55.0289 3240 C:\Windows\System32\Apphlpdm.dll - ok
    16:02:55.0304 3240 [ 77DC3E63D5821D4473FF7F90DC99EBE2 ] C:\Program Files\McAfee\MPF\L10N.dll
    16:02:55.0304 3240 C:\Program Files\McAfee\MPF\L10N.dll - ok
    16:02:55.0320 3240 [ D0933BF46E3825B04748163A279F5E3B ] C:\Program Files\McAfee\MSC\mcoemres.dll
    16:02:55.0320 3240 C:\Program Files\McAfee\MSC\mcoemres.dll - ok
    16:02:55.0320 3240 [ 6A01B607F5233B0B1177DD78B02B768C ] C:\Program Files\McAfee\MSC\oemui.dll
    16:02:55.0320 3240 C:\Program Files\McAfee\MSC\oemui.dll - ok
    16:02:55.0335 3240 [ 5FDB51234D8ECB6C0D9F2FA6D6A88618 ] C:\Program Files\McAfee\MSC\mcprlres.dll
    16:02:55.0335 3240 C:\Program Files\McAfee\MSC\mcprlres.dll - ok
    16:02:55.0351 3240 [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll
    16:02:55.0351 3240 C:\Windows\System32\actxprxy.dll - ok
    16:02:55.0367 3240 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
    16:02:55.0367 3240 C:\Windows\System32\linkinfo.dll - ok
    16:02:55.0367 3240 [ 68F186EC8C81A3991EC797C0811D4F8C ] C:\Program Files\McAfee.com\Agent\mcagent.exe
    16:02:55.0367 3240 C:\Program Files\McAfee.com\Agent\mcagent.exe - ok
    16:02:55.0382 3240 [ 3561BBCC2A913F662360B2290346604C ] C:\PROGRA~1\COMMON~1\McAfee\Core\mccoreps.dll
    16:02:55.0382 3240 C:\PROGRA~1\COMMON~1\McAfee\Core\mccoreps.dll - ok
    16:02:55.0398 3240 [ 3E6F9CC268018323B9AD0FE0FC8D7D46 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll
    16:02:55.0398 3240 C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll - ok
    16:02:55.0398 3240 [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe
    16:02:55.0398 3240 C:\Windows\System32\runonce.exe - ok
    16:02:55.0413 3240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
    16:02:55.0413 3240 C:\Windows\System32\aelupsvc.dll - ok
    16:02:55.0429 3240 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe
    16:02:55.0429 3240 C:\Windows\SysWOW64\runonce.exe - ok
    16:02:55.0429 3240 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    16:02:55.0429 3240 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
    16:02:55.0445 3240 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll
    16:02:55.0445 3240 C:\Windows\SysWOW64\propsys.dll - ok
    16:02:55.0460 3240 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll
    16:02:55.0460 3240 C:\Windows\SysWOW64\setupapi.dll - ok
    16:02:55.0476 3240 [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll
    16:02:55.0476 3240 C:\Windows\SysWOW64\cfgmgr32.dll - ok
    16:02:55.0476 3240 [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll
    16:02:55.0476 3240 C:\Windows\SysWOW64\devobj.dll - ok
    16:02:55.0491 3240 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
    16:02:55.0491 3240 C:\Windows\SysWOW64\ntmarta.dll - ok
    16:02:55.0507 3240 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll
    16:02:55.0507 3240 C:\Windows\SysWOW64\Wldap32.dll - ok
    16:02:55.0523 3240 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\SysWOW64\cmd.exe
    16:02:55.0523 3240 C:\Windows\SysWOW64\cmd.exe - ok
    16:02:55.0523 3240 [ 7EB88F63D424832B774E24458DCE2049 ] C:\Windows\System32\conhost.exe
    16:02:55.0523 3240 C:\Windows\System32\conhost.exe - ok
    16:02:55.0538 3240 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
    16:02:55.0538 3240 C:\Windows\SysWOW64\winbrand.dll - ok
    16:02:55.0554 3240 [ 7092950A5BBB27FD17150D881CA6DE7C ] C:\Windows\SysWOW64\ieframe.dll
    16:02:55.0554 3240 C:\Windows\SysWOW64\ieframe.dll - ok
    16:02:55.0554 3240 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll
    16:02:55.0554 3240 C:\Windows\SysWOW64\oleacc.dll - ok
    16:02:55.0569 3240 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\SysWOW64\shdocvw.dll
    16:02:55.0569 3240 C:\Windows\SysWOW64\shdocvw.dll - ok
    16:02:55.0585 3240 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\miranda\AppData\Local\Temp\4030F6D4-C6D3-463C-B519-2E116893D183.exe
    16:02:55.0585 3240 C:\Users\miranda\AppData\Local\Temp\4030F6D4-C6D3-463C-B519-2E116893D183.exe - ok
    16:02:55.0601 3240 [ 5BBF32865EB3D66988C6E06834EC2675 ] C:\Windows\SysWOW64\ncrypt.dll
    16:02:55.0601 3240 C:\Windows\SysWOW64\ncrypt.dll - ok
    16:02:55.0601 3240 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
    16:02:55.0601 3240 C:\Windows\SysWOW64\bcrypt.dll - ok
    16:02:55.0616 3240 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
    16:02:55.0616 3240 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
    16:02:55.0632 3240 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
    16:02:55.0632 3240 C:\Windows\SysWOW64\gpapi.dll - ok
    16:02:55.0632 3240 [ 1F778C34C751E1B585E4FC66659BA904 ] C:\Windows\SysWOW64\cryptnet.dll
    16:02:55.0632 3240 C:\Windows\SysWOW64\cryptnet.dll - ok
    16:02:55.0647 3240 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
    16:02:55.0647 3240 C:\Windows\SysWOW64\SensApi.dll - ok
    16:02:55.0663 3240 [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\SysWOW64\winhttp.dll
    16:02:55.0663 3240 C:\Windows\SysWOW64\winhttp.dll - ok
    16:02:55.0663 3240 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\SysWOW64\webio.dll
    16:02:55.0679 3240 C:\Windows\SysWOW64\webio.dll - ok
    16:02:55.0679 3240 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll
    16:02:55.0679 3240 C:\Windows\SysWOW64\credssp.dll - ok
    16:02:55.0694 3240 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
    16:02:55.0694 3240 C:\Windows\SysWOW64\wship6.dll - ok
    16:02:55.0710 3240 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
    16:02:55.0710 3240 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
    16:02:55.0710 3240 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
    16:02:55.0710 3240 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
    16:02:55.0725 3240 [ E7DB3615F794C5D5A75380FA6C4659F7 ] C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll
    16:02:55.0725 3240 C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll - ok
    16:02:55.0741 3240 [ C1556CA9695FCD6BBD23D75D402FD43D ] C:\Windows\System32\drivers\mfeapfk.sys
    16:02:55.0741 3240 C:\Windows\System32\drivers\mfeapfk.sys - ok
    16:02:55.0757 3240 [ 2CEFF13ACE25A40BD8D97654944297CD ] C:\Windows\svchost.exe
    16:02:55.0757 3240 C:\Windows\svchost.exe - ok
    16:02:55.0757 3240 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
    16:02:55.0757 3240 C:\Windows\SysWOW64\dsound.dll - ok
    16:02:55.0772 3240 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
    16:02:55.0772 3240 C:\Windows\SysWOW64\powrprof.dll - ok
    16:02:55.0788 3240 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\SysWOW64\WindowsCodecs.dll
    16:02:55.0788 3240 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
    16:02:55.0788 3240 [ D872846AC2DE73FAF747315B416F80EA ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    16:02:55.0788 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll - ok
    16:02:55.0819 3240 [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\SysWOW64\dbghelp.dll
    16:02:55.0819 3240 C:\Windows\SysWOW64\dbghelp.dll - ok
    16:02:55.0819 3240 [ E02C9CDB15F13DE4EB2FF67660E62317 ] C:\Windows\System32\drivers\cfwids.sys
    16:02:55.0819 3240 C:\Windows\System32\drivers\cfwids.sys - ok
    16:02:55.0835 3240 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
    16:02:55.0835 3240 C:\Windows\SysWOW64\EhStorShell.dll - ok
    16:02:55.0850 3240 [ 9141FE8D904CE682A3BDCFAE96BB04EF ] C:\Windows\SysWOW64\ntshrui.dll
    16:02:55.0850 3240 C:\Windows\SysWOW64\ntshrui.dll - ok
    16:02:55.0850 3240 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\SysWOW64\cscapi.dll
    16:02:55.0850 3240 C:\Windows\SysWOW64\cscapi.dll - ok
    16:02:55.0866 3240 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
    16:02:55.0866 3240 C:\Windows\SysWOW64\slc.dll - ok
    16:02:55.0881 3240 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
    16:02:55.0881 3240 C:\Windows\SysWOW64\imageres.dll - ok
    16:02:55.0897 3240 [ 7CCFE89282CE35C0874BE036A84C6F43 ] C:\PROGRA~1\McAfee\MSC\McGsShm.dll
    16:02:55.0897 3240 C:\PROGRA~1\McAfee\MSC\McGsShm.dll - ok
    16:02:55.0897 3240 [ D4B3761486BEEF4FF5240AB0954E7096 ] C:\PROGRA~1\COMMON~1\McAfee\NMC\McMPFEvt.dll
    16:02:55.0897 3240 C:\PROGRA~1\COMMON~1\McAfee\NMC\McMPFEvt.dll - ok
    16:02:55.0913 3240 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
    16:02:55.0913 3240 C:\Windows\System32\dimsjob.dll - ok
    16:02:55.0928 3240 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
    16:02:55.0928 3240 C:\Windows\System32\pautoenr.dll - ok
    16:02:55.0928 3240 [ AAA6D0DF7356BBA706BD67385A103AAB ] C:\Windows\System32\certcli.dll
    16:02:55.0928 3240 C:\Windows\System32\certcli.dll - ok
    16:02:55.0944 3240 [ 522BD073F617060AFCB9CC5707778DB1 ] C:\Windows\System32\CertEnroll.dll
    16:02:55.0944 3240 C:\Windows\System32\CertEnroll.dll - ok
    16:02:55.0959 3240 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
    16:02:55.0959 3240 C:\Windows\SysWOW64\sfc.dll - ok
    16:02:55.0975 3240 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
    16:02:55.0975 3240 C:\Windows\SysWOW64\sfc_os.dll - ok
    16:02:55.0975 3240 [ 11CDF138552BFEC115B60ED6DC3ACEB6 ] C:\Windows\SysWOW64\devrtl.dll
    16:02:55.0975 3240 C:\Windows\SysWOW64\devrtl.dll - ok
    16:02:55.0991 3240 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\SysWOW64\sxs.dll
    16:02:55.0991 3240 C:\Windows\SysWOW64\sxs.dll - ok
    16:02:56.0006 3240 [ 9347245C196A5373A2F01D774B16F7C3 ] C:\Windows\System32\iedkcs32.dll
    16:02:56.0006 3240 C:\Windows\System32\iedkcs32.dll - ok
    16:02:56.0006 3240 [ 6D220604AA4240303DD8DEAEAB428377 ] C:\Windows\System32\ie4uinit.exe
    16:02:56.0006 3240 C:\Windows\System32\ie4uinit.exe - ok
    16:02:56.0022 3240 [ 18245DC72B65D488A8B2D75A8FE088EA ] C:\Windows\System32\timedate.cpl
    16:02:56.0022 3240 C:\Windows\System32\timedate.cpl - ok
    16:02:56.0037 3240 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
    16:02:56.0037 3240 C:\Windows\SysWOW64\rasapi32.dll - ok
    16:02:56.0053 3240 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
    16:02:56.0053 3240 C:\Windows\SysWOW64\rasman.dll - ok
    16:02:56.0053 3240 [ 406F7B9C71B99872670EE9A8D52E2FE5 ] C:\Windows\SysWOW64\rtutils.dll
    16:02:56.0053 3240 C:\Windows\SysWOW64\rtutils.dll - ok
    16:02:56.0069 3240 [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll
    16:02:56.0069 3240 C:\Windows\System32\shdocvw.dll - ok
    16:02:56.0084 3240 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
    16:02:56.0084 3240 C:\Windows\SysWOW64\netprofm.dll - ok
    16:02:56.0100 3240 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
    16:02:56.0100 3240 C:\Windows\SysWOW64\npmproxy.dll - ok
    16:02:56.0100 3240 [ C91FABAA63C489C874B97A19906E901C ] C:\Windows\System32\gameux.dll
    16:02:56.0100 3240 C:\Windows\System32\gameux.dll - ok
    16:02:56.0115 3240 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
    16:02:56.0115 3240 C:\Windows\System32\msiltcfg.dll - ok
    16:02:56.0131 3240 [ 599EBE6C7EA52B5FF9603F203E8EC080 ] C:\Windows\System32\msi.dll
    16:02:56.0131 3240 C:\Windows\System32\msi.dll - ok
    16:02:56.0131 3240 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\59503809.sys
    16:02:56.0131 3240 C:\Windows\System32\drivers\59503809.sys - ok
    16:02:56.0147 3240 [ F1317678AC2FBA9F640279290B2E2988 ] C:\Windows\SysWOW64\msi.dll
    16:02:56.0147 3240 C:\Windows\SysWOW64\msi.dll - ok
    16:02:56.0162 3240 [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll
    16:02:56.0162 3240 C:\Windows\System32\msftedit.dll - ok
    16:02:56.0162 3240 [ 7CB3ACB163DE051169095DC6507B8977 ] C:\Windows\System32\msls31.dll
    16:02:56.0162 3240 C:\Windows\System32\msls31.dll - ok
    16:02:56.0178 3240 [ 17A7998CB5DA92020A291B85FF7B3681 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
    16:02:56.0178 3240 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
    16:02:56.0193 3240 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
    16:02:56.0193 3240 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
    16:02:56.0209 3240 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
    16:02:56.0209 3240 C:\Windows\SysWOW64\riched20.dll - ok
    16:02:56.0209 3240 [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll
    16:02:56.0209 3240 C:\Windows\System32\DeviceCenter.dll - ok
    16:02:56.0225 3240 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll
    16:02:56.0225 3240 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
    16:02:56.0240 3240 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
    16:02:56.0240 3240 C:\Windows\SysWOW64\duser.dll - ok
    16:02:56.0240 3240 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
    16:02:56.0240 3240 C:\Windows\SysWOW64\dui70.dll - ok
    16:02:56.0256 3240 [ 7A18F940800B69EDB663B87911A7CAE7 ] C:\Windows\System32\ieframe.dll
    16:02:56.0256 3240 C:\Windows\System32\ieframe.dll - ok
    16:02:56.0271 3240 [ 49928B5D30C5924BB3A385204030C7B9 ] C:\Windows\SysWOW64\mshtml.dll
    16:02:56.0271 3240 C:\Windows\SysWOW64\mshtml.dll - ok
    16:02:56.0287 3240 [ 910AFE116ADE17C93E892C38452075F9 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    16:02:56.0287 3240 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
    16:02:56.0287 3240 [ 0C4F4CFFA3A613D175BB25728514C0C4 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    16:02:56.0287 3240 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe - ok
    16:02:56.0303 3240 [ 142F26F396CC3E9699360C06B7A73E5C ] C:\Program Files\Acer\Acer ePower Management\BrightnessControl.dll
    16:02:56.0303 3240 C:\Program Files\Acer\Acer ePower Management\BrightnessControl.dll - ok
    16:02:56.0318 3240 [ 26025A46FB3FDB40FF06BBF1834093B5 ] C:\Windows\SysWOW64\msls31.dll
    16:02:56.0318 3240 C:\Windows\SysWOW64\msls31.dll - ok
    16:02:56.0334 3240 [ B2742EA6ED844D747E2348A504E491CB ] C:\Windows\System32\dxva2.dll
    16:02:56.0334 3240 C:\Windows\System32\dxva2.dll - ok
    16:02:56.0334 3240 [ 9AFC5B61FC366B95CB5D7DF0F28A42A0 ] C:\Program Files\Acer\Acer ePower Management\CommonControl.dll
    16:02:56.0334 3240 C:\Program Files\Acer\Acer ePower Management\CommonControl.dll - ok
    16:02:56.0349 3240 [ EAEB34D06AC35097031B0F11595012D7 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    16:02:56.0349 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe - ok
