Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

aspire running windows 7 won't connect to internet or open various

Started by honeybear2002 , Mar 05 2013 08:57 PM

  • Please log in to reply

#1
honeybear2002
Posted 05 March 2013 - 08:57 PM

honeybear2002

    Member

  • Member
  • PipPip
  • 15 posts
My uncle asked me to look at his computer for him because he cannot connect to the internet. He has an Aspire 7250-3821 running 64bit Windows 7. I cannot get it to connect to my wireless network at home, and he is unable to connect to his earthlink service. Control panel won't open, system info won't open, along with various other programs/folders. I downloaded ccleaner, avast, online armor, spyware blaster, spyware guard and OTL - I ran Ccleaner's regular cleaner, file cleaner, and registry cleaner. From looking at his internet history and temp files, he has been on tons of porn sites, which is where I believe he picked up all this junk. Anyway, below is my OTL report. What are the steps I should take next? Thank you in advance! Your help is much appreciated!

OTL logfile created on: 3/5/2013 9:08:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gary\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.73 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.57% Memory free
7.46 Gb Paging File | 5.75 Gb Available in Paging File | 77.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 406.07 Gb Free Space | 90.10% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.32 Gb Free Space | 98.27% Space Free | Partition Type: FAT32

Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/05 21:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
PRC - [2013/02/28 00:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/02/28 00:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/30 17:31:38 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/02/29 05:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/01/05 13:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 13:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/10/28 14:04:56 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/10/28 14:04:54 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/10/27 10:02:12 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/06/30 18:51:12 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 18:51:12 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/06/30 18:51:10 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/06/30 18:51:10 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/30 17:31:38 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
MOD - [2012/11/12 21:52:32 | 004,775,040 | ---- | M] () -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/01/05 13:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011/10/28 14:04:54 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/10/28 14:04:54 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/28 00:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/02/22 12:48:32 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/02/22 12:21:42 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/02/22 12:21:16 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/02/07 16:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/10/18 16:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2011/05/24 07:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/28 11:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Start_Pending] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Start_Pending] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/08/18 13:20:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/04/22 09:15:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/29 05:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/01/05 13:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/06/30 18:51:10 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 11:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/28 00:36:34 | 000,177,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/02/28 00:36:34 | 000,068,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/02/28 00:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/02/28 00:36:33 | 000,377,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/02/28 00:36:33 | 000,071,064 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/02/28 00:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/02/28 00:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/02/28 00:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/02 15:02:34 | 000,035,376 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2012/03/22 14:28:35 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/03/22 14:28:35 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/03/22 14:28:35 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 11:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 11:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 11:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 11:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 11:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 11:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 11:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 11:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/06 22:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012/02/06 22:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/07/13 21:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 21:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/01 19:37:32 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/24 08:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/24 06:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/29 22:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/27 19:44:46 | 001,417,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/22 18:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/12/01 00:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/28 12:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/10/02 15:03:04 | 000,062,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2012/10/02 15:02:34 | 000,040,520 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/02 15:02:32 | 000,061,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/28 15:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/04/22 08:54:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120322154422.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\OAui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c918c222-8c9b-11e1-9908-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c918c222-8c9b-11e1-9908-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/05 21:05:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2013/03/05 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\OnlineArmor
[2013/03/05 20:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2013/03/05 20:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2013/03/05 20:49:16 | 000,040,520 | ---- | C] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2013/03/05 20:49:16 | 000,035,376 | ---- | C] (Emsisoft) -- C:\Windows\SysNative\drivers\OAnet.sys
[2013/03/05 20:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Online Armor
[2013/03/05 20:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/05 20:14:58 | 000,377,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/03/05 20:14:58 | 000,033,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/03/05 20:14:54 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/03/05 20:14:53 | 000,068,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/03/05 20:14:52 | 001,025,880 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/03/05 20:14:41 | 000,080,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/03/05 20:14:40 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/03/05 20:13:55 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/05 20:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/05 20:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/05 20:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2013/03/05 20:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard
[2013/03/05 19:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/03/05 19:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/03/05 19:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/03/05 19:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/05 19:37:47 | 030,185,256 | ---- | C] (Emsisoft GmbH ) -- C:\Users\Gary\Desktop\OnlineArmorSetup.exe
[2013/03/05 19:30:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/17 10:35:42 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\PowerCinema

========== Files - Modified Within 30 Days ==========

[2013/03/05 21:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2013/03/05 20:59:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/05 20:14:59 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/05 20:14:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/05 20:07:40 | 000,000,987 | ---- | M] () -- C:\Users\Gary\Desktop\SpywareGuard LiveUpdate.lnk
[2013/03/05 20:07:39 | 000,000,991 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2013/03/05 19:59:53 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/05 19:59:12 | 000,004,032 | ---- | M] () -- C:\Users\Gary\Documents\cc_20130305_195906.reg
[2013/03/05 19:39:54 | 030,185,256 | ---- | M] (Emsisoft GmbH ) -- C:\Users\Gary\Desktop\OnlineArmorSetup.exe
[2013/03/05 19:30:02 | 000,468,046 | ---- | M] () -- C:\Users\Gary\Documents\cc_20130305_192927.reg
[2013/03/05 19:24:09 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/05 19:24:09 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/05 19:23:02 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/05 19:23:02 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/05 19:23:02 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/05 19:01:18 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013/03/05 19:01:12 | 3002,519,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/28 00:36:34 | 000,177,672 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/02/28 00:36:34 | 000,068,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/28 00:36:33 | 001,025,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/28 00:36:33 | 000,377,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/28 00:36:33 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/28 00:36:33 | 000,065,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/02/28 00:36:32 | 000,080,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/28 00:36:31 | 000,033,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/28 00:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/28 00:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/03/05 20:49:16 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2013/03/05 20:49:15 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2013/03/05 20:14:59 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/05 20:14:50 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/05 20:14:47 | 000,065,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/05 20:14:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/03/05 20:07:40 | 000,000,987 | ---- | C] () -- C:\Users\Gary\Desktop\SpywareGuard LiveUpdate.lnk
[2013/03/05 20:07:39 | 000,000,991 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2013/03/05 19:59:53 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/05 19:59:08 | 000,004,032 | ---- | C] () -- C:\Users\Gary\Documents\cc_20130305_195906.reg
[2013/03/05 19:29:32 | 000,468,046 | ---- | C] () -- C:\Users\Gary\Documents\cc_20130305_192927.reg
[2012/08/18 13:21:04 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/22 09:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/22 13:59:02 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/03/22 13:58:02 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/29 16:08:20 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013/03/05 20:53:20 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\OnlineArmor
[2012/07/18 23:53:31 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\PopCapv1000
[2013/02/17 10:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\PowerCinema

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 06 March 2013 - 12:52 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Looks like it's the McAfee virus. ;)
You have Avast running so you need to uninstall McAfee (which has a firewall which is prone to breaking plus you never want more than one anti-virus running. They fight each other.)

Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
Uninstall McAfee, run the McAfee uninstall tool, reboot.


You also have Online Armor which is another firewall. I would uninstall it too until you get the internet back.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
hklm\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /rs 
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls" /s /c
hkcu\SOFTWARE\APPDATALOW /rs
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
honeybear2002
Posted 06 March 2013 - 12:18 PM

honeybear2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
thank you so much for the quick reply!!! McAfee uninstalled and now it connects to my home network! yay! I have tried to run OTL numerous times now and each time it gets "stuck" and says the program is not responding and I have to force close it. When it sticks, the status bar on OTL says, "Scanning HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009\Help..." I have restarted the computer and tried again with the same result. I have tried to run OTL in safe mode with the same results as well. Below is the ADW Cleaner Log.

ADW CLEANER LOG

# AdwCleaner v2.114 - Logfile created 03/06/2013 at 08:22:27
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Gary - GARY-PC
# Boot Mode : Normal
# Running from : C:\Users\Gary\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Users\Gary\AppData\Local\Software

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [989 octets] - [06/03/2013 08:22:27]

########## EOF - C:\AdwCleaner[S1].txt - [1048 octets] ##########
  • 0

#4
honeybear2002
Posted 06 March 2013 - 12:19 PM

honeybear2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
duplicate post - my high speed connection was hiccuping - please delete

Edited by honeybear2002, 06 March 2013 - 12:59 PM.

  • 0

#5
honeybear2002
Posted 06 March 2013 - 12:19 PM

honeybear2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
triplicate post - plese remove

Edited by honeybear2002, 06 March 2013 - 01:00 PM.

  • 0

#6
RKinner
Posted 06 March 2013 - 01:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
So it was the McAfee virus!

Sorry about the OTL. There was some new code in the scan and it didn't work. Let's run some more scans to see if there is anything else:


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#7
honeybear2002
Posted 06 March 2013 - 04:27 PM

honeybear2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay, I was able to do everything you requested with the exception of running the VEW.exe file - when I selected the specified options and click run, I get an error message that says "Run-time error 429: ActiveX component can't create object" and the only option is to click OK and close the program. Below are my logs. TDSS Killer did not request a re-boot, so I ran it one time, if it needs to be run again, please let me know. Thank you again for all of your help!!!

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-06 15:02:28
-----------------------------
15:02:28.547 OS Version: Windows x64 6.1.7601 Service Pack 1
15:02:28.547 Number of processors: 2 586 0x200
15:02:28.547 ComputerName: GARY-PC UserName: Gary
15:02:30.888 Initialize success
15:02:31.839 AVAST engine defs: 13030600
15:02:59.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:02:59.389 Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA60A Size: 476940MB BusType: 11
15:02:59.436 Disk 0 MBR read successfully
15:02:59.436 Disk 0 MBR scan
15:02:59.451 Disk 0 Windows 7 default MBR code
15:02:59.467 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
15:02:59.498 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
15:02:59.514 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461478 MB offset 31664128
15:02:59.529 Disk 0 scanning C:\Windows\system32\drivers
15:03:10.059 Service scanning
15:03:38.046 Modules scanning
15:03:39.918 AVAST engine scan C:\Windows
15:03:43.942 AVAST engine scan C:\Windows\system32
15:06:05.372 AVAST engine scan C:\Windows\system32\drivers
15:06:17.150 AVAST engine scan C:\Users\Gary
15:06:59.660 AVAST engine scan C:\ProgramData
15:08:10.360 Scan finished successfully
15:08:13.370 Disk 0 MBR has been saved successfully to "C:\Users\Gary\Desktop\MBR.dat"
15:08:13.386 The log file has been saved successfully to "C:\Users\Gary\Desktop\aswMBR.txt"


ComboFix 13-03-05.01 - Gary 03/06/2013 15:17:05.1.2 - x64
Running from: c:\users\Gary\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-02-06 to 2013-03-06 )))))))))))))))))))))))))))))))
.
.
2013-03-06 23:25 . 2013-03-06 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-06 21:10 . 2013-03-06 21:10 -------- d-----w- c:\users\Gary\AppData\Local\ElevatedDiagnostics
2013-03-06 16:26 . 2012-11-06 04:54 2205696 ----a-w- c:\windows\SysWow64\PrintConfig.dll
2013-03-06 04:14 . 2013-02-28 08:36 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 04:14 . 2013-02-28 08:36 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 04:14 . 2013-02-28 08:36 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 04:14 . 2013-02-28 08:36 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 04:14 . 2013-02-28 08:36 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 04:14 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 04:14 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 04:14 . 2013-02-28 08:36 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 04:14 . 2013-02-28 08:35 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 04:13 . 2013-02-28 08:36 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 04:13 . 2013-03-06 04:13 -------- d-----w- c:\program files\AVAST Software
2013-03-06 04:10 . 2013-03-06 04:13 -------- d-----w- c:\programdata\AVAST Software
2013-03-06 04:07 . 2013-03-06 04:15 -------- d-----w- c:\program files (x86)\SpywareGuard
2013-03-06 03:59 . 2013-03-06 03:59 -------- d-----w- c:\programdata\Licenses
2013-03-06 03:59 . 2011-11-04 13:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-03-06 03:59 . 2009-03-24 20:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-03-06 03:59 . 2013-03-06 03:59 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-03-06 03:58 . 2013-03-06 03:58 -------- d-----w- c:\program files\CCleaner
2013-02-17 18:35 . 2013-02-17 18:35 -------- d-----w- c:\users\Gary\AppData\Roaming\PowerCinema
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 17:11 . 2012-12-22 02:23 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:23 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:23 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:23 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-10-27 177448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files (x86)\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 871296]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2012-02-29 28264]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-22 21:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 71.252.0.12 71.242.0.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-06 15:28:56
ComboFix-quarantined-files.txt 2013-03-06 23:28
.
Pre-Run: 434,569,596,928 bytes free
Post-Run: 434,205,192,192 bytes free
.
- - End Of File - - 025C3A3CEFF1F9AE4CF4095A5AF2C289