    16:02:56.0365 3240 [ F468C806267D46B68DB7EB32FBF0A103 ] C:\Windows\System32\thumbcache.dll
    16:02:56.0365 3240 C:\Windows\System32\thumbcache.dll - ok
    16:02:56.0365 3240 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
    16:02:56.0365 3240 C:\Windows\SysWOW64\mlang.dll - ok
    16:02:56.0381 3240 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
    16:02:56.0381 3240 C:\Windows\System32\dsound.dll - ok
    16:02:56.0396 3240 [ DCB210B91DF6CA6DA15815BFA5CF08D0 ] C:\Program Files\Acer\Acer ePower Management\NetAdapterControl.dll
    16:02:56.0396 3240 C:\Program Files\Acer\Acer ePower Management\NetAdapterControl.dll - ok
    16:02:56.0412 3240 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
    16:02:56.0412 3240 C:\Windows\System32\msimg32.dll - ok
    16:02:56.0412 3240 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
    16:02:56.0412 3240 C:\Windows\System32\wlanapi.dll - ok
    16:02:56.0427 3240 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
    16:02:56.0427 3240 C:\Windows\System32\oledlg.dll - ok
    16:02:56.0443 3240 [ FD217F6DDBB90D84A46B36E17E99CA0C ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    16:02:56.0443 3240 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
    16:02:56.0443 3240 [ 8BC7AE7E16458355508ECF5EC3A04E72 ] C:\Windows\System32\networkexplorer.dll
    16:02:56.0443 3240 C:\Windows\System32\networkexplorer.dll - ok
    16:02:56.0459 3240 [ 81D64E8D70E5FBF9F7ABF2D41154F54D ] C:\Windows\System32\AudioSes.dll
    16:02:56.0459 3240 C:\Windows\System32\AudioSes.dll - ok
    16:02:56.0474 3240 [ 29DEDCF40DD3137FD927DE4518DB737D ] C:\Windows\System32\RtkCfg64.dll
    16:02:56.0474 3240 C:\Windows\System32\RtkCfg64.dll - ok
    16:02:56.0490 3240 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
    16:02:56.0490 3240 C:\Windows\SysWOW64\msimtf.dll - ok
    16:02:56.0490 3240 [ 3A6C8001E421CE7794739510B5616AD1 ] C:\Windows\System32\RtkAPO64.dll
    16:02:56.0490 3240 C:\Windows\System32\RtkAPO64.dll - ok
    16:02:56.0505 3240 [ 02AD5FFCA28129974C28FD9920FD9A18 ] C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101130161414.dll
    16:02:56.0505 3240 C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101130161414.dll - ok
    16:02:56.0521 3240 [ 60CC15392FF14DCB9C29C69B3233741B ] C:\Windows\System32\stobject.dll
    16:02:56.0521 3240 C:\Windows\System32\stobject.dll - ok
    16:02:56.0521 3240 [ 521202AA6F2B74FCCC6BC7E162109D71 ] C:\Windows\System32\wbem\unsecapp.exe
    16:02:56.0521 3240 C:\Windows\System32\wbem\unsecapp.exe - ok
    16:02:56.0537 3240 [ 3CC1D7DB1DAA666215BC3E5AA02C213C ] C:\Windows\SysWOW64\jscript.dll
    16:02:56.0537 3240 C:\Windows\SysWOW64\jscript.dll - ok
    16:02:56.0552 3240 [ 86B6AC0FD2881B3D20B80F51C7152AE0 ] C:\Windows\System32\batmeter.dll
    16:02:56.0552 3240 C:\Windows\System32\batmeter.dll - ok
    16:02:56.0568 3240 [ AEA538848F2D3A7C7CF5DAF1967AB2C2 ] C:\Windows\SysWOW64\vbscript.dll
    16:02:56.0568 3240 C:\Windows\SysWOW64\vbscript.dll - ok
    16:02:56.0568 3240 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
    16:02:56.0568 3240 C:\Windows\System32\WMALFXGFXDSP.dll - ok
    16:02:56.0583 3240 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
    16:02:56.0583 3240 C:\Windows\System32\mfplat.dll - ok
    16:02:56.0599 3240 [ 6BF7676296D5359AFC135A5397000053 ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    16:02:56.0599 3240 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe - ok
    16:02:56.0599 3240 [ 27D2E3584786D384EA64F7FFF9E77C6F ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\ADMIN_CLASS_LIB.dll
    16:02:56.0599 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\ADMIN_CLASS_LIB.dll - ok
    16:02:56.0615 3240 [ 442AC4C12E0FA2575402A9C1E3D8B3C8 ] C:\Windows\System32\SynCOM.dll
    16:02:56.0615 3240 C:\Windows\System32\SynCOM.dll - ok
    16:02:56.0630 3240 [ C984A23C68995C5C9B6BADC8E60662FE ] C:\Windows\System32\SynTPAPI.dll
    16:02:56.0630 3240 C:\Windows\System32\SynTPAPI.dll - ok
    16:02:56.0646 3240 [ 30F9BACA07F8251D7DD1805A9E919CE0 ] C:\Windows\System32\wdmaud.drv
    16:02:56.0646 3240 C:\Windows\System32\wdmaud.drv - ok
    16:02:56.0646 3240 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
    16:02:56.0646 3240 C:\Windows\System32\ksuser.dll - ok
    16:02:56.0661 3240 [ C6BE59AE498497F78EC46DADB5335766 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    16:02:56.0661 3240 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
    16:02:56.0677 3240 [ AE3E9D5BA8D2FAB8B28537984D2A9D19 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\keyManager.dll
    16:02:56.0677 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\keyManager.dll - ok
    16:02:56.0677 3240 [ 87EB83715180EB3FF083B93E2630A53B ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDUtil.dll
    16:02:56.0677 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDUtil.dll - ok
    16:02:56.0693 3240 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
    16:02:56.0693 3240 C:\Windows\System32\msacm32.drv - ok
    16:02:56.0708 3240 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
    16:02:56.0708 3240 C:\Windows\System32\midimap.dll - ok
    16:02:56.0724 3240 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
    16:02:56.0724 3240 C:\Windows\System32\msacm32.dll - ok
    16:02:56.0724 3240 [ 466DCA4840F805C541A8652D9D05AF68 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
    16:02:56.0724 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll - ok
    16:02:56.0739 3240 [ 651F169718CC46C8A9264880C538D5FF ] C:\Windows\System32\prnfldr.dll
    16:02:56.0739 3240 C:\Windows\System32\prnfldr.dll - ok
    16:02:56.0755 3240 [ C723B02BA5BF788C9F91746BF37EACD9 ] C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    16:02:56.0755 3240 C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe - ok
    16:02:56.0755 3240 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
    16:02:56.0755 3240 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
    16:02:56.0771 3240 [ EF533F9D1E4F51C783D4349A7C3F518F ] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    16:02:56.0771 3240 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe - ok
    16:02:56.0786 3240 [ CE8F2697774D893FD15A01A599D52133 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlRecordUI.dll
    16:02:56.0786 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlRecordUI.dll - ok
    16:02:56.0802 3240 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
    16:02:56.0802 3240 C:\Windows\System32\AudioEng.dll - ok
    16:02:56.0817 3240 [ D32EE82DA63D39D337D5AEEA2928B1DE ] C:\Windows\System32\consent.exe
    16:02:56.0817 3240 C:\Windows\System32\consent.exe - ok
    16:02:56.0833 3240 [ EFC1C1429F6B7CC2DDDAC6304DE3AC44 ] C:\Program Files (x86)\EgisTec Egis Software Update\KernelController.dll
    16:02:56.0833 3240 C:\Program Files (x86)\EgisTec Egis Software Update\KernelController.dll - ok
    16:02:56.0833 3240 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
    16:02:56.0833 3240 C:\Windows\System32\AUDIOKSE.dll - ok
    16:02:56.0849 3240 [ 5D70631ED11867458E3D69A24C22DC64 ] C:\Program Files (x86)\Launch Manager\LManager.exe
    16:02:56.0849 3240 C:\Program Files (x86)\Launch Manager\LManager.exe - ok
    16:02:56.0864 3240 [ E7DAFBD84A004FB974F7F466AF71DB33 ] C:\Program Files (x86)\Common Files\EgisTec\LicenseCenterLibrary.dll
    16:02:56.0864 3240 C:\Program Files (x86)\Common Files\EgisTec\LicenseCenterLibrary.dll - ok
    16:02:56.0864 3240 [ E970929B7FC9CE646A78B5ECABAF9136 ] C:\ProgramData\FLEXnet\Connect\11\agent.exe
    16:02:56.0864 3240 C:\ProgramData\FLEXnet\Connect\11\agent.exe - ok
    16:02:56.0880 3240 [ 913C2E4A03201644FC986EDEB5F8A390 ] C:\Windows\System32\DXP.dll
    16:02:56.0880 3240 C:\Windows\System32\DXP.dll - ok
    16:02:56.0895 3240 [ 55C2BD40E76B4D0B984C79E567ED2DEF ] C:\Program Files\McAfee\MSK\MskSet64.dll
    16:02:56.0895 3240 C:\Program Files\McAfee\MSK\MskSet64.dll - ok
    16:02:56.0911 3240 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
    16:02:56.0911 3240 C:\Windows\System32\Syncreg.dll - ok
    16:02:56.0911 3240 [ 32078997AB5112AA23C5493BB273BA8A ] C:\Program Files (x86)\EgisTec Egis Software Update\UpdateModel.dll
    16:02:56.0911 3240 C:\Program Files (x86)\EgisTec Egis Software Update\UpdateModel.dll - ok
    16:02:56.0927 3240 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
    16:02:56.0927 3240 C:\Windows\ehome\ehSSO.dll - ok
    16:02:56.0942 3240 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
    16:02:56.0942 3240 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
    16:02:56.0958 3240 [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll
    16:02:56.0958 3240 C:\Windows\System32\netshell.dll - ok
    16:02:56.0973 3240 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
    16:02:56.0973 3240 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
    16:02:56.0973 3240 [ 462400256655B8DAE8DD8E33720481AF ] C:\Windows\SysWOW64\msxml3.dll
    16:02:56.0973 3240 C:\Windows\SysWOW64\msxml3.dll - ok
    16:02:56.0989 3240 [ E86B836D969CB42CA30A6DCCE37D167E ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlUI.dll
    16:02:56.0989 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlUI.dll - ok
    16:02:57.0005 3240 [ 770DF05455820D51C2BF08E92AA1834E ] C:\Windows\System32\Wpc.dll
    16:02:57.0005 3240 C:\Windows\System32\Wpc.dll - ok
    16:02:57.0020 3240 [ 17FE38CCBAADF58228A0A2F941205D70 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
    16:02:57.0020 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll - ok
    16:02:57.0036 3240 [ 0470997A5ADC2FCDDCB3461D92073FAA ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll
    16:02:57.0036 3240 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll - ok
    16:02:57.0036 3240 [ 64D757051B5B273E55C93E4503EA4F3E ] C:\Windows\System32\wbem\WmiPrvSE.exe
    16:02:57.0036 3240 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
    16:02:57.0051 3240 [ 2C64AF297F12582BD95D7D94C18E464C ] C:\Windows\System32\esent.dll
    16:02:57.0051 3240 C:\Windows\System32\esent.dll - ok
    16:02:57.0067 3240 [ 8BC00C736E67A75D936E5B440917359B ] C:\Windows\System32\ActionCenter.dll
    16:02:57.0067 3240 C:\Windows\System32\ActionCenter.dll - ok
    16:02:57.0083 3240 [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll
    16:02:57.0083 3240 C:\Windows\System32\WPDShServiceObj.dll - ok
    16:02:57.0083 3240 [ 8433A6EE8B0C85CF0F3CBB5F00E2C9EC ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\SYSTrayUI.dll
    16:02:57.0083 3240 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\SYSTrayUI.dll - ok
    16:02:57.0098 3240 [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\SysWOW64\winsta.dll
    16:02:57.0098 3240 C:\Windows\SysWOW64\winsta.dll - ok
    16:02:57.0114 3240 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
    16:02:57.0114 3240 C:\Windows\System32\FXSST.dll - ok
    16:02:57.0129 3240 [ 6CC10D9FD128069DBFE476222F097616 ] C:\Windows\SysWOW64\secur32.dll
    16:02:57.0129 3240 C:\Windows\SysWOW64\secur32.dll - ok
    16:02:57.0129 3240 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
    16:02:57.0129 3240 C:\Windows\System32\wbem\NCProv.dll - ok
    16:02:57.0145 3240 [ 34E6D8C67E7FD7C917BECFECA326B168 ] C:\Windows\System32\FXSAPI.dll
    16:02:57.0145 3240 C:\Windows\System32\FXSAPI.dll - ok
    16:02:57.0161 3240 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
    16:02:57.0161 3240 C:\Windows\System32\AltTab.dll - ok
    16:02:57.0176 3240 [ 8CD2A697B18069A62A035E756E51E934 ] C:\Windows\System32\SearchIndexer.exe
    16:02:57.0176 3240 C:\Windows\System32\SearchIndexer.exe - ok
    16:02:57.0192 3240 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
    16:02:57.0192 3240 C:\Windows\System32\PortableDeviceTypes.dll - ok
    16:02:57.0192 3240 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
    16:02:57.0192 3240 C:\Windows\System32\FXSRESM.dll - ok
    16:02:57.0207 3240 [ F8F532C7509C3238C9827BAE861A48D7 ] C:\Windows\System32\tquery.dll
    16:02:57.0207 3240 C:\Windows\System32\tquery.dll - ok
    16:02:57.0223 3240 [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll
    16:02:57.0223 3240 C:\Windows\System32\pnidui.dll - ok
    16:02:57.0239 3240 [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL
    16:02:57.0239 3240 C:\Windows\System32\QUTIL.DLL - ok
    16:02:57.0239 3240 [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll
    16:02:57.0239 3240 C:\Windows\System32\srchadmin.dll - ok
    16:02:57.0254 3240 [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl
    16:02:57.0254 3240 C:\Windows\System32\bthprops.cpl - ok
    16:02:57.0270 3240 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] C:\Windows\System32\FXSSVC.exe
    16:02:57.0270 3240 C:\Windows\System32\FXSSVC.exe - ok
    16:02:57.0285 3240 [ 031C6782F2D50336FC2C72F8D14A4C13 ] C:\Windows\System32\wbem\wmiprov.dll
    16:02:57.0285 3240 C:\Windows\System32\wbem\wmiprov.dll - ok
    16:02:57.0285 3240 [ BA4A19DE93FBDFE6DB5F0EBC99732A06 ] C:\Windows\System32\mssrch.dll
    16:02:57.0285 3240 C:\Windows\System32\mssrch.dll - ok
    16:02:57.0301 3240 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
    16:02:57.0301 3240 C:\Windows\System32\msidle.dll - ok
    16:02:57.0317 3240 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
    16:02:57.0317 3240 C:\Windows\System32\mssprxy.dll - ok
    16:02:57.0332 3240 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
    16:02:57.0332 3240 C:\Windows\SysWOW64\mssprxy.dll - ok
    16:02:57.0332 3240 [ A07F12FA297F3F074D496B333C259AFA ] C:\Program Files (x86)\Launch Manager\COMFNUTL.DLL
    16:02:57.0332 3240 C:\Program Files (x86)\Launch Manager\COMFNUTL.DLL - ok
    16:02:57.0348 3240 [ AEFCB6CA9364B6AEDF61BC6E3ACBCC46 ] C:\Program Files (x86)\Launch Manager\SZUPFUTL.DLL
    16:02:57.0348 3240 C:\Program Files (x86)\Launch Manager\SZUPFUTL.DLL - ok
    16:02:57.0363 3240 [ EF5C94E3EFC691D1EE862044505F6345 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    16:02:57.0363 3240 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
    16:02:57.0379 3240 [ 632A6D75FEEABC846EE9AEC33345EF34 ] C:\Program Files (x86)\Launch Manager\CDROMUTL.DLL
    16:02:57.0379 3240 C:\Program Files (x86)\Launch Manager\CDROMUTL.DLL - ok
    16:02:57.0395 3240 [ 24664D28CA73688C9F6B3BBF173B7962 ] C:\Program Files (x86)\Launch Manager\MIXERUTL.DLL
    16:02:57.0395 3240 C:\Program Files (x86)\Launch Manager\MIXERUTL.DLL - ok
    16:02:57.0410 3240 [ 13DEFDB5B9B4FD0C9079E6DAA8ADA2C0 ] C:\Program Files (x86)\Launch Manager\WND2FILE.DLL
    16:02:57.0410 3240 C:\Program Files (x86)\Launch Manager\WND2FILE.DLL - ok
    16:02:57.0410 3240 [ 71FC112959B07D686E71541BD9D4F237 ] C:\Program Files (x86)\Launch Manager\PowerUtl.dll
    16:02:57.0410 3240 C:\Program Files (x86)\Launch Manager\PowerUtl.dll - ok
    16:02:57.0426 3240 [ 28FD28A29C637C9AFEFE0A26E27C6DFE ] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    16:02:57.0426 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe - ok
    16:02:57.0441 3240 [ 88EB0AFBF4BF57A4701085DF29B75F2D ] C:\Program Files (x86)\Launch Manager\OSDUTL2.DLL
    16:02:57.0441 3240 C:\Program Files (x86)\Launch Manager\OSDUTL2.DLL - ok
    16:02:57.0457 3240 [ 05CD57EA1BD2FBEFE617B815487C2144 ] C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    16:02:57.0457 3240 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe - ok
    16:02:57.0457 3240 [ F8270CFD51F9D6BF42140FA4071C83FE ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe
    16:02:57.0457 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe - ok
    16:02:57.0473 3240 [ 19B2731AFB82729F8FF10B082CD609B3 ] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
    16:02:57.0473 3240 C:\Program Files (x86)\Acer\Acer Assist\launcher.exe - ok
    16:02:57.0488 3240 [ EC49C2FD8CB0CC0023FDBD3EB065EF77 ] C:\Program Files (x86)\Launch Manager\LGKCUTL.DLL
    16:02:57.0488 3240 C:\Program Files (x86)\Launch Manager\LGKCUTL.DLL - ok
    16:02:57.0504 3240 [ E8C3D3CC6C8754529BE59FBA15695A14 ] C:\Program Files (x86)\Launch Manager\NTKCUtl.dll
    16:02:57.0504 3240 C:\Program Files (x86)\Launch Manager\NTKCUtl.dll - ok
    16:02:57.0519 3240 [ A0F1DFC9E47B2524213AFF32E26BE92D ] C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    16:02:57.0519 3240 C:\Program Files (x86)\Windows Media Player\wmplayer.exe - ok
    16:02:57.0519 3240 [ 063F592B4C0AE7F786BC1A1460FB380E ] C:\Program Files (x86)\Launch Manager\VistaVol.dll
    16:02:57.0519 3240 C:\Program Files (x86)\Launch Manager\VistaVol.dll - ok
    16:02:57.0535 3240 [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\SysWOW64\MMDevAPI.dll
    16:02:57.0535 3240 C:\Windows\SysWOW64\MMDevAPI.dll - ok
    16:02:57.0551 3240 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
    16:02:57.0551 3240 C:\Windows\System32\UIAnimation.dll - ok
    16:02:57.0566 3240 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
    16:02:57.0566 3240 C:\Windows\System32\en-US\tquery.dll.mui - ok
    16:02:57.0566 3240 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
    16:02:57.0566 3240 C:\Windows\System32\netman.dll - ok
    16:02:57.0582 3240 [ AFBB5060A2DAD431A2EAEB2C86CFFE81 ] C:\Windows\SysWOW64\AudioSes.dll
    16:02:57.0582 3240 C:\Windows\SysWOW64\AudioSes.dll - ok
    16:02:57.0597 3240 [ FF1C41D06BE1CDC5DBB5B0C3D1C7B3B5 ] C:\Program Files (x86)\CyberLink\PowerDVD8\CLRCEngine3.dll
    16:02:57.0597 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\CLRCEngine3.dll - ok
    16:02:57.0613 3240 [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\Windows\SysWOW64\msvcr71.dll
    16:02:57.0613 3240 C:\Windows\SysWOW64\msvcr71.dll - ok
    16:02:57.0613 3240 [ 47C1DE0A890613FFCFF1D67648EEDF90 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    16:02:57.0613 3240 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
    16:02:57.0629 3240 [ 7A68BE0CA5EAEB62D1A6F8867A98D76E ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Chs\UI_RES.dll
    16:02:57.0629 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Chs\UI_RES.dll - ok
    16:02:57.0644 3240 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
    16:02:57.0644 3240 C:\Windows\System32\rasdlg.dll - ok
    16:02:57.0660 3240 [ D47EA3A874ECEFA09F15764A7E1A3538 ] C:\Program Files (x86)\Launch Manager\LMWndExtLH.dll
    16:02:57.0660 3240 C:\Program Files (x86)\Launch Manager\LMWndExtLH.dll - ok
    16:02:57.0660 3240 [ BB68579E181956E37EB11F9083C01CF3 ] C:\Windows\System32\dot3api.dll
    16:02:57.0660 3240 C:\Windows\System32\dot3api.dll - ok
    16:02:57.0675 3240 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
    16:02:57.0675 3240 C:\Windows\System32\wlanhlp.dll - ok
    16:02:57.0691 3240 [ B6B8BCC62F604ABE1222BCF48942783D ] C:\Program Files (x86)\Launch Manager\WHookCtl.dll
    16:02:57.0691 3240 C:\Program Files (x86)\Launch Manager\WHookCtl.dll - ok
    16:02:57.0691 3240 [ 55FB29764F20336DDE7732A345F823EB ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Cht\UI_RES.dll
    16:02:57.0691 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Cht\UI_RES.dll - ok
    16:02:57.0707 3240 [ 6E3245DF783E58375B3465F03274743E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    16:02:57.0707 3240 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
    16:02:57.0722 3240 [ B06FCA0F757D4EC60F5015B4B7353577 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Csy\UI_RES.dll
    16:02:57.0722 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Csy\UI_RES.dll - ok
    16:02:57.0738 3240 [ 8E2A92218ECFC3E8FFE0F39192A44F7A ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Dan\UI_RES.dll
    16:02:57.0738 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Dan\UI_RES.dll - ok
    16:02:57.0738 3240 [ 07C4EBD3107799774FA3103956CD1C40 ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
    16:02:57.0738 3240 C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe - ok
    16:02:57.0753 3240 [ 884264AC597B690C5707C89723BB8E7B ] C:\Windows\System32\tapisrv.dll
    16:02:57.0753 3240 C:\Windows\System32\tapisrv.dll - ok
    16:02:57.0769 3240 [ E5F1D2C7D51C816437BBE2306828BC4B ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    16:02:57.0769 3240 C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe - ok
    16:02:57.0785 3240 [ 0D1D2FBAE112BDDB9F77B7BC7A956D3A ] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe
    16:02:57.0785 3240 C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe - ok
    16:02:57.0785 3240 [ 47394ED3D16D053F5906EFE5AB51CC83 ] C:\Windows\System32\rasmans.dll
    16:02:57.0785 3240 C:\Windows\System32\rasmans.dll - ok
    16:02:57.0800 3240 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
    16:02:57.0800 3240 C:\Windows\System32\rastapi.dll - ok
    16:02:57.0816 3240 [ 5C81B92B351E59E2E30F1AC3608E2134 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.dll
    16:02:57.0816 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.dll - ok
    16:02:57.0831 3240 [ 9F0ACAA725CF5A391AF7E2067AE45746 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    16:02:57.0831 3240 C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe - ok
    16:02:57.0831 3240 [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\SysWOW64\comdlg32.dll
    16:02:57.0831 3240 C:\Windows\SysWOW64\comdlg32.dll - ok
    16:02:57.0847 3240 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\SysWOW64\tapi32.dll
    16:02:57.0847 3240 C:\Windows\SysWOW64\tapi32.dll - ok
    16:02:57.0863 3240 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
    16:02:57.0863 3240 C:\Windows\System32\tapi32.dll - ok
    16:02:57.0878 3240 [ 209FAAAFA5A6D8AB59ADF239E48434D6 ] C:\Program Files\Acer\Acer ePower Management\SysHook.dll
    16:02:57.0878 3240 C:\Program Files\Acer\Acer ePower Management\SysHook.dll - ok
    16:02:57.0878 3240 [ 154420A93E4F676AA33A055A116255D9 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    16:02:57.0878 3240 C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe - ok
    16:02:57.0894 3240 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
    16:02:57.0894 3240 C:\Windows\SysWOW64\oledlg.dll - ok
    16:02:57.0909 3240 [ 2DEEB96A0957BD058753FF250E85EF49 ] C:\Windows\SysWOW64\msvfw32.dll
    16:02:57.0909 3240 C:\Windows\SysWOW64\msvfw32.dll - ok
    16:02:57.0925 3240 [ 016B31B67ACDF4AEB325FAC166684E5D ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
    16:02:57.0925 3240 C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe - ok
    16:02:57.0925 3240 [ 8E23963C3113FBA40CDFD25204936FBD ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\NLD\UI_RES.dll
    16:02:57.0925 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\NLD\UI_RES.dll - ok
    16:02:57.0941 3240 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
    16:02:57.0941 3240 C:\Windows\SysWOW64\dciman32.dll - ok
    16:02:57.0956 3240 [ 519835D8C5215B09DC6D60F356625A66 ] C:\Program Files (x86)\Nuance\PaperPort\MaxRes.dll
    16:02:57.0956 3240 C:\Program Files (x86)\Nuance\PaperPort\MaxRes.dll - ok
    16:02:57.0972 3240 [ EE25B470C39126B08055A7CB71A67A58 ] C:\Windows\System32\unimdm.tsp
    16:02:57.0972 3240 C:\Windows\System32\unimdm.tsp - ok
    16:02:57.0972 3240 [ 874650BF7C7063FB2455E0498456D29C ] C:\Program Files (x86)\Nuance\PaperPort\XMaxUtil.dll
    16:02:57.0972 3240 C:\Program Files (x86)\Nuance\PaperPort\XMaxUtil.dll - ok
    16:02:57.0987 3240 [ F2A24E4AEC0F8D5DBAB10CB87A8EFED2 ] C:\Windows\SysWOW64\sti.dll
    16:02:57.0987 3240 C:\Windows\SysWOW64\sti.dll - ok
    16:02:58.0003 3240 [ 5AA237EAF522154183AB8E95F2099827 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    16:02:58.0003 3240 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
    16:02:58.0003 3240 [ F353BFDD3A506D969A50CD5C1B5DA833 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Enu\UI_RES.dll
    16:02:58.0003 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Enu\UI_RES.dll - ok
    16:02:58.0019 3240 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
    16:02:58.0019 3240 C:\Windows\System32\uniplat.dll - ok
    16:02:58.0034 3240 [ E2BF206E5164569500742637B5459402 ] C:\Program Files (x86)\Nuance\PaperPort\BliceCtr.dll
    16:02:58.0034 3240 C:\Program Files (x86)\Nuance\PaperPort\BliceCtr.dll - ok
    16:02:58.0050 3240 [ 702A13ED6F2B4740FA77A7A19B382348 ] C:\Windows\SysWOW64\credui.dll
    16:02:58.0050 3240 C:\Windows\SysWOW64\credui.dll - ok
    16:02:58.0050 3240 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
    16:02:58.0050 3240 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
    16:02:58.0065 3240 [ 84ED734D77A8F8B7E56C954D42731945 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    16:02:58.0065 3240 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe - ok
    16:02:58.0081 3240 [ 0BFE25805BA658C32CCDA7B0C470C269 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
    16:02:58.0081 3240 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
    16:02:58.0097 3240 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
    16:02:58.0097 3240 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
    16:02:58.0112 3240 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\SysWOW64\wbemcomn.dll
    16:02:58.0112 3240 C:\Windows\SysWOW64\wbemcomn.dll - ok
    16:02:58.0112 3240 [ B11F7DB91E12BBCA71BE88BFB2120FAF ] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    16:02:58.0112 3240 C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll - ok
    16:02:58.0128 3240 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\SysWOW64\msiltcfg.dll
    16:02:58.0128 3240 C:\Windows\SysWOW64\msiltcfg.dll - ok
    16:02:58.0143 3240 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
    16:02:58.0143 3240 C:\Windows\System32\kmddsp.tsp - ok
    16:02:58.0159 3240 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
    16:02:58.0159 3240 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
    16:02:58.0159 3240 [ 54A1FB9A651F94002FA472A00331B682 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Fin\UI_RES.dll
    16:02:58.0159 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Fin\UI_RES.dll - ok
    16:02:58.0175 3240 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\SysWOW64\wbem\fastprox.dll
    16:02:58.0175 3240 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
    16:02:58.0190 3240 [ DF5F5DA91097AEC042295634B2E52729 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\cnvres_eng.dll
    16:02:58.0190 3240 C:\Program Files (x86)\Nuance\PDF Viewer Plus\cnvres_eng.dll - ok
    16:02:58.0190 3240 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
    16:02:58.0190 3240 C:\Windows\System32\ndptsp.tsp - ok
    16:02:58.0206 3240 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
    16:02:58.0206 3240 C:\Windows\System32\hidphone.tsp - ok
    16:02:58.0221 3240 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
    16:02:58.0221 3240 C:\Windows\SysWOW64\linkinfo.dll - ok
    16:02:58.0237 3240 [ 3DFCC8879DAD3F91F04F0A7DC4378531 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Fra\UI_RES.dll
    16:02:58.0237 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Fra\UI_RES.dll - ok
    16:02:58.0237 3240 [ 992776DD978494547DD1CE211D978868 ] C:\Program Files (x86)\Nuance\PaperPort\BindRes.dll
    16:02:58.0237 3240 C:\Program Files (x86)\Nuance\PaperPort\BindRes.dll - ok
    16:02:58.0253 3240 [ CFB1E2B76E115A65F8F1D2C798D1D66F ] C:\Program Files (x86)\Nuance\PaperPort\Ereg\EregRes_eng.dll
    16:02:58.0253 3240 C:\Program Files (x86)\Nuance\PaperPort\Ereg\EregRes_eng.dll - ok
    16:02:58.0268 3240 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
    16:02:58.0268 3240 C:\Windows\SysWOW64\ntdsapi.dll - ok
    16:02:58.0268 3240 [ 7F015DC55980BEE2FE8B0D73027A1DC6 ] C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe
    16:02:58.0268 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe - ok
    16:02:58.0284 3240 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] C:\Windows\System32\qmgr.dll
    16:02:58.0284 3240 C:\Windows\System32\qmgr.dll - ok
    16:02:58.0299 3240 [ 1520A1AF01EE323B2A8509F8594CE510 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Deu\UI_RES.dll
    16:02:58.0299 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Deu\UI_RES.dll - ok
    16:02:58.0315 3240 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
    16:02:58.0315 3240 C:\Windows\SysWOW64\shfolder.dll - ok
    16:02:58.0315 3240 [ 432BE6CF7311062633459EEF6B242FB5 ] C:\Windows\SysWOW64\regsvr32.exe
    16:02:58.0315 3240 C:\Windows\SysWOW64\regsvr32.exe - ok
    16:02:58.0331 3240 [ 4E75477E8BFA55C6F1F2688FB553F0C5 ] C:\Windows\System32\bitsperf.dll
    16:02:58.0331 3240 C:\Windows\System32\bitsperf.dll - ok
    16:02:58.0346 3240 [ DF627325D25191236BABA895D5A51EF6 ] C:\Windows\System32\rasppp.dll
    16:02:58.0346 3240 C:\Windows\System32\rasppp.dll - ok
    16:02:58.0362 3240 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