TDSS Log

15:30:45.0140 3148 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:30:45.0218 3148 ============================================================
15:30:45.0218 3148 Current date / time: 2013/03/06 15:30:45.0218
15:30:45.0218 3148 SystemInfo:
15:30:45.0218 3148
15:30:45.0218 3148 OS Version: 6.1.7601 ServicePack: 1.0
15:30:45.0218 3148 Product type: Workstation
15:30:45.0218 3148 ComputerName: GARY-PC
15:30:45.0218 3148 UserName: Gary
15:30:45.0218 3148 Windows directory: C:\Windows
15:30:45.0218 3148 System windows directory: C:\Windows
15:30:45.0218 3148 Running under WOW64
15:30:45.0218 3148 Processor architecture: Intel x64
15:30:45.0218 3148 Number of processors: 2
15:30:45.0218 3148 Page size: 0x1000
15:30:45.0218 3148 Boot type: Normal boot
15:30:45.0218 3148 ============================================================
15:30:46.0747 3148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:30:46.0778 3148 Drive \Device\Harddisk1\DR2 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:30:46.0778 3148 ============================================================
15:30:46.0778 3148 \Device\Harddisk0\DR0:
15:30:46.0794 3148 MBR partitions:
15:30:46.0794 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:30:46.0794 3148 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
15:30:46.0794 3148 \Device\Harddisk1\DR2:
15:30:46.0794 3148 MBR partitions:
15:30:46.0794 3148 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x890, BlocksNum 0xEEF770
15:30:46.0794 3148 ============================================================
15:30:46.0825 3148 C: <-> \Device\Harddisk0\DR0\Partition2
15:30:46.0825 3148 ============================================================
15:30:46.0825 3148 Initialize success
15:30:46.0825 3148 ============================================================
15:33:23.0839 1936 ============================================================
15:33:23.0839 1936 Scan started
15:33:23.0839 1936 Mode: Manual;
15:33:23.0839 1936 ============================================================
15:33:24.0416 1936 ================ Scan system memory ========================
15:33:24.0416 1936 System memory - ok
15:33:24.0432 1936 ================ Scan services =============================
15:33:24.0635 1936 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:33:24.0635 1936 1394ohci - ok
15:33:24.0697 1936 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:33:24.0697 1936 ACPI - ok
15:33:24.0760 1936 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:33:24.0760 1936 AcpiPmi - ok
15:33:24.0838 1936 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:33:24.0853 1936 AdobeARMservice - ok
15:33:24.0978 1936 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:33:24.0978 1936 AdobeFlashPlayerUpdateSvc - ok
15:33:25.0040 1936 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:33:25.0040 1936 adp94xx - ok
15:33:25.0118 1936 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:33:25.0118 1936 adpahci - ok
15:33:25.0181 1936 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:33:25.0181 1936 adpu320 - ok
15:33:25.0228 1936 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:33:25.0228 1936 AeLookupSvc - ok
15:33:25.0306 1936 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:33:25.0306 1936 AFD - ok
15:33:25.0352 1936 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:33:25.0352 1936 agp440 - ok
15:33:25.0415 1936 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:33:25.0430 1936 ALG - ok
15:33:25.0462 1936 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:33:25.0462 1936 aliide - ok
15:33:25.0508 1936 [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:33:25.0508 1936 AMD External Events Utility - ok
15:33:25.0540 1936 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:33:25.0540 1936 amdide - ok
15:33:25.0586 1936 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:33:25.0586 1936 AmdK8 - ok
15:33:25.0836 1936 [ 9A4B92150A5E259A7159D914CC3A60D7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:33:25.0930 1936 amdkmdag - ok
15:33:25.0976 1936 [ 9DEB889D152F9C9DBA98BE8986084535 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:33:25.0976 1936 amdkmdap - ok
15:33:26.0039 1936 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:33:26.0039 1936 AmdPPM - ok
15:33:26.0101 1936 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:33:26.0101 1936 amdsata - ok
15:33:26.0117 1936 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:33:26.0117 1936 amdsbs - ok
15:33:26.0132 1936 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:33:26.0148 1936 amdxata - ok
15:33:26.0210 1936 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:33:26.0210 1936 AppID - ok
15:33:26.0242 1936 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:33:26.0242 1936 AppIDSvc - ok
15:33:26.0257 1936 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:33:26.0273 1936 Appinfo - ok
15:33:26.0320 1936 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:33:26.0320 1936 arc - ok
15:33:26.0351 1936 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:33:26.0351 1936 arcsas - ok
15:33:26.0413 1936 [ 4CA8E3A70263C3029935551204586701 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
15:33:26.0413 1936 aswFsBlk - ok
15:33:26.0460 1936 [ CF6A24076F978BF9C1FE61EE8595DB66 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:33:26.0460 1936 aswMonFlt - ok
15:33:26.0476 1936 [ 24EB5B96B8D215BAC4FC280D39B73049 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
15:33:26.0491 1936 aswRdr - ok
15:33:26.0538 1936 [ 76A2BD420185B468B6DE89AED1EEAE40 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
15:33:26.0538 1936 aswRvrt - ok
15:33:26.0585 1936 [ 5EB2FC36BD4639097A2F9BB68C825604 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:33:26.0585 1936 aswSnx - ok
15:33:26.0616 1936 [ AB1403AF5CC781D5148096216DA3A2A3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:33:26.0632 1936 aswSP - ok
15:33:26.0632 1936 [ 6A2D4BB9DDAA7D74839936403BB31F06 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:33:26.0647 1936 aswTdi - ok
15:33:26.0663 1936 [ 0A83FFF1AEF6113EF8DCBB32D5014AB1 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
15:33:26.0663 1936 aswVmm - ok
15:33:26.0710 1936 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:33:26.0710 1936 AsyncMac - ok
15:33:26.0741 1936 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:33:26.0741 1936 atapi - ok
15:33:26.0866 1936 [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:33:26.0897 1936 athr - ok
15:33:26.0975 1936 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:33:26.0975 1936 AtiHDAudioService - ok
15:33:27.0053 1936 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:33:27.0053 1936 AudioEndpointBuilder - ok
15:33:27.0068 1936 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:33:27.0084 1936 AudioSrv - ok
15:33:27.0162 1936 [ AEF6E1DE647339C4990586D1DE427BBB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:33:27.0162 1936 avast! Antivirus - ok
15:33:27.0224 1936 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:33:27.0224 1936 AxInstSV - ok
15:33:27.0302 1936 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:33:27.0302 1936 b06bdrv - ok
15:33:27.0380 1936 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:33:27.0380 1936 b57nd60a - ok
15:33:27.0443 1936 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:33:27.0443 1936 BDESVC - ok
15:33:27.0458 1936 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:33:27.0474 1936 Beep - ok
15:33:27.0536 1936 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:33:27.0536 1936 BFE - ok
15:33:27.0583 1936 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:33:27.0599 1936 BITS - ok
15:33:27.0646 1936 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:33:27.0661 1936 blbdrive - ok
15:33:27.0708 1936 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:33:27.0708 1936 bowser - ok
15:33:27.0770 1936 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:33:27.0770 1936 BrFiltLo - ok
15:33:27.0786 1936 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:33:27.0786 1936 BrFiltUp - ok
15:33:27.0926 1936 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:33:27.0942 1936 BridgeMP - ok
15:33:28.0004 1936 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:33:28.0004 1936 Browser - ok
15:33:28.0036 1936 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:33:28.0051 1936 Brserid - ok
15:33:28.0067 1936 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:33:28.0067 1936 BrSerWdm - ok
15:33:28.0114 1936 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:33:28.0129 1936 BrUsbMdm - ok
15:33:28.0145 1936 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:33:28.0145 1936 BrUsbSer - ok
15:33:28.0160 1936 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:33:28.0160 1936 BTHMODEM - ok
15:33:28.0207 1936 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:33:28.0207 1936 bthserv - ok
15:33:28.0254 1936 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:33:28.0270 1936 cdfs - ok
15:33:28.0332 1936 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:33:28.0332 1936 cdrom - ok
15:33:28.0379 1936 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:33:28.0394 1936 CertPropSvc - ok
15:33:28.0457 1936 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:33:28.0457 1936 circlass - ok
15:33:28.0504 1936 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:33:28.0504 1936 CLFS - ok
15:33:28.0582 1936 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:33:28.0597 1936 clr_optimization_v2.0.50727_32 - ok
15:33:28.0660 1936 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:33:28.0660 1936 clr_optimization_v2.0.50727_64 - ok
15:33:28.0722 1936 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:33:28.0722 1936 CmBatt - ok
15:33:28.0753 1936 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:33:28.0753 1936 cmdide - ok
15:33:28.0831 1936 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:33:28.0831 1936 CNG - ok
15:33:28.0862 1936 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:33:28.0862 1936 Compbatt - ok
15:33:28.0894 1936 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:33:28.0894 1936 CompositeBus - ok
15:33:28.0909 1936 COMSysApp - ok
15:33:28.0940 1936 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:33:28.0956 1936 crcdisk - ok
15:33:29.0018 1936 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:33:29.0018 1936 CryptSvc - ok
15:33:29.0096 1936 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:33:29.0096 1936 DcomLaunch - ok
15:33:29.0143 1936 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:33:29.0143 1936 defragsvc - ok
15:33:29.0190 1936 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:33:29.0206 1936 DfsC - ok
15:33:29.0268 1936 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:33:29.0268 1936 Dhcp - ok
15:33:29.0299 1936 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:33:29.0299 1936 discache - ok
15:33:29.0346 1936 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:33:29.0346 1936 Disk - ok
15:33:29.0408 1936 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:33:29.0408 1936 Dnscache - ok
15:33:29.0424 1936 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:33:29.0440 1936 dot3svc - ok
15:33:29.0455 1936 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:33:29.0455 1936 DPS - ok
15:33:29.0518 1936 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:33:29.0518 1936 drmkaud - ok
15:33:29.0596 1936 [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:33:29.0611 1936 DsiWMIService - ok
15:33:29.0658 1936 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:33:29.0674 1936 DXGKrnl - ok
15:33:29.0720 1936 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:33:29.0736 1936 EapHost - ok
15:33:29.0861 1936 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:33:29.0892 1936 ebdrv - ok
15:33:29.0908 1936 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:33:29.0923 1936 EFS - ok
15:33:29.0986 1936 [ 5332EC2BA1C112BD4BB1F38127848FEF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:33:29.0986 1936 EgisTec Ticket Service - ok
15:33:30.0064 1936 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:33:30.0079 1936 ehRecvr - ok
15:33:30.0095 1936 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:33:30.0095 1936 ehSched - ok
15:33:30.0173 1936 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:33:30.0188 1936 elxstor - ok
15:33:30.0313 1936 [ 76B978AD795A7E71C48390B000F6023F ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:33:30.0313 1936 ePowerSvc - ok
15:33:30.0329 1936 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:33:30.0344 1936 ErrDev - ok
15:33:30.0422 1936 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:33:30.0438 1936 EventSystem - ok
15:33:30.0485 1936 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:33:30.0485 1936 exfat - ok
15:33:30.0516 1936 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:33:30.0516 1936 fastfat - ok
15:33:30.0594 1936 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:33:30.0610 1936 Fax - ok
15:33:30.0625 1936 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:33:30.0625 1936 fdc - ok
15:33:30.0656 1936 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:33:30.0656 1936 fdPHost - ok
15:33:30.0672 1936 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:33:30.0672 1936 FDResPub - ok
15:33:30.0688 1936 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:33:30.0703 1936 FileInfo - ok
15:33:30.0703 1936 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:33:30.0703 1936 Filetrace - ok
15:33:30.0797 1936 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:33:30.0797 1936 FLEXnet Licensing Service - ok
15:33:30.0828 1936 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:33:30.0828 1936 flpydisk - ok
15:33:30.0859 1936 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:33:30.0875 1936 FltMgr - ok
15:33:30.0922 1936 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:33:30.0937 1936 FontCache - ok
15:33:30.0984 1936 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:33:30.0984 1936 FontCache3.0.0.0 - ok
15:33:31.0015 1936 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:33:31.0015 1936 FsDepends - ok
15:33:31.0062 1936 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:33:31.0062 1936 Fs_Rec - ok
15:33:31.0109 1936 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:33:31.0109 1936 fvevol - ok
15:33:31.0171 1936 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:33:31.0171 1936 gagp30kx - ok
15:33:31.0265 1936 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:33:31.0265 1936 GamesAppService - ok
15:33:31.0312 1936 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:33:31.0312 1936 gpsvc - ok
15:33:31.0358 1936 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:33:31.0358 1936 GREGService - ok
15:33:31.0405 1936 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:33:31.0405 1936 hcw85cir - ok
15:33:31.0452 1936 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:33:31.0452 1936 HdAudAddService - ok
15:33:31.0514 1936 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:33:31.0514 1936 HDAudBus - ok
15:33:31.0530 1936 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:33:31.0530 1936 HidBatt - ok
15:33:31.0561 1936 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:33:31.0561 1936 HidBth - ok
15:33:31.0577 1936 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:33:31.0577 1936 HidIr - ok
15:33:31.0592 1936 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:33:31.0608 1936 hidserv - ok
15:33:31.0655 1936 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:33:31.0670 1936 HidUsb - ok
15:33:31.0686 1936 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:33:31.0702 1936 hkmsvc - ok
15:33:31.0717 1936 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:33:31.0733 1936 HomeGroupListener - ok
15:33:31.0764 1936 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:33:31.0780 1936 HomeGroupProvider - ok
15:33:31.0826 1936 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:33:31.0826 1936 HpSAMD - ok
15:33:31.0873 1936 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:33:31.0873 1936 HTTP - ok
15:33:31.0889 1936 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:33:31.0904 1936 hwpolicy - ok
15:33:31.0951 1936 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:33:31.0951 1936 i8042prt - ok
15:33:32.0014 1936 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:33:32.0029 1936 iaStorV - ok
15:33:32.0076 1936 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:33:32.0092 1936 idsvc - ok
15:33:32.0138 1936 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:33:32.0138 1936 iirsp - ok
15:33:32.0185 1936 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:33:32.0201 1936 IKEEXT - ok
15:33:32.0341 1936 [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:33:32.0372 1936 IntcAzAudAddService - ok
15:33:32.0388 1936 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:33:32.0388 1936 intelide - ok
15:33:32.0450 1936 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:33:32.0450 1936 intelppm - ok
15:33:32.0482 1936 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:33:32.0482 1936 IPBusEnum - ok
15:33:32.0544 1936 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:33:32.0544 1936 IpFilterDriver - ok
15:33:32.0575 1936 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:33:32.0591 1936 iphlpsvc - ok
15:33:32.0591 1936 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:33:32.0591 1936 IPMIDRV - ok
15:33:32.0622 1936 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:33:32.0638 1936 IPNAT - ok
15:33:32.0684 1936 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:33:32.0684 1936 IRENUM - ok
15:33:32.0700 1936 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:33:32.0700 1936 isapnp - ok
15:33:32.0747 1936 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:33:32.0747 1936 iScsiPrt - ok
15:33:32.0794 1936 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:33:32.0794 1936 kbdclass - ok
15:33:32.0840 1936 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:33:32.0840 1936 kbdhid - ok