    16:02:58.0362 3240 C:\Windows\System32\bitsigd.dll - ok
    16:02:58.0362 3240 [ E74744F54A99E656A6AAE4E17475EF66 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Ita\UI_RES.dll
    16:02:58.0362 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Ita\UI_RES.dll - ok
    16:02:58.0409 3240 [ E3DA135D4DD0D34512D4FEBCB6ED760E ] C:\Windows\System32\vpnike.dll
    16:02:58.0409 3240 C:\Windows\System32\vpnike.dll - ok
    16:02:58.0424 3240 [ 35836B304394F0A0DFE4D838C4D25B7F ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Jpn\UI_RES.dll
    16:02:58.0424 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Jpn\UI_RES.dll - ok
    16:02:58.0440 3240 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
    16:02:58.0440 3240 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
    16:02:58.0455 3240 [ 9E29BC11A70165635CC10D42E64CFEE1 ] C:\Windows\System32\upnp.dll
    16:02:58.0455 3240 C:\Windows\System32\upnp.dll - ok
    16:02:58.0455 3240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
    16:02:58.0455 3240 C:\Windows\System32\ssdpsrv.dll - ok
    16:02:58.0518 3240 [ 1482CC99F7E2DA2FECF59C6A774FED0A ] C:\Windows\System32\raschap.dll
    16:02:58.0518 3240 C:\Windows\System32\raschap.dll - ok
    16:02:58.0518 3240 [ E3564D023DCCA4A1854DC2226C99120D ] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    16:02:58.0518 3240 C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe - ok
    16:02:58.0533 3240 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
    16:02:58.0533 3240 C:\Windows\System32\WWanAPI.dll - ok
    16:02:58.0549 3240 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
    16:02:58.0549 3240 C:\Windows\System32\wwapi.dll - ok
    16:02:58.0565 3240 [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL
    16:02:58.0565 3240 C:\Windows\System32\QAGENT.DLL - ok
    16:02:58.0565 3240 [ 25E865D1A5136C9E93406DC32084320C ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Nor\UI_RES.dll
    16:02:58.0565 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Nor\UI_RES.dll - ok
    16:02:58.0580 3240 [ 079FC5AAA9963057548DF29F069EC406 ] C:\Windows\AppPatch\AcGenral.dll
    16:02:58.0580 3240 C:\Windows\AppPatch\AcGenral.dll - ok
    16:02:58.0596 3240 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
    16:02:58.0596 3240 C:\Windows\SysWOW64\msacm32.dll - ok
    16:02:58.0596 3240 [ 646F048A6F617B86EA9899B6CED06AA1 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Plk\UI_RES.dll
    16:02:58.0596 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Plk\UI_RES.dll - ok
    16:02:58.0611 3240 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
    16:02:58.0611 3240 C:\Windows\System32\qmgrprxy.dll - ok
    16:02:58.0627 3240 [ E053DD729C62B7BB91C9405535D4482B ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Ptg\UI_RES.dll
    16:02:58.0627 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Ptg\UI_RES.dll - ok
    16:02:58.0643 3240 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
    16:02:58.0643 3240 C:\Windows\SysWOW64\qmgrprxy.dll - ok
    16:02:58.0658 3240 [ EE24C42561D40F7AD7C2A7A460287090 ] C:\Windows\System32\wbem\cimwin32.dll
    16:02:58.0658 3240 C:\Windows\System32\wbem\cimwin32.dll - ok
    16:02:58.0658 3240 [ CF94FAD857E73164CAACBDFF36AE9DAC ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Rus\UI_RES.dll
    16:02:58.0658 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Rus\UI_RES.dll - ok
    16:02:58.0674 3240 [ 2E62DE2C4516DA710A10F67BD86FEB80 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Esp\UI_RES.dll
    16:02:58.0674 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Esp\UI_RES.dll - ok
    16:02:58.0689 3240 [ 07F9B39AB7D6CF3DE214362B126E6149 ] C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe
    16:02:58.0689 3240 C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe - ok
    16:02:58.0705 3240 [ CD979FC08D9044753C9DD20D99872544 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Sve\UI_RES.dll
    16:02:58.0705 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Sve\UI_RES.dll - ok
    16:02:58.0705 3240 [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
    16:02:58.0705 3240 C:\Windows\System32\framedynos.dll - ok
    16:02:58.0721 3240 [ 621A8A21CC9A28D7AFC62B1C98F600A3 ] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
    16:02:58.0721 3240 C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll - ok
    16:02:58.0736 3240 [ 0D6800ECCD016F65723551BCB2095557 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Ell\UI_RES.dll
    16:02:58.0736 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Ell\UI_RES.dll - ok
    16:02:58.0736 3240 [ 6C13E1F69181003070DA7893F87C8F1E ] C:\Program Files (x86)\ControlCenter4\BrCcDevMan.dll
    16:02:58.0736 3240 C:\Program Files (x86)\ControlCenter4\BrCcDevMan.dll - ok
    16:02:58.0752 3240 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
    16:02:58.0752 3240 C:\Windows\SysWOW64\wsock32.dll - ok
    16:02:58.0767 3240 [ 22EA733F66A8504F9772EFA6C084EBE1 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Trk\UI_RES.dll
    16:02:58.0767 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Trk\UI_RES.dll - ok
    16:02:58.0783 3240 [ D5857104B6BDB7325FBC58F196505758 ] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
    16:02:58.0783 3240 C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll - ok
    16:02:58.0799 3240 [ 517EEF6693CEB66A26CCC5BE12EEA42D ] C:\Program Files (x86)\ControlCenter4\BrCcExtPg.dll
    16:02:58.0799 3240 C:\Program Files (x86)\ControlCenter4\BrCcExtPg.dll - ok
    16:02:58.0799 3240 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
    16:02:58.0799 3240 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
    16:02:59.0048 3240 [ E97295DE2A9FDE547FEAB4FE41DF16CA ] C:\Windows\SysWOW64\mspaint.exe
    16:02:59.0048 3240 C:\Windows\SysWOW64\mspaint.exe - ok
    16:02:59.0064 3240 [ 76DC9F4FE66BC3867615F142766B4C50 ] C:\Windows\System32\wmi.dll
    16:02:59.0064 3240 C:\Windows\System32\wmi.dll - ok
    16:02:59.0064 3240 [ 602F7A721C4E684CA16629CC4587FF9D ] C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE
    16:02:59.0064 3240 C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE - ok
    16:02:59.0157 3240 [ A8524F6C3AFF774911BCA26AB8322602 ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
    16:02:59.0157 3240 C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
    16:02:59.0173 3240 [ BD4C1D83353BFB80F6BA019F6D0BA95B ] C:\Windows\ehome\ehshell.exe
    16:02:59.0173 3240 C:\Windows\ehome\ehshell.exe - ok
    16:02:59.0189 3240 [ 4E3C04F13286EA5F8119A4F65D4B535C ] C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll
    16:02:59.0189 3240 C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll - ok
    16:02:59.0189 3240 [ 14C6A59904D397C6D85DADA9ACBB6FAB ] C:\Windows\System32\browcli.dll
    16:02:59.0189 3240 C:\Windows\System32\browcli.dll - ok
    16:02:59.0204 3240 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] C:\Program Files (x86)\Browny02\BrYNSvc.exe
    16:02:59.0204 3240 C:\Program Files (x86)\Browny02\BrYNSvc.exe - ok
    16:02:59.0220 3240 [ 8853F3C50E095BBD883965575B874BC6 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Hun\UI_RES.dll
    16:02:59.0220 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Hun\UI_RES.dll - ok
    16:02:59.0235 3240 [ 458F4590F80563EB2A0A72709BFC2BD9 ] C:\Windows\System32\mspaint.exe
    16:02:59.0235 3240 C:\Windows\System32\mspaint.exe - ok
    16:02:59.0235 3240 [ 28142AAF1565736CE0E5D7EFCE3CC0F8 ] C:\Windows\System32\schedcli.dll
    16:02:59.0235 3240 C:\Windows\System32\schedcli.dll - ok
    16:02:59.0251 3240 [ FF205D7513D3861ECE4F64F6FF39E154 ] C:\Program Files (x86)\Nuance\PaperPort\PPMetaDataServer.dll
    16:02:59.0251 3240 C:\Program Files (x86)\Nuance\PaperPort\PPMetaDataServer.dll - ok
    16:02:59.0267 3240 [ CA9D9556CE57B2E42F194CA04B2B8D4D ] C:\Program Files (x86)\Nuance\PaperPort\maxkernl.dll
    16:02:59.0267 3240 C:\Program Files (x86)\Nuance\PaperPort\maxkernl.dll - ok
    16:02:59.0282 3240 [ 41B84C208D5E04DD8537562BC7E9CBC6 ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Kor\UI_RES.dll
    16:02:59.0282 3240 C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Kor\UI_RES.dll - ok
    16:02:59.0282 3240 [ 9CB27AE21BF0553BF20F571DD9E2C3A0 ] C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    16:02:59.0282 3240 C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe - ok
    16:02:59.0313 3240 [ 48A9597CEAF588C5A8E81DC2C3D1E93E ] C:\Program Files (x86)\Nuance\PaperPort\maxcodec.dll
    16:02:59.0313 3240 C:\Program Files (x86)\Nuance\PaperPort\maxcodec.dll - ok
    16:02:59.0313 3240 [ 6C8C001EF62CEFA7E333AF8D0AAED564 ] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    16:02:59.0313 3240 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE - ok
    16:02:59.0329 3240 [ 740CB28D15A6877DC25F6784685731DC ] C:\Program Files (x86)\Nuance\PaperPort\maxrast.dll
    16:02:59.0329 3240 C:\Program Files (x86)\Nuance\PaperPort\maxrast.dll - ok
    16:02:59.0345 3240 [ 8B0A56C93B519426793DDA8FA408D087 ] C:\Program Files (x86)\Browny02\BrMonitor.dll
    16:02:59.0345 3240 C:\Program Files (x86)\Browny02\BrMonitor.dll - ok
    16:02:59.0345 3240 [ 82E53EC685889AD8CFB3AD812A906489 ] C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
    16:02:59.0345 3240 C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe - ok
    16:02:59.0360 3240 [ 9BF014C20F91D97055532F2F5496E7BD ] C:\Program Files\Windows Media Player\wmpnetwk.exe
    16:02:59.0360 3240 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
    16:02:59.0376 3240 [ 3C56D12CA6DC42D287581F6C2139A9D8 ] C:\Program Files (x86)\Nuance\PaperPort\PDFUtil.dll
    16:02:59.0376 3240 C:\Program Files (x86)\Nuance\PaperPort\PDFUtil.dll - ok
    16:02:59.0391 3240 [ 59B7280D73906B43B13B273A1F9CC3DD ] C:\Windows\SysWOW64\xpsrchvw.exe
    16:02:59.0391 3240 C:\Windows\SysWOW64\xpsrchvw.exe - ok
    16:02:59.0391 3240 [ BB50B21FEE2A6F3E5FC92B330ECCF050 ] C:\Windows\SysWOW64\hhctrl.ocx
    16:02:59.0391 3240 C:\Windows\SysWOW64\hhctrl.ocx - ok
    16:02:59.0407 3240 [ 4207008CCDB46CDE0ACC5F83C7F99128 ] C:\Program Files (x86)\Nuance\PaperPort\FeatureSwitch.dll
    16:02:59.0407 3240 C:\Program Files (x86)\Nuance\PaperPort\FeatureSwitch.dll - ok
    16:02:59.0423 3240 [ 051E4826948B0BF1DA66394CE22F1B11 ] C:\Program Files (x86)\Nuance\PaperPort\PasswDB.dll
    16:02:59.0423 3240 C:\Program Files (x86)\Nuance\PaperPort\PasswDB.dll - ok
    16:02:59.0423 3240 [ 5BACFD51D926774C8DD8028BEC9B4374 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
    16:02:59.0423 3240 C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
    16:02:59.0438 3240 [ 46A6BA9274D075A2C30025C4E96D875A ] C:\Windows\SysWOW64\msvcp60.dll
    16:02:59.0438 3240 C:\Windows\SysWOW64\msvcp60.dll - ok
    16:02:59.0454 3240 [ 8AFF4056BA8DA00DB4A510AAB73EC87A ] C:\Program Files (x86)\Nuance\PaperPort\xdocparse.dll
    16:02:59.0454 3240 C:\Program Files (x86)\Nuance\PaperPort\xdocparse.dll - ok
    16:02:59.0469 3240 [ 7E2CF680C69680064D43F4FFE5831DD1 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    16:02:59.0469 3240 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - ok
    16:02:59.0485 3240 [ B907641B954B7C8C7F81EA8679314BFD ] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
    16:02:59.0485 3240 C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll - ok
    16:02:59.0485 3240 [ 53534F0BC0BEFFD60FC13864B3034984 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    16:02:59.0485 3240 C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
    16:02:59.0501 3240 [ 10E4A1D2132CCB5C6759F038CDB6F3C9 ] C:\Windows\System32\calc.exe
    16:02:59.0501 3240 C:\Windows\System32\calc.exe - ok
    16:02:59.0516 3240 [ 74C76BB54B26CE50C4BC755F92687C63 ] C:\Windows\SysWOW64\mfc42.dll
    16:02:59.0516 3240 C:\Windows\SysWOW64\mfc42.dll - ok
    16:02:59.0516 3240 [ D378BFFB70923139D6A4F546864AA61C ] C:\Windows\SysWOW64\notepad.exe
    16:02:59.0516 3240 C:\Windows\SysWOW64\notepad.exe - ok
    16:02:59.0532 3240 [ 07DD9DCD1CC2840751A1F8772F3C0195 ] C:\Program Files\Microsoft Games\Chess\Chess.exe
    16:02:59.0532 3240 C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
    16:02:59.0547 3240 [ D1F65F76FA03619706C43CBEF9C1EEC3 ] C:\PROGRA~2\INTERN~1\iexplore.exe
    16:02:59.0547 3240 C:\PROGRA~2\INTERN~1\iexplore.exe - ok
    16:02:59.0563 3240 [ A23D1D59160B59D29006117EE0722EC2 ] C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE
    16:02:59.0563 3240 C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE - ok
    16:02:59.0579 3240 [ 5764C381949147EBCFB9A7134E2ABF06 ] C:\Windows\SysWOW64\odbc32.dll
    16:02:59.0579 3240 C:\Windows\SysWOW64\odbc32.dll - ok
    16:02:59.0579 3240 [ 050D1C454A49D4DF8EB5222D352B6630 ] C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    16:02:59.0579 3240 C:\Program Files (x86)\Mozilla Firefox\firefox.exe - ok
    16:02:59.0594 3240 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
    16:02:59.0594 3240 C:\Windows\SysWOW64\odbcint.dll - ok
    16:02:59.0610 3240 [ 39BFD86634004B7C0D3FD81D2CBB8F92 ] C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    16:02:59.0610 3240 C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe - ok
    16:02:59.0625 3240 [ 302B93586DFA480545C320EBA5BA6572 ] C:\Windows\System32\wmdrmdev.dll
    16:02:59.0625 3240 C:\Windows\System32\wmdrmdev.dll - ok
    16:02:59.0625 3240 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
    16:02:59.0625 3240 C:\Windows\System32\drmv2clt.dll - ok
    16:02:59.0641 3240 [ 484ACF6AF85A29AC52F3CF054DFDE9D3 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    16:02:59.0641 3240 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - ok
    16:02:59.0657 3240 [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe
    16:02:59.0657 3240 C:\Windows\System32\notepad.exe - ok
    16:02:59.0672 3240 [ 3DEBA83ECDAF6ED2E72430D238803117 ] C:\Windows\System32\wmp.dll
    16:02:59.0672 3240 C:\Windows\System32\wmp.dll - ok
    16:02:59.0672 3240 [ 77C344EE478BB4329D16A6DCDF1CE087 ] C:\Program Files (x86)\Browny02\BroSNMP.dll
    16:02:59.0672 3240 C:\Program Files (x86)\Browny02\BroSNMP.dll - ok
    16:02:59.0688 3240 [ DA6549A4B2350B65F7C853C7E691F2EB ] C:\Program Files (x86)\Microsoft Works\wksss.exe
    16:02:59.0688 3240 C:\Program Files (x86)\Microsoft Works\wksss.exe - ok
    16:02:59.0703 3240 [ 85EA5C1262CF39BA63E54DB029DA6E63 ] C:\Windows\System32\cleanmgr.exe
    16:02:59.0703 3240 C:\Windows\System32\cleanmgr.exe - ok