15:33:32.0856 1936 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:33:32.0856 1936 KeyIso - ok
15:33:32.0887 1936 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:33:32.0887 1936 KSecDD - ok
15:33:32.0918 1936 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:33:32.0918 1936 KSecPkg - ok
15:33:32.0965 1936 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:33:32.0965 1936 ksthunk - ok
15:33:33.0012 1936 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:33:33.0012 1936 KtmRm - ok
15:33:33.0074 1936 [ 173666119D217E3739205C169E2BF0E5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:33:33.0074 1936 L1C - ok
15:33:33.0137 1936 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:33:33.0137 1936 LanmanServer - ok
15:33:33.0168 1936 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:33:33.0168 1936 LanmanWorkstation - ok
15:33:33.0230 1936 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:33:33.0230 1936 Live Updater Service - ok
15:33:33.0277 1936 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:33:33.0277 1936 lltdio - ok
15:33:33.0324 1936 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:33:33.0324 1936 lltdsvc - ok
15:33:33.0340 1936 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:33:33.0340 1936 lmhosts - ok
15:33:33.0402 1936 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:33:33.0402 1936 LSI_FC - ok
15:33:33.0464 1936 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:33:33.0464 1936 LSI_SAS - ok
15:33:33.0480 1936 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:33:33.0480 1936 LSI_SAS2 - ok
15:33:33.0511 1936 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:33:33.0511 1936 LSI_SCSI - ok
15:33:33.0558 1936 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:33:33.0558 1936 luafv - ok
15:33:33.0589 1936 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:33:33.0589 1936 Mcx2Svc - ok
15:33:33.0620 1936 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:33:33.0620 1936 megasas - ok
15:33:33.0667 1936 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:33:33.0667 1936 MegaSR - ok
15:33:33.0714 1936 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:33:33.0714 1936 MMCSS - ok
15:33:33.0730 1936 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:33:33.0730 1936 Modem - ok
15:33:33.0745 1936 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:33:33.0761 1936 monitor - ok
15:33:33.0761 1936 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:33:33.0761 1936 mouclass - ok
15:33:33.0839 1936 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:33:33.0839 1936 mouhid - ok
15:33:33.0901 1936 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:33:33.0901 1936 mountmgr - ok
15:33:33.0932 1936 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:33:33.0932 1936 mpio - ok
15:33:33.0948 1936 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:33:33.0948 1936 mpsdrv - ok
15:33:33.0979 1936 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:33:33.0995 1936 MpsSvc - ok
15:33:34.0026 1936 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:33:34.0026 1936 MRxDAV - ok
15:33:34.0057 1936 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:33:34.0057 1936 mrxsmb - ok
15:33:34.0088 1936 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:33:34.0104 1936 mrxsmb10 - ok
15:33:34.0120 1936 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:33:34.0120 1936 mrxsmb20 - ok
15:33:34.0135 1936 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:33:34.0151 1936 msahci - ok
15:33:34.0166 1936 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:33:34.0166 1936 msdsm - ok
15:33:34.0182 1936 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:33:34.0198 1936 MSDTC - ok
15:33:34.0229 1936 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:33:34.0229 1936 Msfs - ok
15:33:34.0276 1936 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:33:34.0276 1936 mshidkmdf - ok
15:33:34.0291 1936 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:33:34.0291 1936 msisadrv - ok
15:33:34.0322 1936 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:33:34.0322 1936 MSiSCSI - ok
15:33:34.0338 1936 msiserver - ok
15:33:34.0385 1936 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:33:34.0385 1936 MSKSSRV - ok
15:33:34.0400 1936 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:33:34.0400 1936 MSPCLOCK - ok
15:33:34.0416 1936 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:33:34.0416 1936 MSPQM - ok
15:33:34.0447 1936 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:33:34.0463 1936 MsRPC - ok
15:33:34.0478 1936 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:33:34.0478 1936 mssmbios - ok
15:33:34.0510 1936 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:33:34.0510 1936 MSTEE - ok
15:33:34.0525 1936 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:33:34.0525 1936 MTConfig - ok
15:33:34.0541 1936 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:33:34.0541 1936 Mup - ok
15:33:34.0572 1936 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:33:34.0572 1936 mwlPSDFilter - ok
15:33:34.0619 1936 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:33:34.0619 1936 mwlPSDNServ - ok
15:33:34.0634 1936 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:33:34.0650 1936 mwlPSDVDisk - ok
15:33:34.0681 1936 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:33:34.0681 1936 napagent - ok
15:33:34.0744 1936 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:33:34.0759 1936 NativeWifiP - ok
15:33:34.0806 1936 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:33:34.0822 1936 NDIS - ok
15:33:34.0853 1936 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:33:34.0868 1936 NdisCap - ok
15:33:34.0900 1936 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:33:34.0915 1936 NdisTapi - ok
15:33:34.0962 1936 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:33:34.0962 1936 Ndisuio - ok
15:33:34.0978 1936 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:33:34.0978 1936 NdisWan - ok
15:33:35.0040 1936 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:33:35.0040 1936 NDProxy - ok
15:33:35.0071 1936 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:33:35.0071 1936 NetBIOS - ok
15:33:35.0102 1936 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:33:35.0102 1936 NetBT - ok
15:33:35.0118 1936 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:33:35.0134 1936 Netlogon - ok
15:33:35.0165 1936 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:33:35.0165 1936 Netman - ok
15:33:35.0196 1936 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:33:35.0196 1936 netprofm - ok
15:33:35.0227 1936 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:33:35.0227 1936 NetTcpPortSharing - ok
15:33:35.0290 1936 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:33:35.0290 1936 nfrd960 - ok
15:33:35.0352 1936 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:33:35.0352 1936 NlaSvc - ok
15:33:35.0477 1936 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:33:35.0508 1936 NOBU - ok
15:33:35.0524 1936 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:33:35.0524 1936 Npfs - ok
15:33:35.0555 1936 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:33:35.0570 1936 nsi - ok
15:33:35.0602 1936 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:33:35.0602 1936 nsiproxy - ok
15:33:35.0664 1936 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:33:35.0680 1936 Ntfs - ok
15:33:35.0711 1936 [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:33:35.0726 1936 NTI IScheduleSvc - ok
15:33:35.0789 1936 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
15:33:35.0789 1936 NTIDrvr - ok
15:33:35.0804 1936 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:33:35.0804 1936 Null - ok
15:33:35.0867 1936 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:33:35.0867 1936 nvraid - ok
15:33:35.0898 1936 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:33:35.0898 1936 nvstor - ok
15:33:35.0945 1936 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:33:35.0945 1936 nv_agp - ok
15:33:35.0976 1936 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:33:35.0976 1936 ohci1394 - ok
15:33:36.0007 1936 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:33:36.0023 1936 p2pimsvc - ok
15:33:36.0070 1936 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:33:36.0070 1936 p2psvc - ok
15:33:36.0116 1936 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:33:36.0116 1936 Parport - ok
15:33:36.0148 1936 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:33:36.0148 1936 partmgr - ok
15:33:36.0179 1936 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:33:36.0194 1936 PcaSvc - ok
15:33:36.0226 1936 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:33:36.0226 1936 pci - ok
15:33:36.0241 1936 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:33:36.0257 1936 pciide - ok
15:33:36.0272 1936 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:33:36.0272 1936 pcmcia - ok
15:33:36.0288 1936 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:33:36.0288 1936 pcw - ok
15:33:36.0335 1936 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:33:36.0350 1936 PEAUTH - ok
15:33:36.0460 1936 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:33:36.0460 1936 PerfHost - ok
15:33:36.0538 1936 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:33:36.0569 1936 pla - ok
15:33:36.0631 1936 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:33:36.0647 1936 PlugPlay - ok
15:33:36.0678 1936 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:33:36.0694 1936 PNRPAutoReg - ok
15:33:36.0709 1936 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:33:36.0725 1936 PNRPsvc - ok
15:33:36.0756 1936 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:33:36.0772 1936 PolicyAgent - ok
15:33:36.0803 1936 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:33:36.0818 1936 Power - ok
15:33:36.0865 1936 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:33:36.0865 1936 PptpMiniport - ok
15:33:37.0052 1936 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
15:33:37.0084 1936 PrintNotify - ok
15:33:37.0115 1936 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:33:37.0115 1936 Processor - ok
15:33:37.0146 1936 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
15:33:37.0146 1936 ProfSvc - ok
15:33:37.0162 1936 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:33:37.0177 1936 ProtectedStorage - ok
15:33:37.0224 1936 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:33:37.0224 1936 Psched - ok
15:33:37.0302 1936 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:33:37.0318 1936 ql2300 - ok
15:33:37.0349 1936 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:33:37.0349 1936 ql40xx - ok
15:33:37.0380 1936 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:33:37.0380 1936 QWAVE - ok
15:33:37.0396 1936 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:33:37.0396 1936 QWAVEdrv - ok
15:33:37.0411 1936 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:33:37.0411 1936 RasAcd - ok
15:33:37.0474 1936 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:33:37.0474 1936 RasAgileVpn - ok
15:33:37.0520 1936 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:33:37.0520 1936 RasAuto - ok
15:33:37.0598 1936 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:33:37.0598 1936 Rasl2tp - ok
15:33:37.0645 1936 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:33:37.0645 1936 RasMan - ok
15:33:37.0661 1936 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:33:37.0661 1936 RasPppoe - ok
15:33:37.0692 1936 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:33:37.0692 1936 RasSstp - ok
15:33:37.0723 1936 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:33:37.0723 1936 rdbss - ok
15:33:37.0739 1936 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:33:37.0739 1936 rdpbus - ok
15:33:37.0739 1936 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:33:37.0739 1936 RDPCDD - ok
15:33:37.0817 1936 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:33:37.0817 1936 RDPENCDD - ok
15:33:37.0848 1936 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:33:37.0848 1936 RDPREFMP - ok
15:33:37.0895 1936 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:33:37.0895 1936 RDPWD - ok
15:33:37.0942 1936 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:33:37.0942 1936 rdyboost - ok
15:33:37.0973 1936 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:33:37.0973 1936 RemoteAccess - ok
15:33:38.0004 1936 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:33:38.0020 1936 RemoteRegistry - ok
15:33:38.0035 1936 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:33:38.0051 1936 RpcEptMapper - ok
15:33:38.0082 1936 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:33:38.0082 1936 RpcLocator - ok
15:33:38.0098 1936 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
15:33:38.0113 1936 RpcSs - ok
15:33:38.0176 1936 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:33:38.0176 1936 rspndr - ok
15:33:38.0254 1936 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
15:33:38.0254 1936 RSUSBSTOR - ok
15:33:38.0285 1936 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:33:38.0285 1936 SamSs - ok
15:33:38.0300 1936 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:33:38.0300 1936 sbp2port - ok
15:33:38.0332 1936 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:33:38.0332 1936 SCardSvr - ok
15:33:38.0363 1936 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:33:38.0363 1936 scfilter - ok
15:33:38.0410 1936 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:33:38.0425 1936 Schedule - ok
15:33:38.0456 1936 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:33:38.0456 1936 SCPolicySvc - ok
15:33:38.0488 1936 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:33:38.0488 1936 SDRSVC - ok
15:33:38.0550 1936 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:33:38.0550 1936 secdrv - ok
15:33:38.0581 1936 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:33:38.0581 1936 seclogon - ok
15:33:38.0597 1936 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:33:38.0612 1936 SENS - ok
15:33:38.0644 1936 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:33:38.0644 1936 SensrSvc - ok
15:33:38.0659 1936 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:33:38.0659 1936 Serenum - ok
15:33:38.0722 1936 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:33:38.0722 1936 Serial - ok
15:33:38.0784 1936 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:33:38.0784 1936 sermouse - ok
15:33:38.0831 1936 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:33:38.0831 1936 SessionEnv - ok
15:33:38.0846 1936 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:33:38.0846 1936 sffdisk - ok
15:33:38.0862 1936 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:33:38.0862 1936 sffp_mmc - ok
15:33:38.0893 1936 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:33:38.0893 1936 sffp_sd - ok
15:33:38.0924 1936 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:33:38.0924 1936 sfloppy - ok
15:33:38.0940 1936 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:33:38.0956 1936 SharedAccess - ok
15:33:38.0971 1936 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:33:38.0987 1936 ShellHWDetection - ok
15:33:39.0034 1936 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:33:39.0034 1936 SiSRaid2 - ok
15:33:39.0049 1936 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:33:39.0049 1936 SiSRaid4 - ok
15:33:39.0143 1936 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:33:39.0143 1936 SkypeUpdate - ok
15:33:39.0174 1936 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:33:39.0190 1936 Smb - ok
15:33:39.0252 1936 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:33:39.0268 1936 SNMPTRAP - ok
15:33:39.0268 1936 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:33:39.0268 1936 spldr - ok
15:33:39.0299 1936 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
15:33:39.0314 1936 Spooler - ok
15:33:39.0424 1936 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:33:39.0470 1936 sppsvc - ok
15:33:39.0486 1936 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:33:39.0502 1936 sppuinotify - ok
15:33:39.0517 1936 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:33:39.0517 1936 srv - ok
15:33:39.0564 1936 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:33:39.0580 1936 srv2 - ok
15:33:39.0595 1936 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:33:39.0611 1936 srvnet - ok
15:33:39.0673 1936 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:33:39.0689 1936 SSDPSRV - ok
15:33:39.0704 1936 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:33:39.0720 1936 SstpSvc - ok
15:33:39.0736 1936 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:33:39.0736 1936 stexstor - ok
15:33:39.0798 1936 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:33:39.0814 1936 stisvc - ok
15:33:39.0845 1936 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:33:39.0845 1936 swenum - ok
15:33:39.0892 1936 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:33:39.0907 1936 swprv - ok
15:33:40.0001 1936 [ BBA2EA927EC5CC5DEF5F1BF2B125C0F7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:33:40.0016 1936 SynTP - ok
15:33:40.0079 1936 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:33:40.0110 1936 SysMain - ok
15:33:40.0126 1936 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:33:40.0141 1936 TabletInputService - ok
15:33:40.0172 1936 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:33:40.0188 1936 TapiSrv - ok
15:33:40.0204 1936 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:33:40.0204 1936 TBS - ok
15:33:40.0313 1936 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:33:40.0328 1936 Tcpip - ok
15:33:40.0422 1936 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:33:40.0453 1936 TCPIP6 - ok
15:33:40.0484 1936 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:33:40.0484 1936 tcpipreg - ok
15:33:40.0516 1936 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:33:40.0516 1936 TDPIPE - ok
15:33:40.0547 1936 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:33:40.0547 1936 TDTCP - ok
15:33:40.0609 1936 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:33:40.0625 1936 tdx - ok
15:33:40.0640 1936 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:33:40.0640 1936 TermDD - ok
15:33:40.0687 1936 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:33:40.0703 1936 TermService - ok
15:33:40.0718 1936 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:33:40.0718 1936 Themes - ok
15:33:40.0750 1936 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:33:40.0750 1936 THREADORDER - ok
15:33:40.0781 1936 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:33:40.0781 1936 TrkWks - ok
15:33:40.0828 1936 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:33:40.0828 1936 TrustedInstaller - ok
15:33:40.0843 1936 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:33:40.0843 1936 tssecsrv - ok
15:33:40.0906 1936 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:33:40.0906 1936 TsUsbFlt - ok
15:33:40.0952 1936 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:33:40.0952 1936 TsUsbGD - ok
15:33:41.0015 1936 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:33:41.0015 1936 tunnel - ok
15:33:41.0046 1936 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:33:41.0046 1936 uagp35 - ok
15:33:41.0062 1936 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
15:33:41.0062 1936 UBHelper - ok
15:33:41.0093 1936 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:33:41.0108 1936 udfs - ok
15:33:41.0140 1936 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:33:41.0155 1936 UI0Detect - ok
15:33:41.0202 1936 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:33:41.0202 1936 uliagpkx - ok
15:33:41.0264 1936 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:33:41.0264 1936 umbus - ok
15:33:41.0280 1936 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:33:41.0280 1936 UmPass - ok
15:33:41.0311 1936 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:33:41.0327 1936 upnphost - ok
15:33:41.0374 1936 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:33:41.0374 1936 usbccgp - ok
15:33:41.0405 1936 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:33:41.0405 1936 usbcir - ok
15:33:41.0420 1936 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:33:41.0420 1936 usbehci - ok
15:33:41.0483 1936 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:33:41.0498 1936 usbfilter - ok
15:33:41.0530 1936 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:33:41.0530 1936 usbhub - ok
15:33:41.0561 1936 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:33:41.0561 1936 usbohci - ok
15:33:41.0576 1936 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:33:41.0576 1936 usbprint - ok
15:33:41.0592 1936 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:33:41.0608 1936 USBSTOR - ok
15:33:41.0654 1936 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:33:41.0654 1936 usbuhci - ok
15:33:41.0701 1936 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:33:41.0701 1936 usbvideo - ok
15:33:41.0732 1936 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:33:41.0748 1936 UxSms - ok
15:33:41.0764 1936 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:33:41.0764 1936 VaultSvc - ok
15:33:41.0810 1936 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:33:41.0810 1936 vdrvroot - ok
15:33:41.0857 1936 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:33:41.0873 1936 vds - ok
15:33:41.0888 1936 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:33:41.0888 1936 vga - ok
15:33:41.0904 1936 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:33:41.0920 1936 VgaSave - ok
15:33:41.0951 1936 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:33:41.0951 1936 vhdmp - ok
15:33:41.0966 1936 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:33:41.0966 1936 viaide - ok
15:33:41.0982 1936 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:33:41.0982 1936 volmgr - ok
15:33:42.0013 1936 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:33:42.0013 1936 volmgrx - ok
15:33:42.0029 1936 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:33:42.0044 1936 volsnap - ok
15:33:42.0107 1936 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:33:42.0107 1936 vsmraid - ok
15:33:42.0154 1936 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:33:42.0185 1936 VSS - ok
15:33:42.0200 1936 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:33:42.0200 1936 vwifibus - ok
15:33:42.0247 1936 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:33:42.0247 1936 vwififlt - ok
15:33:42.0294 1936 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:33:42.0310 1936 W32Time - ok
15:33:42.0341 1936 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:33:42.0341 1936 WacomPen - ok
15:33:42.0388 1936 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:33:42.0388 1936 WANARP - ok
15:33:42.0403 1936 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:33:42.0403 1936 Wanarpv6 - ok
15:33:42.0497 1936 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:33:42.0512 1936 WatAdminSvc - ok
15:33:42.0575 1936 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:33:42.0590 1936 wbengine - ok
15:33:42.0622 1936 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:33:42.0622 1936 WbioSrvc - ok
15:33:42.0653 1936 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:33:42.0668 1936 wcncsvc - ok
15:33:42.0684 1936 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:33:42.0700 1936 WcsPlugInService - ok
15:33:42.0731 1936 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:33:42.0731 1936 Wd - ok
15:33:42.0762 1936 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:33:42.0762 1936 Wdf01000 - ok
15:33:42.0809 1936 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:33:42.0809 1936 WdiServiceHost - ok
15:33:42.0824 1936 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:33:42.0824 1936 WdiSystemHost - ok
15:33:42.0856 1936 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:33:42.0856 1936 WebClient - ok
15:33:42.0887 1936 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:33:42.0902 1936 Wecsvc - ok
15:33:42.0934 1936 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:33:42.0949 1936 wercplsupport - ok
15:33:42.0996 1936 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:33:43.0012 1936 WerSvc - ok
15:33:43.0043 1936 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:33:43.0043 1936 WfpLwf - ok
15:33:43.0058 1936 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:33:43.0074 1936 WIMMount - ok
15:33:43.0090 1936 WinDefend - ok
15:33:43.0105 1936 WinHttpAutoProxySvc - ok
15:33:43.0168 1936 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:33:43.0168 1936 Winmgmt - ok
15:33:43.0261 1936 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:33:43.0277 1936 WinRM - ok
15:33:43.0370 1936 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:33:43.0386 1936 Wlansvc - ok
15:33:43.0464 1936 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:33:43.0464 1936 wlcrasvc - ok
15:33:43.0589 1936 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:33:43.0604 1936 wlidsvc - ok
15:33:43.0667 1936 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:33:43.0667 1936 WmiAcpi - ok
15:33:43.0698 1936 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:33:43.0698 1936 wmiApSrv - ok
15:33:43.0776 1936 WMPNetworkSvc - ok
15:33:43.0807 1936 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:33:43.0807 1936 WPCSvc - ok
15:33:43.0823 1936 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:33:43.0838 1936 WPDBusEnum - ok
15:33:43.0870 1936 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:33:43.0870 1936 ws2ifsl - ok
15:33:43.0885 1936 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:33:43.0901 1936 wscsvc - ok
15:33:43.0901 1936 WSearch - ok
15:33:43.0994 1936 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:33:44.0026 1936 wuauserv - ok
15:33:44.0041 1936 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:33:44.0057 1936 WudfPf - ok
15:33:44.0104 1936 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:33:44.0104 1936 WUDFRd - ok
15:33:44.0135 1936 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:33:44.0150 1936 wudfsvc - ok
15:33:44.0166 1936 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:33:44.0182 1936 WwanSvc - ok
15:33:44.0275 1936 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:33:44.0275 1936 YahooAUService - ok
15:33:44.0322 1936 ================ Scan global ===============================
15:33:44.0353 1936 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:33:44.0400 1936 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:33:44.0416 1936 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:33:44.0447 1936 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:33:44.0494 1936 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:33:44.0494 1936 [Global] - ok
15:33:44.0494 1936 ================ Scan MBR ==================================
15:33:44.0525 1936 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:33:44.0977 1936 \Device\Harddisk0\DR0 - ok
15:33:44.0977 1936 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
15:33:44.0993 1936 \Device\Harddisk1\DR2 - ok
15:33:44.0993 1936 ================ Scan VBR ==================================
15:33:45.0008 1936 [ D0D2265E9C95F0D9447C50A4349DA611 ] \Device\Harddisk0\DR0\Partition1
15:33:45.0008 1936 \Device\Harddisk0\DR0\Partition1 - ok
15:33:45.0055 1936 [ A84177ECB10B990EA10DB2F5D57E102C ] \Device\Harddisk0\DR0\Partition2
15:33:45.0055 1936 \Device\Harddisk0\DR0\Partition2 - ok
15:33:45.0055 1936 [ 527089958D5BC76AE515E32D976B7917 ] \Device\Harddisk1\DR2\Partition1
15:33:45.0071 1936 \Device\Harddisk1\DR2\Partition1 - ok
15:33:45.0071 1936 ============================================================
15:33:45.0071 1936 Scan finished
15:33:45.0071 1936 ============================================================
15:33:45.0086 1760 Detected object count: 0
15:33:45.0086 1760 Actual detected object count: 0
15:40:02.0748 3360 ============================================================
15:40:02.0748 3360 Scan started
15:40:02.0748 3360 Mode: Manual; SigCheck; TDLFS;
15:40:02.0748 3360 ============================================================
15:40:03.0918 3360 ================ Scan system memory ========================
15:40:03.0918 3360 System memory - ok
15:40:03.0918 3360 ================ Scan services =============================
15:40:04.0089 3360 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:40:04.0276 3360 1394ohci - ok
15:40:04.0308 3360 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:40:04.0339 3360 ACPI - ok
15:40:04.0370 3360 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:40:04.0479 3360 AcpiPmi - ok
15:40:04.0542 3360 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:40:04.0588 3360 AdobeARMservice - ok
15:40:04.0698 3360 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:40:04.0744 3360 AdobeFlashPlayerUpdateSvc - ok
15:40:04.0776 3360 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:40:04.0807 3360 adp94xx - ok
15:40:04.0885 3360 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:40:04.0916 3360 adpahci - ok
15:40:04.0932 3360 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:40:04.0963 3360 adpu320 - ok
15:40:04.0994 3360 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:40:05.0119 3360 AeLookupSvc - ok
15:40:05.0166 3360 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:40:05.0259 3360 AFD - ok
15:40:05.0290 3360 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:40:05.0322 3360 agp440 - ok
15:40:05.0337 3360 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:40:05.0400 3360 ALG - ok
15:40:05.0415 3360 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:40:05.0446 3360 aliide - ok
15:40:05.0478 3360 [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:40:05.0571 3360 AMD External Events Utility - ok
15:40:05.0602 3360 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:40:05.0634 3360 amdide - ok
15:40:05.0649 3360 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:40:05.0680 3360 AmdK8 - ok
15:40:05.0899 3360 [ 9A4B92150A5E259A7159D914CC3A60D7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:40:06.0102 3360 amdkmdag - ok
15:40:06.0164 3360 [ 9DEB889D152F9C9DBA98BE8986084535 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:40:06.0211 3360 amdkmdap - ok
15:40:06.0242 3360 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:40:06.0289 3360 AmdPPM - ok
15:40:06.0336 3360 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:40:06.0367 3360 amdsata - ok
15:40:06.0382 3360 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:40:06.0414 3360 amdsbs - ok
15:40:06.0445 3360 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:40:06.0460 3360 amdxata - ok
15:40:06.0492 3360 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:40:06.0616 3360 AppID - ok
15:40:06.0632 3360 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:40:06.0726 3360 AppIDSvc - ok
15:40:06.0757 3360 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:40:06.0835 3360 Appinfo - ok
15:40:06.0866 3360 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:40:06.0897 3360 arc - ok
15:40:06.0913 3360 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:40:06.0944 3360 arcsas - ok
15:40:06.0975 3360 [ 4CA8E3A70263C3029935551204586701 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
15:40:07.0038 3360 aswFsBlk - ok
15:40:07.0053 3360 [ CF6A24076F978BF9C1FE61EE8595DB66 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:40:07.0131 3360 aswMonFlt - ok
15:40:07.0147 3360 [ 24EB5B96B8D215BAC4FC280D39B73049 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
15:40:07.0209 3360 aswRdr - ok
15:40:07.0240 3360 [ 76A2BD420185B468B6DE89AED1EEAE40 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
15:40:07.0303 3360 aswRvrt - ok
15:40:07.0334 3360 [ 5EB2FC36BD4639097A2F9BB68C825604 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:40:07.0428 3360 aswSnx - ok
15:40:07.0459 3360 [ AB1403AF5CC781D5148096216DA3A2A3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:40:07.0521 3360 aswSP - ok
15:40:07.0537 3360 [ 6A2D4BB9DDAA7D74839936403BB31F06 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:40:07.0599 3360 aswTdi - ok
15:40:07.0615 3360 [ 0A83FFF1AEF6113EF8DCBB32D5014AB1 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
15:40:07.0677 3360 aswVmm - ok
15:40:07.0693 3360 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:07.0771 3360 AsyncMac - ok
15:40:07.0818 3360 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:40:07.0833 3360 atapi - ok
15:40:07.0927 3360 [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:40:08.0036 3360 athr - ok
15:40:08.0067 3360 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:40:08.0130 3360 AtiHDAudioService - ok
15:40:08.0176 3360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:40:08.0254 3360 AudioEndpointBuilder - ok
15:40:08.0270 3360 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:40:08.0364 3360 AudioSrv - ok
15:40:08.0426 3360 [ AEF6E1DE647339C4990586D1DE427BBB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:40:08.0504 3360 avast! Antivirus - ok
15:40:08.0535 3360 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:40:08.0598 3360 AxInstSV - ok
15:40:08.0629 3360 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:40:08.0722 3360 b06bdrv - ok
15:40:08.0769 3360 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:08.0832 3360 b57nd60a - ok
15:40:08.0878 3360 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:40:08.0972 3360 BDESVC - ok
15:40:08.0988 3360 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:40:09.0081 3360 Beep - ok
15:40:09.0128 3360 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:40:09.0222 3360 BFE - ok
15:40:09.0300 3360 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:40:09.0409 3360 BITS - ok
15:40:09.0424 3360 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:40:09.0456 3360 blbdrive - ok
15:40:09.0487 3360 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:40:09.0565 3360 bowser - ok
15:40:09.0596 3360 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:40:09.0627 3360 BrFiltLo - ok
15:40:09.0643 3360 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:40:09.0690 3360 BrFiltUp - ok
15:40:09.0705 3360 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:40:09.0768 3360 BridgeMP - ok
15:40:09.0814 3360 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:40:09.0846 3360 Browser - ok
15:40:09.0861 3360 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:40:09.0955 3360 Brserid - ok
15:40:09.0970 3360 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:10.0033 3360 BrSerWdm - ok
15:40:10.0048 3360 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:10.0111 3360 BrUsbMdm - ok
15:40:10.0142 3360 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:10.0173 3360 BrUsbSer - ok
15:40:10.0189 3360 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:40:10.0236 3360 BTHMODEM - ok
15:40:10.0267 3360 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:40:10.0360 3360 bthserv - ok
15:40:10.0392 3360 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:40:10.0470 3360 cdfs - ok
15:40:10.0501 3360 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:40:10.0563 3360 cdrom - ok
15:40:10.0579 3360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:40:10.0688 3360 CertPropSvc - ok
15:40:10.0704 3360 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:40:10.0766 3360 circlass - ok
15:40:10.0797 3360 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:40:10.0828 3360 CLFS - ok
15:40:10.0906 3360 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:10.0953 3360 clr_optimization_v2.0.50727_32 - ok
15:40:11.0031 3360 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:11.0078 3360 clr_optimization_v2.0.50727_64 - ok
15:40:11.0109 3360 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:40:11.0156 3360 CmBatt - ok
15:40:11.0187 3360 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:40:11.0218 3360 cmdide - ok
15:40:11.0265 3360 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:40:11.0328 3360 CNG - ok
15:40:11.0359 3360 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:40:11.0374 3360 Compbatt - ok
15:40:11.0390 3360 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:40:11.0452 3360 CompositeBus - ok