    16:02:59.0703 3240 [ D7D7EB64B7DE14A783329805E5AC0031 ] C:\Windows\System32\webcheck.dll
    16:02:59.0703 3240 C:\Windows\System32\webcheck.dll - ok
    16:02:59.0719 3240 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
    16:02:59.0719 3240 C:\Windows\System32\mlang.dll - ok
    16:02:59.0735 3240 [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll
    16:02:59.0735 3240 C:\Windows\System32\SyncCenter.dll - ok
    16:02:59.0750 3240 [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll
    16:02:59.0750 3240 C:\Windows\System32\imapi2.dll - ok
    16:02:59.0750 3240 [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll
    16:02:59.0750 3240 C:\Windows\System32\hgcpl.dll - ok
    16:02:59.0766 3240 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
    16:02:59.0766 3240 C:\Windows\System32\fdPHost.dll - ok
    16:02:59.0781 3240 [ 550BF4ACD6FC3F41DC5A83EF31B9F9B4 ] C:\Windows\System32\wmploc.DLL
    16:02:59.0781 3240 C:\Windows\System32\wmploc.DLL - ok
    16:02:59.0781 3240 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
    16:02:59.0781 3240 C:\Windows\System32\fdWSD.dll - ok
    16:02:59.0797 3240 [ BDDCD13F341CBA21775FF66A5C27F59E ] C:\Windows\System32\SearchProtocolHost.exe
    16:02:59.0797 3240 C:\Windows\System32\SearchProtocolHost.exe - ok
    16:02:59.0813 3240 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
    16:02:59.0813 3240 C:\Windows\System32\fdSSDP.dll - ok
    16:02:59.0828 3240 [ DB8BF64BE3932ADC407505D21C4F2C2C ] C:\Windows\System32\fdProxy.dll
    16:02:59.0828 3240 C:\Windows\System32\fdProxy.dll - ok
    16:02:59.0844 3240 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
    16:02:59.0844 3240 C:\Windows\System32\P2P.dll - ok
    16:02:59.0859 3240 [ 046B2673767CA626E2CFB7FDF735E9E8 ] C:\Windows\System32\ListSvc.dll
    16:02:59.0859 3240 C:\Windows\System32\ListSvc.dll - ok
    16:02:59.0859 3240 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
    16:02:59.0859 3240 C:\Windows\System32\p2pcollab.dll - ok
    16:02:59.0875 3240 [ 649ED39CA880B4CC5602D80931FF8817 ] C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll
    16:02:59.0875 3240 C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll - ok
    16:02:59.0891 3240 [ DFDA0510BEE347942E297D61CECB64F1 ] C:\Program Files\Internet Explorer\ieproxy.dll
    16:02:59.0891 3240 C:\Program Files\Internet Explorer\ieproxy.dll - ok
    16:02:59.0891 3240 [ BA502FE020F2B4880D7130480ECDDCAF ] C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
    16:02:59.0891 3240 C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE - ok
    16:02:59.0906 3240 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
    16:02:59.0906 3240 C:\Windows\System32\IdListen.dll - ok
    16:02:59.0922 3240 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
    16:02:59.0922 3240 C:\Windows\System32\msshooks.dll - ok
    16:02:59.0922 3240 [ B9C7F88D85369548A69F2EDD1A40441E ] C:\Windows\System32\hgprint.dll
    16:02:59.0937 3240 C:\Windows\System32\hgprint.dll - ok
    16:02:59.0937 3240 [ F024058C391B99397EC3CCF6F77B7189 ] C:\Windows\System32\SearchFilterHost.exe
    16:02:59.0937 3240 C:\Windows\System32\SearchFilterHost.exe - ok
    16:02:59.0953 3240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
    16:02:59.0953 3240 C:\Windows\System32\pnrpsvc.dll - ok
    16:02:59.0969 3240 [ 72AB6633E9B39EC7FEBEDF083A9061E5 ] C:\Windows\System32\mscoree.dll
    16:02:59.0969 3240 C:\Windows\System32\mscoree.dll - ok
    16:02:59.0969 3240 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
    16:02:59.0969 3240 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
    16:02:59.0984 3240 [ 336639C41A5DDC35A0A1FBFEA7E8A28D ] C:\Program Files (x86)\ControlCenter4\BrCcFaxRx.dll
    16:02:59.0984 3240 C:\Program Files (x86)\ControlCenter4\BrCcFaxRx.dll - ok
    16:03:00.0000 3240 [ 7CFD44EDD74553FC8EE8479A79987579 ] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    16:03:00.0000 3240 C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe - ok
    16:03:00.0031 3240 [ D2CB14499799E196CB034448BDD898DD ] C:\Windows\System32\SearchFolder.dll
    16:03:00.0031 3240 C:\Windows\System32\SearchFolder.dll - ok
    16:03:00.0031 3240 [ 0464F91951FF74105B13921AFCE40413 ] C:\Windows\System32\StructuredQuery.dll
    16:03:00.0031 3240 C:\Windows\System32\StructuredQuery.dll - ok
    16:03:00.0047 3240 [ 58FAE29A82984E817BBA70D0144E52ED ] C:\Windows\System32\mssph.dll
    16:03:00.0047 3240 C:\Windows\System32\mssph.dll - ok
    16:03:00.0062 3240 [ 4987E079A4530FA737A128BE54B63B12 ] C:\Windows\System32\QAGENTRT.DLL
    16:03:00.0062 3240 C:\Windows\System32\QAGENTRT.DLL - ok
    16:03:00.0062 3240 [ 2A556E2D703DED03186C596B90AC6869 ] C:\Windows\System32\mapi32.dll
    16:03:00.0078 3240 C:\Windows\System32\mapi32.dll - ok
    16:03:00.0078 3240 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
    16:03:00.0078 3240 C:\Windows\System32\fveui.dll - ok
    16:03:00.0093 3240 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
    16:03:00.0093 3240 C:\Windows\System32\p2psvc.dll - ok
    16:03:00.0109 3240 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
    16:03:00.0109 3240 C:\Windows\System32\P2PGraph.dll - ok
    16:03:00.0125 3240 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
    16:03:00.0125 3240 C:\Windows\SysWOW64\msimg32.dll - ok
    16:03:00.0125 3240 [ 6AA7883986D3B351CB068919DAF2F309 ] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
    16:03:00.0125 3240 C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll - ok
    16:03:00.0140 3240 [ AECDBAC5FB4BA4829E498B7D394FC8F3 ] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
    16:03:00.0140 3240 C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll - ok
    16:03:00.0156 3240 [ C0CCBA2DDADBB8B068F50D1A832F07EC ] C:\Windows\System32\Query.dll
    16:03:00.0156 3240 C:\Windows\System32\Query.dll - ok
    16:03:00.0171 3240 [ 687C5FB204E2B07BAAA3552073FB0E69 ] C:\Windows\SysWOW64\atiadlxy.dll
    16:03:00.0171 3240 C:\Windows\SysWOW64\atiadlxy.dll - ok
    16:03:00.0171 3240 [ E7704CBF568815C1CAA6E513387BD3F2 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    16:03:00.0171 3240 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - ok
    16:03:00.0187 3240 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
    16:03:00.0187 3240 C:\Windows\System32\drttransport.dll - ok
    16:03:00.0203 3240 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
    16:03:00.0203 3240 C:\Windows\System32\drt.dll - ok
    16:03:00.0218 3240 [ 13ABB2FB39889BC5FB5F28D3C1ED7CBB ] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
    16:03:00.0218 3240 C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll - ok
    16:03:00.0218 3240 [ B701CD6DC1659244DE8C1A4C70758F61 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
    16:03:00.0218 3240 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
    16:03:00.0234 3240 [ 64E1E08DA679E3A19EDF3F276B26B533 ] C:\Program Files (x86)\ControlCenter4\BrCcScan.dll
    16:03:00.0234 3240 C:\Program Files (x86)\ControlCenter4\BrCcScan.dll - ok
    16:03:00.0249 3240 [ 72F10370DCF8D86406FD625AA78C87AE ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\b8281946f37a029183f8bdff96ba8602\mscorlib.ni.dll
    16:03:00.0249 3240 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\b8281946f37a029183f8bdff96ba8602\mscorlib.ni.dll - ok
    16:03:00.0265 3240 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:03:00.0265 3240 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
    16:03:00.0265 3240 [ EFC1F47158EDDD70858B02CC66700159 ] C:\Program Files\McAfee\MSK\masecore64.dll
    16:03:00.0265 3240 C:\Program Files\McAfee\MSK\masecore64.dll - ok
    16:03:00.0281 3240 [ 139677BB4CA72DBB99FDF80E74FA0B95 ] C:\Program Files\Windows Media Player\WMPMediaSharing.dll
    16:03:00.0281 3240 C:\Program Files\Windows Media Player\WMPMediaSharing.dll - ok
    16:03:00.0296 3240 [ 9AEEEF46F7BD01A7B52CDFEB9993BBFF ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
    16:03:00.0296 3240 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
    16:03:00.0312 3240 [ 5B960B90785B947942AA7341FE67221F ] C:\PROGRA~2\McAfee\SITEAD~1\x64\MCSACO~1.DLL
    16:03:00.0312 3240 C:\PROGRA~2\McAfee\SITEAD~1\x64\MCSACO~1.DLL - ok
    16:03:00.0312 3240 [ F9FC0EF1F8B9DC0A0C394764F99F787D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b5409ff43680d37d5d9eb5c70928a9c\System.ni.dll
    16:03:00.0312 3240 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b5409ff43680d37d5d9eb5c70928a9c\System.ni.dll - ok
    16:03:00.0327 3240 [ 3C06536A9AA332E9E0CEBDE5A596822A ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
    16:03:00.0327 3240 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL - ok
    16:03:00.0343 3240 [ 0C15DB6FF927935F0ECA52FEEA40E6C2 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
    16:03:00.0343 3240 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll - ok
    16:03:00.0359 3240 [ 79336EC275429FD9538E772EE2486A0D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b63f1623847adcba30569d93c4246451\System.Drawing.ni.dll
    16:03:00.0359 3240 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b63f1623847adcba30569d93c4246451\System.Drawing.ni.dll - ok
    16:03:00.0374 3240 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
    16:03:00.0374 3240 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
    16:03:00.0374 3240 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\SysWOW64\mscoree.dll
    16:03:00.0374 3240 C:\Windows\SysWOW64\mscoree.dll - ok
    16:03:00.0390 3240 [ DC902231249471884D2F9EF4D3D2E8AF ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\e8d79927a68509254c75709e6cb49f7d\System.Windows.Forms.ni.dll
    16:03:00.0390 3240 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\e8d79927a68509254c75709e6cb49f7d\System.Windows.Forms.ni.dll - ok
    16:03:00.0405 3240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:03:00.0405 3240 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
    16:03:00.0421 3240 [ D724814D2F9437A1334DE692A1B41BB4 ] C:\PROGRA~1\McAfee\MPF\McMPFPPv.dll
    16:03:00.0421 3240 C:\PROGRA~1\McAfee\MPF\McMPFPPv.dll - ok
    16:03:00.0421 3240 [ 0888E233D01DCA262B489448EB51410D ] C:\PROGRA~1\McAfee\MPF\MpfApi.dll
    16:03:00.0421 3240 C:\PROGRA~1\McAfee\MPF\MpfApi.dll - ok
    16:03:00.0437 3240 [ 2D6E3C5672695FEDE8025758F15ADF06 ] C:\Program Files\McAfee\VirusScan\McVSPP.dll
    16:03:00.0437 3240 C:\Program Files\McAfee\VirusScan\McVSPP.dll - ok
    16:03:00.0452 3240 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
    16:03:00.0452 3240 C:\Windows\System32\msvcr100_clr0400.dll - ok
    16:03:00.0468 3240 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] C:\Windows\System32\FntCache.dll
    16:03:00.0468 3240 C:\Windows\System32\FntCache.dll - ok
    16:03:00.0468 3240 [ A320A7D2278AD49A9563F3421DA62363 ] C:\PROGRA~1\McAfee\VIRUSS~1\MVsCfg.dll
    16:03:00.0468 3240 C:\PROGRA~1\McAfee\VIRUSS~1\MVsCfg.dll - ok
    16:03:00.0483 3240 [ 45E33A1A72BCF6A520CEE886AC96A99F ] C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnn.dll
    16:03:00.0483 3240 C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnn.dll - ok
    16:03:00.0499 3240 [ DDF1E11A7E80B158363617B78409D6D4 ] C:\PROGRA~1\McAfee\VIRUSS~1\McVsPs.dll
    16:03:00.0499 3240 C:\PROGRA~1\McAfee\VIRUSS~1\McVsPs.dll - ok
    16:03:00.0499 3240 [ 67E6366A3B5C242F7048AC52469619C9 ] C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnnPs.dll
    16:03:00.0499 3240 C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnnPs.dll - ok
    16:03:00.0515 3240 [ 9EAEF99E690770C3A81923F9935C8AB9 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\55e8928db54176693b2b4c29284d83b9\System.Runtime.Remoting.ni.dll
    16:03:00.0515 3240 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\55e8928db54176693b2b4c29284d83b9\System.Runtime.Remoting.ni.dll - ok
    16:03:00.0530 3240 [ 896A67EF97926E72BC12C094DD44FA04 ] C:\PROGRA~1\McAfee\VIRUSS~1\mvsap.dll
    16:03:00.0530 3240 C:\PROGRA~1\McAfee\VIRUSS~1\mvsap.dll - ok
    16:03:00.0546 3240 [ 74EF310FAC89341CE2897B7F2C4A7B0F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    16:03:00.0546 3240 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - ok
    16:03:00.0546 3240 [ 010D917C47A1DCC213BCEE26812DDD2A ] C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll
    16:03:00.0546 3240 C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll - ok
    16:03:00.0561 3240 [ 839F04E56134AA3BD58F8E44AB94CE93 ] C:\Program Files\McAfee\MPF\twerp.dll
    16:03:00.0561 3240 C:\Program Files\McAfee\MPF\twerp.dll - ok
    16:03:00.0577 3240 [ 54730BAAC0B3AC87CBD503FC39A5367C ] C:\PROGRA~1\McAfee\MSC\McDBMgr.dll
    16:03:00.0577 3240 C:\PROGRA~1\McAfee\MSC\McDBMgr.dll - ok
    16:03:00.0593 3240 [ 7005085BA00E693D2FF6609E90A5D611 ] C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.dll
    16:03:00.0593 3240 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.dll - ok
    16:03:00.0593 3240 [ 9FC32A9E281A51B9285F69127493C8E7 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\e23e82587f3e54e7234fcf76278a40bf\System.Web.ni.dll
    16:03:00.0593 3240 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\e23e82587f3e54e7234fcf76278a40bf\System.Web.ni.dll - ok
    16:03:00.0608 3240 [ 913D843498553A1BC8F8DBAD6358E49F ] C:\Windows\System32\sppsvc.exe
    16:03:00.0608 3240 C:\Windows\System32\sppsvc.exe - ok
    16:03:00.0624 3240 [ 8CF1834C575E8D8E80BFCD1247BAE86F ] C:\PROGRA~1\COMMON~1\McAfee\NMC\McNmcSrv.dll
    16:03:00.0624 3240 C:\PROGRA~1\COMMON~1\McAfee\NMC\McNmcSrv.dll - ok
    16:03:00.0639 3240 [ E1B6C1623571BFA45EAB83B52A9B82BE ] C:\PROGRA~1\COMMON~1\McAfee\NMC\McDisc.dll
    16:03:00.0639 3240 C:\PROGRA~1\COMMON~1\McAfee\NMC\McDisc.dll - ok
    16:03:00.0655 3240 [ E285ABD9FFF2AB6854453A3C06336EFE ] C:\PROGRA~1\McAfee\MSC\McMscShm.dll
    16:03:00.0655 3240 C:\PROGRA~1\McAfee\MSC\McMscShm.dll - ok
    16:03:00.0655 3240 [ 701AAEA33113AA4BDB80BA4D6BD21996 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\47b69f0a1685d16970dd7a7cbeb6caae\System.Xml.ni.dll
    16:03:00.0655 3240 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\47b69f0a1685d16970dd7a7cbeb6caae\System.Xml.ni.dll - ok
    16:03:00.0671 3240 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
    16:03:00.0671 3240 C:\Windows\System32\drivers\spsys.sys - ok
    16:03:00.0686 3240 [ 8F9F3969933C02DA96EB0F84576DB43E ] C:\Windows\System32\wscsvc.dll