15:40:11.0452 3360 COMSysApp - ok
15:40:11.0499 3360 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:40:11.0515 3360 crcdisk - ok
15:40:11.0577 3360 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:40:11.0608 3360 CryptSvc - ok
15:40:11.0640 3360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:40:11.0733 3360 DcomLaunch - ok
15:40:11.0780 3360 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:40:11.0874 3360 defragsvc - ok
15:40:11.0905 3360 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:40:11.0998 3360 DfsC - ok
15:40:12.0045 3360 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:40:12.0201 3360 Dhcp - ok
15:40:12.0342 3360 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:40:12.0451 3360 discache - ok
15:40:12.0482 3360 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:40:12.0513 3360 Disk - ok
15:40:12.0529 3360 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:40:12.0591 3360 Dnscache - ok
15:40:12.0622 3360 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:40:12.0700 3360 dot3svc - ok
15:40:12.0716 3360 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:40:12.0825 3360 DPS - ok
15:40:12.0872 3360 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:40:12.0950 3360 drmkaud - ok
15:40:13.0028 3360 [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:40:13.0106 3360 DsiWMIService - ok
15:40:13.0153 3360 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:40:13.0200 3360 DXGKrnl - ok
15:40:13.0231 3360 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:40:13.0324 3360 EapHost - ok
15:40:13.0418 3360 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:40:13.0527 3360 ebdrv - ok
15:40:13.0574 3360 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:40:13.0605 3360 EFS - ok
15:40:13.0652 3360 [ 5332EC2BA1C112BD4BB1F38127848FEF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:40:13.0668 3360 EgisTec Ticket Service - ok
15:40:13.0746 3360 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:40:13.0855 3360 ehRecvr - ok
15:40:13.0886 3360 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:40:13.0917 3360 ehSched - ok
15:40:13.0964 3360 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:40:14.0011 3360 elxstor - ok
15:40:14.0089 3360 [ 76B978AD795A7E71C48390B000F6023F ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:40:14.0151 3360 ePowerSvc - ok
15:40:14.0167 3360 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:40:14.0229 3360 ErrDev - ok
15:40:14.0292 3360 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:40:14.0385 3360 EventSystem - ok
15:40:14.0401 3360 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:40:14.0479 3360 exfat - ok
15:40:14.0510 3360 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:40:14.0604 3360 fastfat - ok
15:40:14.0666 3360 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:40:14.0760 3360 Fax - ok
15:40:14.0791 3360 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:40:14.0838 3360 fdc - ok
15:40:14.0869 3360 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:40:14.0962 3360 fdPHost - ok
15:40:14.0962 3360 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:40:15.0056 3360 FDResPub - ok
15:40:15.0087 3360 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:40:15.0118 3360 FileInfo - ok
15:40:15.0134 3360 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:40:15.0212 3360 Filetrace - ok
15:40:15.0259 3360 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:40:15.0290 3360 FLEXnet Licensing Service - ok
15:40:15.0337 3360 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:40:15.0368 3360 flpydisk - ok
15:40:15.0384 3360 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:40:15.0415 3360 FltMgr - ok
15:40:15.0462 3360 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:40:15.0571 3360 FontCache - ok
15:40:15.0618 3360 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:15.0649 3360 FontCache3.0.0.0 - ok
15:40:15.0680 3360 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:40:15.0696 3360 FsDepends - ok
15:40:15.0742 3360 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:40:15.0758 3360 Fs_Rec - ok
15:40:15.0789 3360 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:40:15.0836 3360 fvevol - ok
15:40:15.0852 3360 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:40:15.0883 3360 gagp30kx - ok
15:40:15.0945 3360 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:40:15.0992 3360 GamesAppService - ok
15:40:16.0039 3360 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:40:16.0132 3360 gpsvc - ok
15:40:16.0179 3360 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:40:16.0226 3360 GREGService - ok
15:40:16.0273 3360 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:40:16.0351 3360 hcw85cir - ok
15:40:16.0382 3360 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:40:16.0444 3360 HdAudAddService - ok
15:40:16.0476 3360 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:40:16.0538 3360 HDAudBus - ok
15:40:16.0554 3360 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:40:16.0616 3360 HidBatt - ok
15:40:16.0663 3360 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:40:16.0741 3360 HidBth - ok
15:40:16.0756 3360 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:40:16.0803 3360 HidIr - ok
15:40:16.0834 3360 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:40:16.0928 3360 hidserv - ok
15:40:16.0959 3360 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:40:16.0990 3360 HidUsb - ok
15:40:17.0022 3360 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:40:17.0115 3360 hkmsvc - ok
15:40:17.0162 3360 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:40:17.0193 3360 HomeGroupListener - ok
15:40:17.0224 3360 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:40:17.0287 3360 HomeGroupProvider - ok
15:40:17.0302 3360 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:40:17.0334 3360 HpSAMD - ok
15:40:17.0396 3360 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:40:17.0505 3360 HTTP - ok
15:40:17.0536 3360 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:40:17.0552 3360 hwpolicy - ok
15:40:17.0583 3360 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:40:17.0614 3360 i8042prt - ok
15:40:17.0646 3360 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:40:17.0677 3360 iaStorV - ok
15:40:17.0739 3360 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:17.0786 3360 idsvc - ok
15:40:17.0802 3360 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:40:17.0833 3360 iirsp - ok
15:40:17.0895 3360 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:40:18.0004 3360 IKEEXT - ok
15:40:18.0098 3360 [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:40:18.0223 3360 IntcAzAudAddService - ok
15:40:18.0254 3360 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:40:18.0270 3360 intelide - ok
15:40:18.0316 3360 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:40:18.0363 3360 intelppm - ok
15:40:18.0410 3360 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:40:18.0488 3360 IPBusEnum - ok
15:40:18.0504 3360 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:18.0566 3360 IpFilterDriver - ok
15:40:18.0597 3360 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:40:18.0691 3360 iphlpsvc - ok
15:40:18.0706 3360 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:40:18.0753 3360 IPMIDRV - ok
15:40:18.0800 3360 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:40:18.0894 3360 IPNAT - ok
15:40:18.0909 3360 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:40:18.0940 3360 IRENUM - ok
15:40:18.0987 3360 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:40:19.0003 3360 isapnp - ok
15:40:19.0034 3360 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:40:19.0081 3360 iScsiPrt - ok
15:40:19.0096 3360 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:19.0112 3360 kbdclass - ok
15:40:19.0143 3360 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:40:19.0190 3360 kbdhid - ok
15:40:19.0206 3360 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:40:19.0252 3360 KeyIso - ok
15:40:19.0284 3360 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:40:19.0315 3360 KSecDD - ok
15:40:19.0330 3360 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:40:19.0362 3360 KSecPkg - ok
15:40:19.0393 3360 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:40:19.0502 3360 ksthunk - ok
15:40:19.0564 3360 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:40:19.0674 3360 KtmRm - ok
15:40:19.0720 3360 [ 173666119D217E3739205C169E2BF0E5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:40:19.0767 3360 L1C - ok
15:40:19.0814 3360 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:40:19.0908 3360 LanmanServer - ok
15:40:19.0954 3360 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:40:20.0048 3360 LanmanWorkstation - ok
15:40:20.0126 3360 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:40:20.0173 3360 Live Updater Service - ok
15:40:20.0188 3360 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:40:20.0282 3360 lltdio - ok
15:40:20.0329 3360 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:40:20.0438 3360 lltdsvc - ok
15:40:20.0469 3360 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:40:20.0547 3360 lmhosts - ok
15:40:20.0563 3360 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:40:20.0594 3360 LSI_FC - ok
15:40:20.0625 3360 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:40:20.0656 3360 LSI_SAS - ok
15:40:20.0672 3360 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:40:20.0703 3360 LSI_SAS2 - ok
15:40:20.0719 3360 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:40:20.0750 3360 LSI_SCSI - ok
15:40:20.0766 3360 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:40:20.0875 3360 luafv - ok
15:40:20.0906 3360 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:40:20.0968 3360 Mcx2Svc - ok
15:40:21.0000 3360 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:40:21.0031 3360 megasas - ok
15:40:21.0062 3360 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:40:21.0093 3360 MegaSR - ok
15:40:21.0124 3360 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:40:21.0218 3360 MMCSS - ok
15:40:21.0249 3360 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:40:21.0343 3360 Modem - ok
15:40:21.0358 3360 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:40:21.0421 3360 monitor - ok
15:40:21.0452 3360 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:40:21.0468 3360 mouclass - ok
15:40:21.0499 3360 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:40:21.0546 3360 mouhid - ok
15:40:21.0577 3360 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:40:21.0608 3360 mountmgr - ok
15:40:21.0624 3360 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:40:21.0655 3360 mpio - ok
15:40:21.0670 3360 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:40:21.0748 3360 mpsdrv - ok
15:40:21.0780 3360 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:40:21.0904 3360 MpsSvc - ok
15:40:21.0936 3360 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:40:21.0982 3360 MRxDAV - ok
15:40:22.0045 3360 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:40:22.0123 3360 mrxsmb - ok
15:40:22.0154 3360 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:40:22.0185 3360 mrxsmb10 - ok
15:40:22.0201 3360 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:40:22.0248 3360 mrxsmb20 - ok
15:40:22.0294 3360 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:40:22.0310 3360 msahci - ok
15:40:22.0326 3360 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:40:22.0357 3360 msdsm - ok
15:40:22.0404 3360 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:40:22.0435 3360 MSDTC - ok
15:40:22.0513 3360 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:40:22.0591 3360 Msfs - ok
15:40:22.0638 3360 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:40:22.0731 3360 mshidkmdf - ok
15:40:22.0762 3360 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:40:22.0794 3360 msisadrv - ok
15:40:22.0825 3360 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:40:22.0903 3360 MSiSCSI - ok
15:40:22.0918 3360 msiserver - ok
15:40:22.0934 3360 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:40:23.0012 3360 MSKSSRV - ok
15:40:23.0043 3360 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:40:23.0137 3360 MSPCLOCK - ok
15:40:23.0152 3360 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:40:23.0246 3360 MSPQM - ok
15:40:23.0277 3360 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:40:23.0308 3360 MsRPC - ok
15:40:23.0340 3360 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:40:23.0371 3360 mssmbios - ok
15:40:23.0386 3360 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:40:23.0449 3360 MSTEE - ok
15:40:23.0480 3360 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:40:23.0511 3360 MTConfig - ok
15:40:23.0527 3360 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:40:23.0542 3360 Mup - ok
15:40:23.0558 3360 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:40:23.0620 3360 mwlPSDFilter - ok
15:40:23.0636 3360 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:40:23.0683 3360 mwlPSDNServ - ok
15:40:23.0714 3360 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:40:23.0761 3360 mwlPSDVDisk - ok
15:40:23.0792 3360 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:40:23.0901 3360 napagent - ok
15:40:23.0979 3360 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:40:24.0042 3360 NativeWifiP - ok
15:40:24.0088 3360 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:40:24.0135 3360 NDIS - ok
15:40:24.0166 3360 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:24.0260 3360 NdisCap - ok
15:40:24.0291 3360 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:24.0354 3360 NdisTapi - ok
15:40:24.0400 3360 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:24.0463 3360 Ndisuio - ok
15:40:24.0478 3360 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:24.0572 3360 NdisWan - ok
15:40:24.0603 3360 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:40:24.0681 3360 NDProxy - ok
15:40:24.0681 3360 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:40:24.0775 3360 NetBIOS - ok
15:40:24.0822 3360 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:40:24.0900 3360 NetBT - ok
15:40:24.0931 3360 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:40:24.0962 3360 Netlogon - ok
15:40:24.0993 3360 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:40:25.0071 3360 Netman - ok
15:40:25.0102 3360 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:40:25.0212 3360 netprofm - ok
15:40:25.0243 3360 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:40:25.0258 3360 NetTcpPortSharing - ok
15:40:25.0290 3360 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:40:25.0321 3360 nfrd960 - ok
15:40:25.0352 3360 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:40:25.0461 3360 NlaSvc - ok
15:40:25.0570 3360 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:40:25.0664 3360 NOBU - ok
15:40:25.0680 3360 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:40:25.0758 3360 Npfs - ok
15:40:25.0773 3360 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:40:25.0851 3360 nsi - ok
15:40:25.0882 3360 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:40:25.0976 3360 nsiproxy - ok
15:40:26.0054 3360 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:40:26.0116 3360 Ntfs - ok
15:40:26.0163 3360 [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:40:26.0194 3360 NTI IScheduleSvc - ok
15:40:26.0226 3360 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
15:40:26.0288 3360 NTIDrvr - ok
15:40:26.0304 3360 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:40:26.0366 3360 Null - ok
15:40:26.0397 3360 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:40:26.0428 3360 nvraid - ok
15:40:26.0444 3360 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:40:26.0475 3360 nvstor - ok
15:40:26.0491 3360 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:40:26.0522 3360 nv_agp - ok
15:40:26.0538 3360 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:40:26.0569 3360 ohci1394 - ok
15:40:26.0616 3360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:40:26.0662 3360 p2pimsvc - ok
15:40:26.0694 3360 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:40:26.0740 3360 p2psvc - ok
15:40:26.0772 3360 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:40:26.0803 3360 Parport - ok
15:40:26.0834 3360 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:40:26.0865 3360 partmgr - ok
15:40:26.0912 3360 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:40:26.0974 3360 PcaSvc - ok
15:40:27.0021 3360 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:40:27.0052 3360 pci - ok
15:40:27.0068 3360 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:40:27.0099 3360 pciide - ok
15:40:27.0115 3360 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:40:27.0146 3360 pcmcia - ok
15:40:27.0177 3360 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:40:27.0193 3360 pcw - ok
15:40:27.0240 3360 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:40:27.0364 3360 PEAUTH - ok
15:40:27.0489 3360 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:40:27.0552 3360 PerfHost - ok
15:40:27.0645 3360 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:40:27.0770 3360 pla - ok
15:40:27.0832 3360 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:40:27.0910 3360 PlugPlay - ok
15:40:27.0942 3360 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:40:28.0004 3360 PNRPAutoReg - ok
15:40:28.0035 3360 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:40:28.0082 3360 PNRPsvc - ok
15:40:28.0113 3360 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:40:28.0207 3360 PolicyAgent - ok
15:40:28.0254 3360 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:40:28.0363 3360 Power - ok
15:40:28.0394 3360 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:40:28.0519 3360 PptpMiniport - ok
15:40:28.0659 3360 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
15:40:28.0722 3360 PrintNotify ( UnsignedFile.Multi.Generic ) - warning
15:40:28.0722 3360 PrintNotify - detected UnsignedFile.Multi.Generic (1)