    16:03:00.0686 3240 C:\Windows\System32\wscsvc.dll - ok
    16:03:00.0686 3240 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
    16:03:00.0686 3240 C:\Windows\System32\wuaueng.dll - ok
    16:03:00.0702 3240 [ B2E27497EC529374EDB66F057DE4D4F4 ] C:\PROGRA~1\COMMON~1\McAfee\NMC\McNDSv.dll
    16:03:00.0702 3240 C:\PROGRA~1\COMMON~1\McAfee\NMC\McNDSv.dll - ok
    16:03:00.0717 3240 [ 64E6A44177ACF348D68255A37F4723DA ] C:\Windows\System32\cabinet.dll
    16:03:00.0717 3240 C:\Windows\System32\cabinet.dll - ok
    16:03:00.0733 3240 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
    16:03:00.0733 3240 C:\Windows\System32\mspatcha.dll - ok
    16:03:00.0733 3240 [ FD91C3F7ED94B812BCFAD4A8F83884EB ] C:\Program Files\McAfee\MSK\mskppv.dll
    16:03:00.0733 3240 C:\Program Files\McAfee\MSK\mskppv.dll - ok
    16:03:00.0749 3240 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
    16:03:00.0749 3240 C:\Windows\System32\wuapi.dll - ok
    16:03:00.0764 3240 [ 380F06BF8BB5CF841023D1C6C0E6E7B8 ] C:\PROGRA~1\McAfee\MSC\mcsubmgr\10_5_1~1\mcsubmgr.dll
    16:03:00.0764 3240 C:\PROGRA~1\McAfee\MSC\mcsubmgr\10_5_1~1\mcsubmgr.dll - ok
    16:03:00.0780 3240 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
    16:03:00.0780 3240 C:\Windows\System32\wups.dll - ok
    16:03:00.0780 3240 [ 9E0C5C8535613763CB1FAF257AF19393 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\45ec9c1e591cfab672027218ada2f061\System.Configuration.ni.dll
    16:03:00.0780 3240 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\45ec9c1e591cfab672027218ada2f061\System.Configuration.ni.dll - ok
    16:03:00.0795 3240 [ F8787278F0DECB279806E9AEBCB43980 ] C:\Windows\System32\atipdl64.dll
    16:03:00.0795 3240 C:\Windows\System32\atipdl64.dll - ok
    16:03:00.0811 3240 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
    16:03:00.0811 3240 C:\Windows\System32\wscisvif.dll - ok
    16:03:00.0827 3240 [ 85409DCE247D97E4D6958B7C5916BE4A ] C:\Windows\System32\wscapi.dll
    16:03:00.0827 3240 C:\Windows\System32\wscapi.dll - ok
    16:03:00.0827 3240 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
    16:03:00.0827 3240 C:\Windows\System32\wscproxystub.dll - ok
    16:03:00.0842 3240 [ 2861892F0C843F834118BA9607A7999C ] C:\PROGRA~1\McAfee\MPF\MpfShm.dll
    16:03:00.0842 3240 C:\PROGRA~1\McAfee\MPF\MpfShm.dll - ok
    16:03:00.0858 3240 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
    16:03:00.0858 3240 C:\Windows\System32\security.dll - ok
    16:03:00.0858 3240 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
    16:03:00.0858 3240 C:\Windows\System32\wups2.dll - ok
    16:03:00.0873 3240 [ B7BDBEBC74105E68A3093073C30E3498 ] C:\Windows\System32\sppwinob.dll
    16:03:00.0873 3240 C:\Windows\System32\sppwinob.dll - ok
    16:03:00.0889 3240 [ 0B1297A14EA9AC445F8C988649A7D68D ] C:\PROGRA~1\McAfee\MSK\mskcshim.dll
    16:03:00.0889 3240 C:\PROGRA~1\McAfee\MSK\mskcshim.dll - ok
    16:03:00.0905 3240 [ 715C540ACD6CAD1FABC104E6899FDAAD ] C:\PROGRA~1\McAfee\VIRUSS~1\McOasShm.dll
    16:03:00.0905 3240 C:\PROGRA~1\McAfee\VIRUSS~1\McOasShm.dll - ok
    16:03:00.0920 3240 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
    16:03:00.0920 3240 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
    16:03:00.0920 3240 [ 9EC76E0D517C9F1F4586ABC560780987 ] C:\PROGRA~1\McAfee\MPS\MpsShim.dll
    16:03:00.0920 3240 C:\PROGRA~1\McAfee\MPS\MpsShim.dll - ok
    16:03:00.0936 3240 [ 95C559B6A0D728377CA58DEA79E7D57F ] C:\PROGRA~1\McAfee\MSC\mcmispps.dll
    16:03:00.0936 3240 C:\PROGRA~1\McAfee\MSC\mcmispps.dll - ok
    16:03:00.0951 3240 [ 56389400509C0AFBBD222F27A8560A95 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
    16:03:00.0951 3240 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key - ok
    16:03:00.0967 3240 [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\SysWOW64\msisip.dll
    16:03:00.0967 3240 C:\Windows\SysWOW64\msisip.dll - ok
    16:03:00.0967 3240 [ 2D444C361F758D6CC4B2F51655ECF528 ] C:\Windows\System32\wmpps.dll
    16:03:00.0967 3240 C:\Windows\System32\wmpps.dll - ok
    16:03:00.0983 3240 [ DD37622A478EDFE1D43DF561A19C02DD ] C:\Windows\System32\wmpmde.dll
    16:03:00.0983 3240 C:\Windows\System32\wmpmde.dll - ok
    16:03:00.0998 3240 [ EC7EB038EA11E0D04214D143E0CB6002 ] C:\Windows\System32\WinSATAPI.dll
    16:03:00.0998 3240 C:\Windows\System32\WinSATAPI.dll - ok
    16:03:01.0014 3240 [ B79515AFF098E5A56DFBD316152534DE ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    16:03:01.0014 3240 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
    16:03:01.0014 3240 [ 2BF5A09197251572A74C426EE3E35117 ] C:\Windows\System32\MSMPEG2ENC.DLL
    16:03:01.0014 3240 C:\Windows\System32\MSMPEG2ENC.DLL - ok
    16:03:01.0029 3240 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
    16:03:01.0029 3240 C:\Windows\System32\devenum.dll - ok
    16:03:01.0045 3240 [ 0B0604BC02CA5F77A1F23C6B0D86AE8C ] C:\Windows\System32\msdmo.dll
    16:03:01.0045 3240 C:\Windows\System32\msdmo.dll - ok
    16:03:01.0045 3240 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
    16:03:01.0045 3240 C:\Windows\System32\upnphost.dll - ok
    16:03:01.0061 3240 [ 2F530C1448D4984F2A3F995895F2D532 ] C:\Windows\System32\sppobjs.dll
    16:03:01.0061 3240 C:\Windows\System32\sppobjs.dll - ok
    16:03:01.0076 3240 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
    16:03:01.0076 3240 C:\Windows\System32\udhisapi.dll - ok
    16:03:01.0076 3240 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
    16:03:01.0076 3240 C:\Windows\System32\drprov.dll - ok
    16:03:01.0092 3240 [ 7273921B6DDFEFF3A8567B9800C5673A ] C:\Windows\System32\ntlanman.dll
    16:03:01.0092 3240 C:\Windows\System32\ntlanman.dll - ok
    16:03:01.0107 3240 [ 73A1430ABA9119A2C25892EF9C3CB7A1 ] C:\Windows\System32\davclnt.dll
    16:03:01.0107 3240 C:\Windows\System32\davclnt.dll - ok
    16:03:01.0123 3240 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
    16:03:01.0123 3240 C:\Windows\System32\davhlpr.dll - ok
    16:03:01.0123 3240 [ 7EB45696BC57E17674EC91CCE8D76C22 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\mcbrwsr2.dll
    16:03:01.0123 3240 C:\PROGRA~1\COMMON~1\McAfee\MSC\mcbrwsr2.dll - ok
    16:03:01.0139 3240 [ 64EBE0265887EDBE8C286847395A2F74 ] C:\PROGRA~1\McAfee\MSC\McUpdShm.dll
    16:03:01.0139 3240 C:\PROGRA~1\McAfee\MSC\McUpdShm.dll - ok
    16:03:01.0154 3240 [ 458C2AF2A122D2D9996828BC4237962F ] C:\PROGRA~1\McAfee\MSC\mcuicfg.dll
    16:03:01.0154 3240 C:\PROGRA~1\McAfee\MSC\mcuicfg.dll - ok
    16:03:01.0170 3240 [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll
    16:03:01.0170 3240 C:\Windows\System32\wscinterop.dll - ok
    16:03:01.0170 3240 [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl
    16:03:01.0170 3240 C:\Windows\System32\wscui.cpl - ok
    16:03:01.0185 3240 [ 4A909E731FF3AB900F8B26B0BD57E9BB ] C:\Program Files\McAfee\MSC\mscjsres.dll
    16:03:01.0185 3240 C:\Program Files\McAfee\MSC\mscjsres.dll - ok
    16:03:01.0201 3240 [ C3626E674990EF003B6C94807E82B501 ] C:\Windows\System32\werconcpl.dll
    16:03:01.0201 3240 C:\Windows\System32\werconcpl.dll - ok
    16:03:01.0201 3240 [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
    16:03:01.0201 3240 C:\Windows\System32\wercplsupport.dll - ok
    16:03:01.0217 3240 [ C22E44747DAC8CAACCE00F0722D708E2 ] C:\Windows\System32\mshtml.dll
    16:03:01.0217 3240 C:\Windows\System32\mshtml.dll - ok
    16:03:01.0232 3240 [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll
    16:03:01.0232 3240 C:\Windows\System32\hcproviders.dll - ok
    16:03:01.0232 3240 [ C845F23E04C8CF6C364C649864BA3BE7 ] C:\PROGRA~1\McAfee\MSC\mscuild.dll
    16:03:01.0248 3240 C:\PROGRA~1\McAfee\MSC\mscuild.dll - ok
    16:03:01.0248 3240 [ B7721BE3BB0838651C765EC1C1B69775 ] C:\PROGRA~1\McAfee\MSC\oemuild.dll
    16:03:01.0248 3240 C:\PROGRA~1\McAfee\MSC\oemuild.dll - ok
    16:03:01.0263 3240 [ 439A21A155928DC616611CB6F3E9371D ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeExtractFiles.dll
    16:03:01.0263 3240 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeExtractFiles.dll - ok
    16:03:01.0279 3240 [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll
    16:03:01.0279 3240 C:\Windows\System32\msimtf.dll - ok
    16:03:01.0279 3240 [ 240F6A726322104006DE1F1262D1329C ] C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101130161414.dll
    16:03:01.0279 3240 C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101130161414.dll - ok
    16:03:01.0295 3240 [ FE500E1CCD1D373153D9009A98A774EE ] C:\Windows\System32\jscript.dll
    16:03:01.0295 3240 C:\Windows\System32\jscript.dll - ok
    16:03:01.0310 3240 [ 85978B3BCB808EA9C89AA6D2BEB9E901 ] C:\Windows\System32\vbscript.dll
    16:03:01.0310 3240 C:\Windows\System32\vbscript.dll - ok
    16:03:01.0326 3240 [ F60B6FA0D353DD31A59E86D3D3FD8066 ] C:\Windows\System32\imgutil.dll
    16:03:01.0326 3240 C:\Windows\System32\imgutil.dll - ok
    16:03:01.0326 3240 [ 0728937194E98613051F4A72C7F1D4BF ] C:\Windows\System32\pngfilt.dll
    16:03:01.0326 3240 C:\Windows\System32\pngfilt.dll - ok
    16:03:01.0341 3240 [ D3DA50A27A402BE6154A8EF3C711AC77 ] C:\PROGRA~1\McAfee\VIRUSS~1\vsores.dll
    16:03:01.0341 3240 C:\PROGRA~1\McAfee\VIRUSS~1\vsores.dll - ok
    16:03:01.0357 3240 [ 7565FB6D3099FDADBA15AB0204A2060D ] C:\PROGRA~1\McAfee\MSC\mcprlalt.dll
    16:03:01.0357 3240 C:\PROGRA~1\McAfee\MSC\mcprlalt.dll - ok
    16:03:01.0373 3240 [ CE65462F49D9C9E21B2B5CC8FABAF5B6 ] C:\PROGRA~1\McAfee\MSC\McIPTShm.dll
    16:03:01.0373 3240 C:\PROGRA~1\McAfee\MSC\McIPTShm.dll - ok
    16:03:01.0373 3240 [ 3809B77EB1734CD5FB317425F188ABC1 ] C:\Program Files\McAfee\VirusScan\mcods.exe
    16:03:01.0373 3240 C:\Program Files\McAfee\VirusScan\mcods.exe - ok
    16:03:01.0388 3240 [ A658CDE3B23B01BE98347504566F2A46 ] C:\Windows\System32\dxtrans.dll
    16:03:01.0388 3240 C:\Windows\System32\dxtrans.dll - ok
    16:03:01.0404 3240 [ 4938A4350327E1A5DEB0CD134AC1AAA3 ] C:\Windows\System32\ddrawex.dll
    16:03:01.0404 3240 C:\Windows\System32\ddrawex.dll - ok
    16:03:01.0404 3240 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
    16:03:01.0404 3240 C:\Windows\System32\ddraw.dll - ok
    16:03:01.0419 3240 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
    16:03:01.0419 3240 C:\Windows\System32\dciman32.dll - ok
    16:03:01.0435 3240 [ 129E880CDBE2F4E72148E2F07F71E696 ] C:\Windows\System32\atiumd64.dll
    16:03:01.0435 3240 C:\Windows\System32\atiumd64.dll - ok
    16:03:01.0435 3240 [ 6F19BA9AC25EE3D736EA5F24DEC0F014 ] C:\Windows\System32\atiumd6a.dll
    16:03:01.0435 3240 C:\Windows\System32\atiumd6a.dll - ok
    16:03:01.0451 3240 [ 05F15349D9576B9443C13AFE10E1E249 ] C:\Windows\System32\dxtmsft.dll
    16:03:01.0451 3240 C:\Windows\System32\dxtmsft.dll - ok
    16:03:01.0466 3240 [ 907A8A0AAFC9DAC2F7ABF7DDCDACDB4F ] C:\PROGRA~1\McAfee\MSC\mscinres.dll
    16:03:01.0466 3240 C:\PROGRA~1\McAfee\MSC\mscinres.dll - ok
    16:03:01.0482 3240 [ 4B34095311E5832FE98A723D20B543BE ] C:\Program Files\Common Files\McAfee\Core\mchost.exe
    16:03:01.0482 3240 C:\Program Files\Common Files\McAfee\Core\mchost.exe - ok
    16:03:01.0482 3240 [ 7E57B6D3D74CB9EF3055BA4E89F038D4 ] C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_146.ocx
    16:03:01.0482 3240 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_146.ocx - ok
    16:03:01.0497 3240 [ 205B7034B64DE5A68DEB96B47B7E889B ] C:\Windows\SysWOW64\mscms.dll
    16:03:01.0497 3240 C:\Windows\SysWOW64\mscms.dll - ok
    16:03:01.0513 3240 [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
    16:03:01.0513 3240 C:\Windows\System32\wbem\wmipcima.dll - ok
    16:03:01.0529 3240 [ C1C03EA437EDDA8A7D4D8786E5AE6751 ] C:\Windows\System32\wuauclt.exe
    16:03:01.0529 3240 C:\Windows\System32\wuauclt.exe - ok
    16:03:01.0529 3240 [ 50EBD31C3527366FAFA468BD609F7352 ] C:\Windows\System32\wucltux.dll
    16:03:01.0529 3240 C:\Windows\System32\wucltux.dll - ok
    16:03:01.0544 3240 [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
    16:03:01.0544 3240 C:\Windows\System32\wbem\WMIADAP.exe - ok
    16:03:01.0560 3240 [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
    16:03:01.0560 3240 C:\Windows\System32\loadperf.dll - ok
    16:03:01.0560 3240 ============================================================
    16:03:01.0560 3240 Scan finished
    16:03:01.0560 3240 ============================================================
    16:03:01.0591 2960 Detected object count: 4
    16:03:01.0591 2960 Actual detected object count: 4
    16:04:04.0101 2960 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
    16:04:04.0101 2960 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    16:04:04.0101 2960 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    16:04:04.0101 2960 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    16:04:10.0778 2960 \Device\Harddisk0\DR0\# - copied to quarantine
    16:04:11.0012 2960 \Device\Harddisk0\DR0 - copied to quarantine
    16:04:11.0839 2960 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    16:04:11.0839 2960 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    16:04:11.0855 2960 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    16:04:11.0901 2960 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    16:04:11.0901 2960 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    16:04:11.0917 2960 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    16:04:11.0917 2960 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    16:04:12.0011 2960 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    16:04:12.0026 2960 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    16:04:12.0042 2960 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    16:04:12.0042 2960 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    16:04:12.0042 2960 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    16:04:12.0104 2960 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    16:04:12.0853 2960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    16:04:12.0915 2960 \Device\Harddisk0\DR0 - ok
    16:04:16.0925 2960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    16:04:16.0925 2960 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    16:04:16.0925 2960 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    16:05:02.0149 3176 Deinitialize success
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    That log is correct, ok continue:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  7. batsinthedark

    batsinthedark Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    16
    It took a while, but here is the ComboFix log. It didn't ask me to reboot, is that a good thing?

    ComboFix 13-02-18.02 - miranda 02/19/2013 16:54:54.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.608 [GMT -5:00]
    Running from: c:\users\miranda\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\896B.tmp
    c:\programdata\Microsoft\Windows\DRM\89BA.tmp
    c:\programdata\Microsoft\Windows\DRM\ABFD.tmp
    c:\programdata\Microsoft\Windows\DRM\AC2D.tmp
    c:\users\miranda\AppData\Roaming\Microsoft\Windows\Recent\Cracked.com - America's Only Humor Site Cracked.url
    c:\windows\svchost.exe
    c:\windows\SysWow64\tmp6289.tmp
    c:\windows\SysWow64\tmp628A.tmp
    c:\windows\SysWow64\tmp801A.tmp
    c:\windows\SysWow64\tmp802B.tmp
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-19 to 2013-02-19 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-19 22:22 . 2013-02-19 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-19 21:04 . 2013-02-19 21:04 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-02-15 20:31 . 2013-01-04 03:22 3150848 ----a-w- c:\windows\system32\win32k.sys
    2013-02-15 20:31 . 2012-12-26 05:57 1111040 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-15 20:31 . 2012-12-26 04:51 760320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-15 20:27 . 2013-01-04 05:30 424960 ----a-w- c:\windows\system32\KernelBase.dll
    2013-02-11 23:24 . 2013-02-11 23:24 -------- d-----w- c:\users\miranda\AppData\Roaming\eGames
    2013-02-11 23:20 . 2013-02-12 21:02 -------- d-----w- c:\program files (x86)\eGames
    2013-02-11 20:08 . 2013-02-11 20:08 -------- d-----w- c:\users\miranda\AppData\Roaming\Zeon
    2013-02-10 00:23 . 2013-02-10 17:31 -------- d-----w- c:\users\miranda\AppData\Roaming\Orneon
    2013-02-08 17:54 . 2013-02-19 18:57 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2013-02-04 05:18 . 2013-02-04 06:10 -------- d-----w- c:\users\miranda\AppData\Roaming\Hidden Objects TimeMachine
    2013-02-03 03:10 . 2013-02-03 03:32 -------- d-----w- c:\users\miranda\AppData\Roaming\Hidden Objects JekyllAndHyde
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-15 21:20 . 2010-10-23 00:16 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-18 17:36 . 2012-08-03 18:52 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-18 17:36 . 2012-04-20 13:47 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-04 04:43 . 2013-02-15 20:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 16:52 . 2012-12-22 06:13 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:40 . 2012-12-22 06:13 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:25 . 2012-12-22 06:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:25 . 2012-12-22 06:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 05:41 . 2013-01-09 19:40 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 05:35 . 2013-01-09 19:40 2745856 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 05:04 . 2013-01-09 19:40 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 04:57 . 2013-01-09 19:40 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 03:45 . 2013-01-09 19:40 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 03:45 . 2013-01-09 19:40 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 03:45 . 2013-01-09 19:40 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 03:45 . 2013-01-09 19:40 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 03:45 . 2013-01-09 19:40 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 03:45 . 2013-01-09 19:40 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 03:45 . 2013-01-09 19:40 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 03:45 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 03:45 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 03:45 . 2013-01-09 19:40 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 03:45 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 03:45 . 2013-01-09 19:40 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 03:45 . 2013-01-09 19:40 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 03:45 . 2013-01-09 19:40 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 03:21 . 2013-01-09 19:40 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 03:21 . 2013-01-09 19:40 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 03:21 . 2013-01-09 19:40 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 03:21 . 2013-01-09 19:40 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 03:21 . 2013-01-09 19:40 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 03:21 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 03:21 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 03:21 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 03:21 . 2013-01-09 19:40 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 03:21 . 2013-01-09 19:40 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 03:21 . 2013-01-09 19:40 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-12-07 03:21 . 2013-01-09 19:40 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 03:21 . 2013-01-09 19:40 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 03:21 . 2013-01-09 19:40 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-11-22 10:32 . 2013-01-09 19:32 801280 ----a-w- c:\windows\system32\usp10.dll
    2012-11-22 09:33 . 2013-01-09 19:32 627712 ----a-w- c:\windows\SysWow64\usp10.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
    "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
    "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
    "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-05-13 24576]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 94864]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
    R3 PTDLBus;PANTECH UM175AL Composite Device Driver;c:\windows\system32\DRIVERS\PTDLBus.sys [2008-07-20 66304]
    R3 PTDLMdm;PANTECH UM175AL Drivers;c:\windows\system32\DRIVERS\PTDLMdm.sys [2008-07-20 70784]
    R3 PTDLVsp;PANTECH UM175AL Diagnostic Port;c:\windows\system32\DRIVERS\PTDLVsp.sys [2008-07-20 66688]
    R3 PTDLWWAN;PANTECH UM175AL WWAN Driver;c:\windows\system32\DRIVERS\PTDLWWAN.sys [2008-07-20 84480]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 75032]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 283360]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-12-04 103472]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 149032]
    S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 62800]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 441328]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 01652939
    *NewlyCreated* - 23217000
    *Deregistered* - 01652939
    *Deregistered* - 23217000
    *Deregistered* - mfeavfk01
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
    "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27361209f745l03g4z195t48j2x22p
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27361209f745l03g4z195t48j2x22p
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\miranda\AppData\Roaming\Mozilla\Firefox\Profiles\78kkjby0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - ExtSQL: 2013-02-08 12:54; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{5a64f979-2f93-4707-884b-1003bdf91fe4} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
    SafeBoot-10571971.sys
    SafeBoot-23217000.sys
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    WebBrowser-{5A64F979-2F93-4707-884B-1003BDF91FE4} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3372708056-3682032382-1957565333-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3372708056-3682032382-1957565333-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3372708056-3682032382-1957565333-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:9e,1e,26,6c,29,d3,82,7d,bd,af,a2,52,e8,d3,e3,1b,e8,e8,5f,b1,44,0c,e2,
    06,58,7c,bf,0d,a3,9a,51,f4,86,41,10,be,4c,46,e9,b2,16,0c,8a,41,9f,33,05,72,\
    "??"=hex:4a,ce,6b,08,02,11,9c,c4,21,f9,55,89,42,85,26,f7
    .
    [HKEY_USERS\S-1-5-21-3372708056-3682032382-1957565333-1001\Software\SecuROM\License information*]
    "datasecu"=hex:fb,e9,bd,19,7b,ac,13,f7,3e,5a,2c,58,c2,82,d1,1e,77,dd,5d,22,c5,
    5a,c5,37,d6,c4,5b,1a,48,42,78,d5,fa,12,67,39,6b,03,08,c0,6c,4a,fe,4d,0d,ad,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-19 17:29:29
    ComboFix-quarantined-files.txt 2013-02-19 22:29
    .
    Pre-Run: 50,082,623,488 bytes free
    Post-Run: 53,674,954,752 bytes free
    .
    - - End Of File - - 91B0776765813434577E6DB34C7831F6
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    OK, continue with the following:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those three logs, also let me know if there are any remaining issues or concerns....