15:40:28.0768 3360 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:40:28.0831 3360 Processor - ok
15:40:28.0862 3360 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
15:40:28.0940 3360 ProfSvc - ok
15:40:28.0971 3360 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:40:29.0002 3360 ProtectedStorage - ok
15:40:29.0034 3360 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:40:29.0127 3360 Psched - ok
15:40:29.0158 3360 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:40:29.0236 3360 ql2300 - ok
15:40:29.0252 3360 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:40:29.0283 3360 ql40xx - ok
15:40:29.0314 3360 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:40:29.0361 3360 QWAVE - ok
15:40:29.0377 3360 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:40:29.0439 3360 QWAVEdrv - ok
15:40:29.0455 3360 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:40:29.0533 3360 RasAcd - ok
15:40:29.0564 3360 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:29.0642 3360 RasAgileVpn - ok
15:40:29.0689 3360 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:40:29.0798 3360 RasAuto - ok
15:40:29.0860 3360 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:29.0954 3360 Rasl2tp - ok
15:40:30.0001 3360 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:40:30.0079 3360 RasMan - ok
15:40:30.0094 3360 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:30.0188 3360 RasPppoe - ok
15:40:30.0219 3360 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:40:30.0297 3360 RasSstp - ok
15:40:30.0328 3360 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:40:30.0438 3360 rdbss - ok
15:40:30.0453 3360 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:40:30.0516 3360 rdpbus - ok
15:40:30.0516 3360 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:40:30.0609 3360 RDPCDD - ok
15:40:30.0656 3360 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:40:30.0718 3360 RDPENCDD - ok
15:40:30.0750 3360 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:40:30.0828 3360 RDPREFMP - ok
15:40:30.0859 3360 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:40:30.0906 3360 RDPWD - ok
15:40:30.0921 3360 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:40:30.0968 3360 rdyboost - ok
15:40:30.0999 3360 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:40:31.0093 3360 RemoteAccess - ok
15:40:31.0140 3360 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:40:31.0233 3360 RemoteRegistry - ok
15:40:31.0264 3360 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:40:31.0342 3360 RpcEptMapper - ok
15:40:31.0374 3360 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:40:31.0405 3360 RpcLocator - ok
15:40:31.0436 3360 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
15:40:31.0530 3360 RpcSs - ok
15:40:31.0545 3360 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:40:31.0623 3360 rspndr - ok
15:40:31.0654 3360 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
15:40:31.0717 3360 RSUSBSTOR - ok
15:40:31.0732 3360 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:40:31.0764 3360 SamSs - ok
15:40:31.0779 3360 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:40:31.0810 3360 sbp2port - ok
15:40:31.0857 3360 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:40:31.0935 3360 SCardSvr - ok
15:40:31.0966 3360 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:40:32.0060 3360 scfilter - ok
15:40:32.0107 3360 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:40:32.0200 3360 Schedule - ok
15:40:32.0232 3360 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:40:32.0310 3360 SCPolicySvc - ok
15:40:32.0325 3360 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:40:32.0403 3360 SDRSVC - ok
15:40:32.0419 3360 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:40:32.0528 3360 secdrv - ok
15:40:32.0559 3360 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:40:32.0637 3360 seclogon - ok
15:40:32.0653 3360 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:40:32.0746 3360 SENS - ok
15:40:32.0762 3360 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:40:32.0809 3360 SensrSvc - ok
15:40:32.0824 3360 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:40:32.0887 3360 Serenum - ok
15:40:32.0934 3360 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:40:32.0980 3360 Serial - ok
15:40:33.0012 3360 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:40:33.0058 3360 sermouse - ok
15:40:33.0121 3360 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:40:33.0214 3360 SessionEnv - ok
15:40:33.0246 3360 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:40:33.0292 3360 sffdisk - ok
15:40:33.0324 3360 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:40:33.0386 3360 sffp_mmc - ok
15:40:33.0386 3360 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:40:33.0433 3360 sffp_sd - ok
15:40:33.0464 3360 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:40:33.0495 3360 sfloppy - ok
15:40:33.0526 3360 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:40:33.0604 3360 SharedAccess - ok
15:40:33.0636 3360 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:40:33.0729 3360 ShellHWDetection - ok
15:40:33.0760 3360 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:40:33.0776 3360 SiSRaid2 - ok
15:40:33.0792 3360 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:40:33.0823 3360 SiSRaid4 - ok
15:40:33.0870 3360 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:40:33.0916 3360 SkypeUpdate - ok
15:40:33.0932 3360 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:40:33.0994 3360 Smb - ok
15:40:34.0041 3360 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:40:34.0104 3360 SNMPTRAP - ok
15:40:34.0119 3360 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:40:34.0150 3360 spldr - ok
15:40:34.0182 3360 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
15:40:34.0275 3360 Spooler - ok
15:40:34.0353 3360 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:40:34.0509 3360 sppsvc - ok
15:40:34.0556 3360 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:40:34.0634 3360 sppuinotify - ok
15:40:34.0665 3360 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:40:34.0712 3360 srv - ok
15:40:34.0743 3360 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:40:34.0790 3360 srv2 - ok
15:40:34.0806 3360 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:40:34.0868 3360 srvnet - ok
15:40:34.0915 3360 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:40:34.0993 3360 SSDPSRV - ok
15:40:35.0024 3360 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:40:35.0102 3360 SstpSvc - ok
15:40:35.0118 3360 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:40:35.0149 3360 stexstor - ok
15:40:35.0180 3360 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:40:35.0258 3360 stisvc - ok
15:40:35.0289 3360 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:40:35.0320 3360 swenum - ok
15:40:35.0352 3360 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:40:35.0461 3360 swprv - ok
15:40:35.0539 3360 [ BBA2EA927EC5CC5DEF5F1BF2B125C0F7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:40:35.0632 3360 SynTP - ok
15:40:35.0695 3360 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:40:35.0788 3360 SysMain - ok
15:40:35.0835 3360 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:40:35.0882 3360 TabletInputService - ok
15:40:35.0898 3360 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:40:35.0991 3360 TapiSrv - ok
15:40:36.0007 3360 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:40:36.0085 3360 TBS - ok
15:40:36.0147 3360 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:40:36.0225 3360 Tcpip - ok
15:40:36.0272 3360 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:40:36.0350 3360 TCPIP6 - ok
15:40:36.0381 3360 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:40:36.0459 3360 tcpipreg - ok
15:40:36.0506 3360 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:40:36.0537 3360 TDPIPE - ok
15:40:36.0568 3360 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:40:36.0631 3360 TDTCP - ok
15:40:36.0678 3360 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:40:36.0740 3360 tdx - ok
15:40:36.0771 3360 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:40:36.0787 3360 TermDD - ok
15:40:36.0849 3360 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:40:36.0927 3360 TermService - ok
15:40:36.0943 3360 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:40:36.0990 3360 Themes - ok
15:40:37.0005 3360 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:40:37.0083 3360 THREADORDER - ok
15:40:37.0130 3360 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:40:37.0224 3360 TrkWks - ok
15:40:37.0286 3360 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:40:37.0395 3360 TrustedInstaller - ok
15:40:37.0442 3360 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:40:37.0536 3360 tssecsrv - ok
15:40:37.0567 3360 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:40:37.0614 3360 TsUsbFlt - ok
15:40:37.0645 3360 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:40:37.0676 3360 TsUsbGD - ok
15:40:37.0676 3360 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:40:37.0785 3360 tunnel - ok
15:40:37.0816 3360 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:40:37.0848 3360 uagp35 - ok
15:40:37.0863 3360 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
15:40:37.0910 3360 UBHelper - ok
15:40:37.0926 3360 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:40:38.0035 3360 udfs - ok
15:40:38.0082 3360 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:40:38.0128 3360 UI0Detect - ok
15:40:38.0144 3360 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:40:38.0175 3360 uliagpkx - ok
15:40:38.0206 3360 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:40:38.0253 3360 umbus - ok
15:40:38.0269 3360 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:40:38.0331 3360 UmPass - ok
15:40:38.0362 3360 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:40:38.0456 3360 upnphost - ok
15:40:38.0487 3360 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:40:38.0534 3360 usbccgp - ok
15:40:38.0550 3360 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:40:38.0596 3360 usbcir - ok
15:40:38.0612 3360 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:40:38.0643 3360 usbehci - ok
15:40:38.0659 3360 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:40:38.0721 3360 usbfilter - ok
15:40:38.0737 3360 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:40:38.0768 3360 usbhub - ok
15:40:38.0784 3360 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:40:38.0862 3360 usbohci - ok
15:40:38.0893 3360 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:40:38.0940 3360 usbprint - ok
15:40:38.0971 3360 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:40:39.0033 3360 USBSTOR - ok
15:40:39.0049 3360 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:40:39.0111 3360 usbuhci - ok
15:40:39.0142 3360 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:40:39.0174 3360 usbvideo - ok
15:40:39.0205 3360 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:40:39.0314 3360 UxSms - ok
15:40:39.0345 3360 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:40:39.0376 3360 VaultSvc - ok
15:40:39.0392 3360 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:40:39.0423 3360 vdrvroot - ok
15:40:39.0454 3360 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:40:39.0548 3360 vds - ok
15:40:39.0610 3360 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:40:39.0642 3360 vga - ok
15:40:39.0657 3360 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:40:39.0751 3360 VgaSave - ok
15:40:39.0782 3360 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:40:39.0829 3360 vhdmp - ok
15:40:39.0844 3360 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:40:39.0876 3360 viaide - ok
15:40:39.0891 3360 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:40:39.0907 3360 volmgr - ok
15:40:39.0938 3360 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:40:39.0985 3360 volmgrx - ok
15:40:40.0000 3360 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:40:40.0032 3360 volsnap - ok
15:40:40.0063 3360 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:40:40.0094 3360 vsmraid - ok
15:40:40.0156 3360 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:40:40.0266 3360 VSS - ok
15:40:40.0297 3360 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:40:40.0328 3360 vwifibus - ok
15:40:40.0359 3360 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:40:40.0422 3360 vwififlt - ok
15:40:40.0453 3360 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:40:40.0546 3360 W32Time - ok
15:40:40.0578 3360 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:40:40.0624 3360 WacomPen - ok
15:40:40.0656 3360 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:40:40.0749 3360 WANARP - ok
15:40:40.0765 3360 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:40:40.0827 3360 Wanarpv6 - ok
15:40:40.0905 3360 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:40:40.0968 3360 WatAdminSvc - ok
15:40:41.0014 3360 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:40:41.0108 3360 wbengine - ok
15:40:41.0155 3360 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:40:41.0202 3360 WbioSrvc - ok
15:40:41.0233 3360 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:40:41.0326 3360 wcncsvc - ok
15:40:41.0358 3360 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:40:41.0404 3360 WcsPlugInService - ok
15:40:41.0436 3360 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:40:41.0467 3360 Wd - ok
15:40:41.0498 3360 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:40:41.0529 3360 Wdf01000 - ok
15:40:41.0576 3360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:40:41.0670 3360 WdiServiceHost - ok
15:40:41.0685 3360 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:40:41.0732 3360 WdiSystemHost - ok
15:40:41.0763 3360 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:40:41.0841 3360 WebClient - ok
15:40:41.0872 3360 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:40:41.0950 3360 Wecsvc - ok
15:40:41.0982 3360 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:40:42.0060 3360 wercplsupport - ok
15:40:42.0091 3360 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:40:42.0184 3360 WerSvc - ok
15:40:42.0216 3360 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:40:42.0294 3360 WfpLwf - ok
15:40:42.0309 3360 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:40:42.0340 3360 WIMMount - ok
15:40:42.0356 3360 WinDefend - ok
15:40:42.0372 3360 WinHttpAutoProxySvc - ok
15:40:42.0434 3360 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:40:42.0528 3360 Winmgmt - ok
15:40:42.0606 3360 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:40:42.0715 3360 WinRM - ok
15:40:42.0777 3360 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:40:42.0886 3360 Wlansvc - ok
15:40:42.0949 3360 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:40:42.0996 3360 wlcrasvc - ok
15:40:43.0089 3360 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:40:43.0167 3360 wlidsvc - ok
15:40:43.0198 3360 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:40:43.0261 3360 WmiAcpi - ok
15:40:43.0292 3360 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:40:43.0354 3360 wmiApSrv - ok
15:40:43.0386 3360 WMPNetworkSvc - ok
15:40:43.0417 3360 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:40:43.0464 3360 WPCSvc - ok
15:40:43.0479 3360 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:40:43.0526 3360 WPDBusEnum - ok
15:40:43.0557 3360 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:40:43.0635 3360 ws2ifsl - ok
15:40:43.0666 3360 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:40:43.0713 3360 wscsvc - ok
15:40:43.0729 3360 WSearch - ok
15:40:43.0838 3360 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:40:43.0932 3360 wuauserv - ok
15:40:43.0947 3360 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:40:44.0056 3360 WudfPf - ok
15:40:44.0088 3360 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:44.0166 3360 WUDFRd - ok
15:40:44.0197 3360 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:40:44.0275 3360 wudfsvc - ok
15:40:44.0290 3360 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:40:44.0368 3360 WwanSvc - ok
15:40:44.0524 3360 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:40:44.0587 3360 YahooAUService - ok
15:40:44.0602 3360 ================ Scan global ===============================
15:40:44.0634 3360 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:40:44.0665 3360 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:40:44.0680 3360 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:40:44.0712 3360 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:40:44.0743 3360 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:40:44.0758 3360 [Global] - ok
15:40:44.0758 3360 ================ Scan MBR ==================================
15:40:44.0774 3360 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:40:45.0382 3360 \Device\Harddisk0\DR0 - ok
15:40:45.0398 3360 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
15:40:45.0632 3360 \Device\Harddisk1\DR2 - ok
15:40:45.0632 3360 ================ Scan VBR ==================================
15:40:45.0663 3360 [ D0D2265E9C95F0D9447C50A4349DA611 ] \Device\Harddisk0\DR0\Partition1
15:40:45.0663 3360 \Device\Harddisk0\DR0\Partition1 - ok
15:40:45.0679 3360 [ A84177ECB10B990EA10DB2F5D57E102C ] \Device\Harddisk0\DR0\Partition2
15:40:45.0694 3360 \Device\Harddisk0\DR0\Partition2 - ok
15:40:45.0710 3360 [ 527089958D5BC76AE515E32D976B7917 ] \Device\Harddisk1\DR2\Partition1
15:40:45.0710 3360 \Device\Harddisk1\DR2\Partition1 - ok
15:40:45.0710 3360 ============================================================
15:40:45.0710 3360 Scan finished
15:40:45.0710 3360 ============================================================
15:40:45.0726 0844 Detected object count: 1
15:40:45.0726 0844 Actual detected object count: 1
15:41:13.0447 0844 PrintNotify ( UnsignedFile.Multi.Generic ) - skipped by user
15:41:13.0447 0844 PrintNotify ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:41:27.0924 0736 Deinitialize success




Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.06.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gary :: GARY-PC [administrator]

3/6/2013 3:51:41 PM
mbam-log-2013-03-06 (15-51-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205172
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




OTL logfile created on: 06/03/2013 4:45:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gary\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.73 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 73.48% Memory free
7.46 Gb Paging File | 6.36 Gb Available in Paging File | 85.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 404.41 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 2.15 Gb Free Space | 28.89% Space Free | Partition Type: FAT32

Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/05 21:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
PRC - [2013/02/28 00:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/02/28 00:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/29 05:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/01/05 13:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 13:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/10/28 14:04:56 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/10/28 14:04:54 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/10/27 10:02:12 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/06/30 18:51:12 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 18:51:12 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/06/30 18:51:10 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/06/30 18:51:10 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/01/05 13:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011/10/28 14:04:54 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/10/28 14:04:54 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/28 00:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/11/05 23:36:56 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/02/07 16:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/05/24 07:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/05 23:36:56 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/18 13:20:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/22 09:15:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/29 05:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/01/05 13:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/06/30 18:51:10 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 11:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/28 00:36:34 | 000,177,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/02/28 00:36:34 | 000,068,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/02/28 00:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/02/28 00:36:33 | 000,377,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/02/28 00:36:33 | 000,071,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/02/28 00:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/02/28 00:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/02/28 00:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/22 14:28:35 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/03/22 14:28:35 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/03/22 14:28:35 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/06 22:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012/02/06 22:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/07/13 21:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 21:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/01 19:37:32 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/24 08:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/24 06:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/29 22:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/27 19:44:46 | 001,417,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/22 18:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/12/01 00:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/28 12:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore


O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{414415B7-2DB5-4790-BD66-82559FA53800}: DhcpNameServer = 71.252.0.12 71.242.0.12
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^Users^Gary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe - ()

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS -
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/03/06 15:44:45 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes
[2013/03/06 15:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/06 15:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/06 15:44:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/06 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/06 15:44:12 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Programs
[2013/03/06 15:42:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/06 15:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/06 15:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/06 15:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/06 15:14:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/06 15:14:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/06 14:59:21 | 000,354,265 | ---- | C] (Farbar) -- C:\Users\Gary\Desktop\FSS.exe
[2013/03/06 14:56:57 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Gary\Desktop\mbam-setup-1.70.0.1100.exe
[2013/03/06 14:55:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gary\Desktop\tdsskiller.exe
[2013/03/06 14:55:14 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2013/03/06 14:54:33 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Gary\Desktop\aswMBR.exe
[2013/03/06 13:10:24 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\ElevatedDiagnostics
[2013/03/06 08:26:18 | 002,205,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PrintConfig.dll
[2013/03/05 21:05:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2013/03/05 20:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/05 20:14:58 | 000,377,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/03/05 20:14:58 | 000,033,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/03/05 20:14:54 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/03/05 20:14:53 | 000,068,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/03/05 20:14:52 | 001,025,880 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/03/05 20:14:41 | 000,080,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/03/05 20:14:40 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/03/05 20:13:55 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/05 20:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/05 20:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/05 20:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2013/03/05 20:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareGuard
[2013/03/05 19:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/03/05 19:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/03/05 19:59:51 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013/03/05 19:59:51 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2013/03/05 19:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/03/05 19:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/05 19:30:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/17 10:35:42 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\PowerCinema

========== Files - Modified Within 30 Days ==========

[2013/03/06 16:27:38 | 000,061,440 | ---- | M] ( ) -- C:\Users\Gary\Desktop\VEW.exe
[2013/03/06 16:25:36 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 16:25:36 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 16:17:57 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013/03/06 16:17:53 | 3002,519,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 15:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/06 15:08:13 | 000,000,512 | ---- | M] () -- C:\Users\Gary\Desktop\MBR.dat
[2013/03/06 14:59:18 | 000,354,265 | ---- | M] (Farbar) -- C:\Users\Gary\Desktop\FSS.exe
[2013/03/06 14:57:30 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Gary\Desktop\mbam-setup-1.70.0.1100.exe
[2013/03/06 14:55:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gary\Desktop\tdsskiller.exe
[2013/03/06 14:55:52 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Gary\Desktop\aswMBR.exe
[2013/03/06 14:55:32 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2013/03/06 13:51:20 | 000,021,460 | ---- | M] () -- C:\Users\Gary\Documents\cc_20130306_135059.reg
[2013/03/06 09:32:47 | 000,013,730 | ---- | M] () -- C:\Users\Gary\Desktop\ccleaner - Shortcut.lnk
[2013/03/06 07:49:08 | 000,597,667 | ---- | M] () -- C:\Users\Gary\Desktop\adwcleaner.exe
[2013/03/05 21:05:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2013/03/05 20:14:59 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/05 20:14:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/05 20:07:39 | 000,000,991 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2013/03/05 19:59:12 | 000,004,032 | ---- | M] () -- C:\Users\Gary\Documents\cc_20130305_195906.reg
[2013/03/05 19:30:02 | 000,468,046 | ---- | M] () -- C:\Users\Gary\Documents\cc_20130305_192927.reg
[2013/03/05 19:23:02 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/05 19:23:02 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/05 19:23:02 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/28 00:36:34 | 000,177,672 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/02/28 00:36:34 | 000,068,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/28 00:36:33 | 001,025,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/28 00:36:33 | 000,377,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/28 00:36:33 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/28 00:36:33 | 000,065,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/02/28 00:36:32 | 000,080,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/28 00:36:31 | 000,033,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/28 00:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/28 00:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/03/06 16:27:45 | 000,061,440 | ---- | C] ( ) -- C:\Users\Gary\Desktop\VEW.exe
[2013/03/06 15:14:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/06 15:14:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/06 15:14:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/06 15:14:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/06 15:14:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/06 15:08:13 | 000,000,512 | ---- | C] () -- C:\Users\Gary\Desktop\MBR.dat
[2013/03/06 13:51:16 | 000,021,460 | ---- | C] () -- C:\Users\Gary\Documents\cc_20130306_135059.reg
[2013/03/06 09:32:47 | 000,013,730 | ---- | C] () -- C:\Users\Gary\Desktop\ccleaner - Shortcut.lnk
[2013/03/06 07:49:12 | 000,597,667 | ---- | C] () -- C:\Users\Gary\Desktop\adwcleaner.exe
[2013/03/05 20:14:59 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/05 20:14:50 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/05 20:14:47 | 000,065,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/05 20:14:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/03/05 20:07:39 | 000,000,991 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2013/03/05 19:59:08 | 000,004,032 | ---- | C] () -- C:\Users\Gary\Documents\cc_20130305_195906.reg
[2013/03/05 19:29:32 | 000,468,046 | ---- | C] () -- C:\Users\Gary\Documents\cc_20130305_192927.reg
[2012/08/18 13:21:04 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/22 09:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/22 13:59:02 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/03/22 13:58:02 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Error accessing drive info (0)
Error accessing drive info (0)

Partitions
---------------

Error accessing partition info (0)
Error accessing partition info (0)

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/10/29 14:34:11 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Adobe
[2013/02/02 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Apple Computer
[2012/10/29 16:08:20 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/07/02 06:42:57 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\CyberLink
[2012/07/02 06:46:51 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Identities
[2012/03/22 14:40:31 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Macromedia
[2013/03/06 15:44:45 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Malwarebytes
[2010/11/20 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Media Center Programs
[2013/03/06 15:10:53 | 000,000,000 | --SD | M] -- C:\Users\Gary\AppData\Roaming\Microsoft
[2012/07/18 23:53:31 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\PopCapv1000
[2013/02/17 10:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\PowerCinema
[2012/10/27 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Skype
[2012/08/18 13:23:41 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 17:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 17:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/07/13 21:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/13 21:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/07/13 21:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/13 21:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/13 21:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 19:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/13 21:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/13 21:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 19:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 19:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010/11/20 19:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 19:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 19:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010/11/20 19:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 19:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 17:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 17:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 17:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 17:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010/11/20 19:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010/11/20 19:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 19:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SysNative\nlaapi.dll
[2010/11/20 19:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 17:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 17:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 17:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 17:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 17:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 17:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 17:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 17:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 17:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 17:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 17:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 17:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 17:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 17:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/21 01:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/21 01:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/21 01:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/13 18:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/11/13 18:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/21 01:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/21 01:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/21 01:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/13 18:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/11/13 18:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >





OTL Extras logfile created on: 06/03/2013 4:45:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gary\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.73 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 73.48% Memory free
7.46 Gb Paging File | 6.36 Gb Available in Paging File | 85.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 404.41 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 2.15 Gb Free Space | 28.89% Space Free | Partition Type: FAT32

Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBD75E9-7632-4AA5-A0ED-2696BCBFC74D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{112DBF53-7D1C-4AFA-981F-335CB3776FB2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{219827B1-BAFE-4401-A79A-A0EAFFA0609C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23E0D080-FCE4-4E9D-9E53-62C91C340887}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C659D91-4142-4FA9-9B45-A064030584AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{302C6BDD-DF85-4177-8132-8DDFF686EA89}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50E2FBC0-A902-43AB-B9F3-E87C3CD506CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{72E5DF05-B825-4642-B171-02FC2A0091C0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{76CF80A6-4011-4DA7-973C-527C2AFC3F0C}" = lport=445 | protocol=6 | dir=in | app=system |
"{8504ABC7-B7D9-4140-8CE1-4DBF238233F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D5FED0E-7252-49D9-A11E-32AA8C1C133F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{91905852-ABF4-4E78-9459-57A843149CA6}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B21948A-99BC-4CCA-A69A-FE4B0C9A0609}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A474ECF4-D2A2-4704-A43E-A4365C7B2EBB}" = rport=139 | protocol=6 | dir=out | app=system |
"{B0AB4842-A1EB-4D17-855E-0D6AAC736413}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B63EA53B-3BB8-49FE-9447-D44AF2654665}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7821FDD-B919-45D4-BFC2-4370FABF09B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5CE94D2-8E31-49BA-8F27-E323C7DD5D69}" = lport=138 | protocol=17 | dir=in | app=system |
"{CE789EAD-F341-4D59-B1F4-806089B5EC98}" = rport=445 | protocol=6 | dir=out | app=system |
"{CF0AAF0D-9A16-4072-B0A1-65E583B64359}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE3C15AD-4EF8-4547-B468-4A15AA2069CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{DF525B70-0295-4F96-82F0-E7541FD86DBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F654CAE7-04EE-4167-8F8C-9FCC92D62E20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00762055-91B0-4CFD-ACC8-85B43D8A64F2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{05E65472-8B62-4B47-A018-E2C4484FC22E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08309F21-3406-4434-ADC6-C929D6E4210A}" = protocol=58 | dir=out | [email protected],-28546 |
"{091CC903-4328-4F5F-81F5-FD48E25BE198}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{1AAA878C-665A-494F-B11C-966A9313ECA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C59B436-0F81-4005-9A06-3F0D20D40C9E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C749503-660A-4244-8D5A-70B64D576AA3}" = protocol=58 | dir=in | [email protected],-28545 |
"{21F7D6D0-7E73-4B8B-9454-B6FFA5E15EA6}" = protocol=1 | dir=out | [email protected],-28544 |
"{264589DE-5163-4457-B0AC-CE0EE9ACE0ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B6BC904-F4FB-43CA-BF74-B8068567EC6B}" = protocol=6 | dir=out | app=system |
"{4BA20BE9-9011-456A-A945-3EC7D2648CAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51570860-846F-4CD0-9D8D-3BEFC86C4A50}" = protocol=1 | dir=in | [email protected],-28543 |
"{53ADE81C-D74C-4496-8066-F93F6C883879}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{5A37C450-40D8-4322-B454-F54AEB3B2176}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5F13F879-DDF8-4B29-8EAF-619EAE43DD91}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{698F9CE6-1F78-4E98-A59A-367DCD0B3D25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{831F97C5-809A-4E9D-A220-2CD148A3256A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{84112C06-39C1-4C1D-B4DB-35627D57956A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89C77CC4-6766-481A-A704-4990B66166E3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{92C32268-07C4-49B2-BA1C-AC400FFBE23B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A3ECFD9B-E1E7-4CB1-B24E-08801FC6485B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{B0FECBF7-427F-4F63-813C-6AF5708D64E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2884CBF-F897-42A1-8550-413DF3EF68BD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C40A7BCA-B416-408E-989B-CAA05E31631F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CC4A4C31-FEB1-4CD7-B526-5A61CEA88228}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{D1578FB4-4728-452E-907D-5D89C6968032}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E1859B47-2914-4124-8415-71621C132A18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2D455F5-045D-457F-899C-8B63F5BA3C4A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3C562F9-B7A2-40D7-925E-CB212FE1F204}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6A4E5FB-938C-4644-8E39-53CC939A9BE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBEFA5E6-575B-4F8B-9642-D7A7A38BCA8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2E12FEB9-11CD-5B44-D51B-0837225A6594}" = AMD Media Foundation Decoders
"{3605D89A-BD66-F5C5-779B-BE9110B41077}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{85FF8CA9-FF07-9E8D-DC2A-05CE786C5646}" = ccc-utility64
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{11C8528F-630F-1BDF-5208-0E1E665EAEC7}" = Catalyst Control Center InstallProxy
"{122B1825-3F1E-F7AA-157C-033A5286339B}" = Catalyst Control Center Localization All
"{1398F892-730D-C334-E7F1-5584F73F3D9F}" = CCC Help Hungarian
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2312197F-544A-0DE9-7E78-2D7BD9C755DE}" = CCC Help Chinese Traditional
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{386AEEC9-0994-0491-E3A8-ECCEB98B693C}" = CCC Help Czech
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3A961DEF-D492-D159-05E7-AFEBD23B1443}" = CCC Help Thai
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4686B678-6E39-CBB0-D2AD-753768D9482C}" = Catalyst Control Center Graphics Previews Common
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4FEB120F-8FAE-C079-F90E-69DDDFE5F24A}" = CCC Help Portuguese
"{5327C3B7-A2BD-DFF9-9AAA-6B25C205A11B}" = CCC Help Finnish
"{56757C8E-7CD5-70F7-7F70-DED7C0290F17}" = CCC Help Russian
"{570D8D7F-9609-753D-D0B2-7057966D7792}" = Zoosk Messenger
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62056544-7C76-36A4-72A2-EE64F1C659E6}" = CCC Help French
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7893F1F4-1A7A-7761-A15B-16248A91F14A}" = CCC Help Polish
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8356465E-39A3-B863-E66D-79BC03B37879}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85905B8F-7C26-A6E2-6FE4-AA891ADF474A}" = CCC Help Danish
"{89EA0D8A-5115-CB48-4B5A-91F8A2A07CB4}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A2BDD89-D2A9-70F1-0F9F-5511B4035F4E}" = CCC Help Italian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987FD645-B12E-BCE0-723F-D99EAB70EE0B}" = AMD VISION Engine Control Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D67169F-A1FD-18D3-C503-69E0B6E7BD09}" = CCC Help Spanish
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A54C3171-046D-9C8F-EEBA-D78A5927156A}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1958B6-C964-BAE1-259C-DB4239BCEEFC}" = CCC Help German
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B51B7CE6-1BFF-1E08-FAE3-75AD36B9A399}" = CCC Help Japanese
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0B83E1B-9DDD-B169-BFA9-DF46CAB9D528}" = CCC Help Chinese Standard
"{D20EB399-E879-EB25-F5B2-1CBCBE8B27AB}" = CCC Help Turkish
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA188C57-85BA-0AB4-D11B-2892B79EDF4D}" = CCC Help Dutch
"{EDCF6C26-F42B-EEE7-C42F-C5DD7509C1EA}" = CCC Help Norwegian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2207310-FE8E-CB9D-C44C-3042F966CDAD}" = CCC Help Greek
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FCDB0EF3-673C-FDCE-6498-750F51391660}" = Fooz Kids
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"egames" = eGames Toolbar
"egamestoolbar" = eGames Toolbar
"Escape Whisper Valley" = Escape Whisper Valley
"FoozKids" = Fooz Kids
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"PCHealthBoost" = PCHealthBoost 2.2.3
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SpywareGuard_is1" = SpywareGuard v2.2
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-01af0503-8643-4388-9745-ded677d49c32" = FATE
"WTA-0c28b554-d859-4417-9a6d-5be11f505435" = Chuzzle Deluxe
"WTA-127429c1-8bb3-4f8b-8ab1-bc11e85226c4" = Jewel Match 3
"WTA-22452945-1d38-48c7-a3f5-b4cb73165bc5" = Bejeweled 3
"WTA-303f32b5-fbd0-43af-9378-49761668588b" = Virtual Villagers 5 - New Believers
"WTA-60d7f65b-79f9-468a-9ccc-f3d882c0153c" = Chronicles of Albian
"WTA-8123cd0c-53ed-4b0f-ae6e-9d91ed1153ea" = Final Drive: Nitro
"WTA-8d3bce74-feb3-4c50-b523-871464db0d8d" = Zuma's Revenge
"WTA-9b831695-c453-43ae-ac88-507b4c11f0c7" = Tales of Lagoona
"WTA-ac293e74-f167-468c-9ae2-c18f095378a2" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-ad759230-6e23-4797-bd34-57aefaf7e9bb" = Plants vs. Zombies - Game of the Year
"WTA-affe23db-168e-4450-907b-fcc7473fb41e" = Dora's World Adventure
"WTA-b66138b0-de27-4843-8189-eb0bd7b4a35a" = Polar Golfer
"WTA-c139e9c2-c255-4ab2-8aae-2dffd622b2a4" = Cradle of Rome 2
"WTA-c1d0e4f0-ffe8-48f8-b3c5-b1f2e5dda3b4" = Agatha Christie - Death on the Nile
"WTA-c9f67d17-e42a-4d5f-8453-a672ddc99fec" = Penguins!
"WTA-ca58d81d-2589-4027-b472-5eba232d2a2e" = Torchlight
"WTA-d0894171-c73a-4d99-8737-ea266deda501" = Polar Bowler
"WTA-ed275611-c1bd-4ab6-8370-4a67a1a26d90" = Governor of Poker 2 Premium Edition
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"4 Elements" = 4 Elements
"Drop!" = Drop!
"The Lost Inca Prophecy" = The Lost Inca Prophecy

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/03/2013 8:18:54 PM | Computer Name = Gary-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ePowerTray.exe, version: 6.0.3010.0, time
stamp: 0x4f30f0a8 Faulting module name: ePowerTray.exe, version: 6.0.3010.0, time
stamp: 0x4f30f0a8 Exception code: 0xc0000005 Fault offset: 0x0000000000012049 Faulting
process id: 0xe24 Faulting application start time: 0x01ce1ac95780e01a Faulting application
path: C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe Faulting module
path: C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe Report Id: 97df8b90-86bc-11e2-846b-e840f2afb577

Error - 06/03/2013 8:19:42 PM | Computer Name = Gary-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/03/2013 8:20:33 PM | Computer Name = Gary-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

[ Media Center Events ]
Error - 24/02/2013 11:03:31 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 7:03:31 AM - Error connecting to the internet. 7:03:31 AM - Unable
to contact server..

Error - 25/02/2013 9:27:55 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 5:27:55 AM - Error connecting to the internet. 5:27:55 AM - Unable
to contact server..

Error - 26/02/2013 8:45:00 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 4:45:00 AM - Error connecting to the internet. 4:45:00 AM - Unable
to contact server..

Error - 27/02/2013 6:42:43 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 2:42:42 AM - Error connecting to the internet. 2:42:43 AM - Unable
to contact server..

Error - 28/02/2013 11:57:21 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 7:57:21 AM - Error connecting to the internet. 7:57:21 AM - Unable
to contact server..

Error - 01/03/2013 11:52:52 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 7:52:52 AM - Error connecting to the internet. 7:52:52 AM - Unable
to contact server..

Error - 02/03/2013 8:09:25 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 4:09:25 AM - Error connecting to the internet. 4:09:25 AM - Unable
to contact server..

Error - 04/03/2013 3:25:45 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 11:25:45 PM - Error connecting to the internet. 11:25:45 PM - Unable
to contact server..

Error - 05/03/2013 4:12:47 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 12:12:47 PM - Error connecting to the internet. 12:12:47 PM - Unable
to contact server..

Error - 06/03/2013 11:48:20 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = 7:48:20 AM - Error connecting to the internet. 7:48:20 AM - Unable
to contact server..

[ System Events ]
Error - 06/03/2013 8:17:09 PM | Computer Name = Gary-PC | Source = DCOM | ID = 10010
Description =

Error - 06/03/2013 8:18:21 PM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Skype
Updater service to connect.

Error - 06/03/2013 8:18:22 PM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Yahoo!
Updater service to connect.

Error - 06/03/2013 8:18:22 PM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7000
Description = The Yahoo! Updater service failed to start due to the following error:
%%1053


< End of report >





Farbar Service Scanner Version: 03-03-2013
Ran by Gary (administrator) on 06-03-2013 at 17:11:31
Running from "C:\Users\Gary\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#8
RKinner
Posted 06 March 2013 - 06:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
The error you got with VEW is usually caused by forgetting to right click and Run As Admin. Try again.

I don't see any malware so I think you'll be good to go unless VEW shows something broken.

Let's clean up some deadwood:


Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\03062013-some number.log so look there if you don't see it.

Your Adobe Reader is out of date. It should be version XI not X. Uninstall Adobe Reader X (10.1.6) MUI and then go to Adobe.com and get the latest version of Reader. Note that they will try and foist some extra stuff on you such as a toolbar or security scan. Uncheck the foistware before you finish the download.
  • 0

#9
honeybear2002
Posted 21 March 2013 - 08:15 PM

honeybear2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry I haven't gotten back on here in a few days - between ear infections in 3 of my 4 kids and homeschooling and daily life, the computer took a backseat! I ran the fix you posted, here is the OTL log:

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/SAFFPlugin\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\ not found.
File C:\Program Files (x86)\McAfee\SiteAdvisor not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\ not found.
File C:\Program Files (x86)\Common Files\McAfee\SystemCore not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gary
->Flash cache emptied: 566 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb




[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gary

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03212013_215214



I again tried running VEW.exe as administrator but to no avail - it is still giving me the same error message as before. I am updating the Adobe program now. The last time I was on this computer, I got a blue screen and when the system restarted I saved the error information, which you will find copied below.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 116
BCP1: FFFFFA80055C54E0
BCP2: FFFFF88003FB4A1C
BCP3: 0000000000000000
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\030613-27393-01.dmp
C:\Users\Gary\AppData\Local\Temp\WER-63539-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


Is this an indication of a separate problem? You have been such a help and I really appreciate your taking the time to answer my questions!
Melissa

Edited by honeybear2002, 21 March 2013 - 10:23 PM.

  • 0

#10
RKinner
Posted 21 March 2013 - 10:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
116 is a graphics error of some sort. Make sure your display adapter has the latest driver and that you haven't changed the defaults.

VEW should work if you right click on it and Run As Admin. Being logged in as Admin is not enough.
  • 0

Advertisements

#11
honeybear2002
Posted 22 March 2013 - 05:51 AM

honeybear2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
When I right click and run as administrator, I still get the error message, but I went searching for the .txt file anyway and this is the VEW.txt file's contents:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/03/2013 7:49:04 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




As you can see it is empty, so I'm assuming that's a good thing? thanks again!
melissa
  • 0

#12
RKinner
Posted 22 March 2013 - 09:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
For your BSOD:

Get Whocrashed from http://www.resplende...rashedSetup.exe

Download, Save and then run by Right clicking and Run As Admin. After it installs, Launch the Program. Click on Analyze! then File, Export. This should create a report called WhoCrashedOutput.htm. Attach it to your next post. (If it won't let you attach it then change the .htm to .txt and then attach it.)

Let's run DDS. It will give me some of the same info that VEW would give if it worked:

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
  • 0

#13
honeybear2002
Posted 22 March 2013 - 12:41 PM

honeybear2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok, here are the dds files. dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by Gary at 14:30:54 on 2013-03-22
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 71.252.0.12 71.242.0.12
TCP: Interfaces\{414415B7-2DB5-4790-BD66-82559FA53800} : DHCPNameServer = 71.252.0.12 71.242.0.12
Handler: cdl - <Clsid value has no data>
Handler: file - <Clsid value has no data>