    Kevin
     
  9. batsinthedark

    batsinthedark Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    16
    Okay, here are the three logs.

    ComboFix 13-02-18.02 - miranda 02/19/2013 18:11:16.2.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.861 [GMT -5:00]
    Running from: c:\users\miranda\Desktop\ComboFix.exe
    Command switches used :: c:\users\miranda\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\miranda\AppData\Roaming\Roaming
    c:\users\miranda\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-19 to 2013-02-19 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-19 23:27 . 2013-02-19 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-19 21:04 . 2013-02-19 21:04 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-02-15 20:31 . 2013-01-04 03:22 3150848 ----a-w- c:\windows\system32\win32k.sys
    2013-02-15 20:31 . 2012-12-26 05:57 1111040 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-15 20:31 . 2012-12-26 04:51 760320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-15 20:27 . 2013-01-04 05:30 424960 ----a-w- c:\windows\system32\KernelBase.dll
    2013-02-11 23:24 . 2013-02-11 23:24 -------- d-----w- c:\users\miranda\AppData\Roaming\eGames
    2013-02-11 23:20 . 2013-02-12 21:02 -------- d-----w- c:\program files (x86)\eGames
    2013-02-11 20:08 . 2013-02-11 20:08 -------- d-----w- c:\users\miranda\AppData\Roaming\Zeon
    2013-02-10 00:23 . 2013-02-10 17:31 -------- d-----w- c:\users\miranda\AppData\Roaming\Orneon
    2013-02-08 17:54 . 2013-02-19 18:57 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2013-02-04 05:18 . 2013-02-04 06:10 -------- d-----w- c:\users\miranda\AppData\Roaming\Hidden Objects TimeMachine
    2013-02-03 03:10 . 2013-02-03 03:32 -------- d-----w- c:\users\miranda\AppData\Roaming\Hidden Objects JekyllAndHyde
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-15 21:20 . 2010-10-23 00:16 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-18 17:36 . 2012-08-03 18:52 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-18 17:36 . 2012-04-20 13:47 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-04 04:43 . 2013-02-15 20:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 16:52 . 2012-12-22 06:13 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:40 . 2012-12-22 06:13 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:25 . 2012-12-22 06:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:25 . 2012-12-22 06:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 05:41 . 2013-01-09 19:40 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 05:35 . 2013-01-09 19:40 2745856 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 05:04 . 2013-01-09 19:40 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 04:57 . 2013-01-09 19:40 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 03:45 . 2013-01-09 19:40 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 03:45 . 2013-01-09 19:40 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 03:45 . 2013-01-09 19:40 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 03:45 . 2013-01-09 19:40 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 03:45 . 2013-01-09 19:40 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 03:45 . 2013-01-09 19:40 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 03:45 . 2013-01-09 19:40 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 03:45 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 03:45 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 03:45 . 2013-01-09 19:40 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 03:45 . 2013-01-09 19:40 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 03:45 . 2013-01-09 19:40 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 03:45 . 2013-01-09 19:40 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 03:45 . 2013-01-09 19:40 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 03:21 . 2013-01-09 19:40 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 03:21 . 2013-01-09 19:40 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 03:21 . 2013-01-09 19:40 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 03:21 . 2013-01-09 19:40 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 03:21 . 2013-01-09 19:40 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 03:21 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 03:21 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 03:21 . 2013-01-09 19:40 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 03:21 . 2013-01-09 19:40 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 03:21 . 2013-01-09 19:40 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 03:21 . 2013-01-09 19:40 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-12-07 03:21 . 2013-01-09 19:40 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 03:21 . 2013-01-09 19:40 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 03:21 . 2013-01-09 19:40 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-11-22 10:32 . 2013-01-09 19:32 801280 ----a-w- c:\windows\system32\usp10.dll
    2012-11-22 09:33 . 2013-01-09 19:32 627712 ----a-w- c:\windows\SysWow64\usp10.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
    "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
    "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
    "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-05-13 24576]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 94864]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
    R3 PTDLBus;PANTECH UM175AL Composite Device Driver;c:\windows\system32\DRIVERS\PTDLBus.sys [2008-07-20 66304]
    R3 PTDLMdm;PANTECH UM175AL Drivers;c:\windows\system32\DRIVERS\PTDLMdm.sys [2008-07-20 70784]
    R3 PTDLVsp;PANTECH UM175AL Diagnostic Port;c:\windows\system32\DRIVERS\PTDLVsp.sys [2008-07-20 66688]
    R3 PTDLWWAN;PANTECH UM175AL WWAN Driver;c:\windows\system32\DRIVERS\PTDLWWAN.sys [2008-07-20 84480]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 75032]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 283360]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-12-04 103472]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 149032]
    S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 62800]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 441328]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 01652939
    *NewlyCreated* - 23217000
    *Deregistered* - 01652939
    *Deregistered* - 23217000
    *Deregistered* - mfeavfk01
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
    "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27361209f745l03g4z195t48j2x22p
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27361209f745l03g4z195t48j2x22p
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\miranda\AppData\Roaming\Mozilla\Firefox\Profiles\78kkjby0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - ExtSQL: 2013-02-08 12:54; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3372708056-3682032382-1957565333-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3372708056-3682032382-1957565333-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3372708056-3682032382-1957565333-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:9e,1e,26,6c,29,d3,82,7d,bd,af,a2,52,e8,d3,e3,1b,e8,e8,5f,b1,44,0c,e2,
    06,58,7c,bf,0d,a3,9a,51,f4,86,41,10,be,4c,46,e9,b2,16,0c,8a,41,9f,33,05,72,\
    "??"=hex:4a,ce,6b,08,02,11,9c,c4,21,f9,55,89,42,85,26,f7
    .
    [HKEY_USERS\S-1-5-21-3372708056-3682032382-1957565333-1001\Software\SecuROM\License information*]
    "datasecu"=hex:fb,e9,bd,19,7b,ac,13,f7,3e,5a,2c,58,c2,82,d1,1e,77,dd,5d,22,c5,
    5a,c5,37,d6,c4,5b,1a,48,42,78,d5,fa,12,67,39,6b,03,08,c0,6c,4a,fe,4d,0d,ad,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-19 18:33:14
    ComboFix-quarantined-files.txt 2013-02-19 23:33
    ComboFix2.txt 2013-02-19 22:29
    .
    Pre-Run: 53,777,113,088 bytes free
    Post-Run: 53,480,177,664 bytes free
    .
    - - End Of File - - 8A881BE350A1811390DAE7807D679965

    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\896B.tmp.vir Win64/Olmarik.AO trojan
    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\89BA.tmp.vir Win64/Olmarik.AO trojan
    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\ABFD.tmp.vir Win64/Olmarik.AO trojan
    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\AC2D.tmp.vir Win64/Olmarik.AO trojan
    C:\TDSSKiller_Quarantine\19.02.2013_15.57.04\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan
    C:\TDSSKiller_Quarantine\19.02.2013_15.57.04\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan
    C:\TDSSKiller_Quarantine\19.02.2013_15.57.04\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
    C:\TDSSKiller_Quarantine\19.02.2013_15.57.04\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
    C:\TDSSKiller_Quarantine\19.02.2013_15.57.04\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan

    Results of screen317's Security Check version 0.99.58
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 30
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 10.1.1 Adobe Reader out of Date!
    Mozilla Firefox (19.0)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Thanks for reply, ESET only shows entries that are already safe so can be left for now. OK do this please:

    Adobe Reader is outdated...
    Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

    Step 1 - Select your Operating System.
    Step 2 - Select your Langauge.
    Step 3 - Select latest version.

    Untick the option for McAfee security scanner if offered.

    Download and install.

    Having the latest updates ensures there are no security vulnerabilities in your system.

    Next,

    Go here www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.
    There maybe an offer of Google Chrome etc, untick those options if offered...

    Next,

    Your Java [​IMG] is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    ***Note: Check in Start > Control Panel > Uninstall a Program, ensure old versions of Java are removed...

    Next,

    Your system does not have Service Pack 1 (SP1) Go here http://windows.microsoft.com/installwindows7sp1 and follow instructions.

    Let me know if those steps complete OK, also tell me if any issues or concerns remain. If system is now good we can clan up/remove tools etc..

    Thank you,

    Kevin
     
  11. batsinthedark

    batsinthedark Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    16
    Okay, I got everything updated. I was able to get the Service Pack through Windows Update; I think it was one of the updates that wouldn't go through because of that malware error. The other update installed last night when I shut down my computer. I haven't had any issues since you helped me get everything fixed.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    OK, continue as follows:

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.

    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Next,

    Remove ESET online scanner (Only If installed):

    • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
    • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

    Next,

    Delete Security Checks from your Desktop, plus any logs. Then navigate to the following and delete the files:

    Start > Computer > C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
    Start > Computer > C:\TDSSKiller_Quarantine

    Next,

    • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7 accept UAC
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself.

    Any tools/logs remaining on the Desktop can be deleted.

    Let me know if those steps complete OK, also if there are any remaining issues or concerns....

    Kevin
     
  13. batsinthedark

    batsinthedark Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    16
    Everything went smoothly, all the tools have been deleted.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    That is good to hear, if all is now OK here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained here http://www.winpatrol.com/features.html

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)
    If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    FireFox http://www.mozilla.com/en-US/,

    Opera http://www.opera.com/, and

    Chrome http://www.google.com/chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:
    http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If we are finished hit the "Mark Solved" tab at the top of the thread...

    Take care,

    Kevin.....:)
     
  15. batsinthedark

    batsinthedark Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    16
    Thank you so much for your help, O Great Wise One. :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090218

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice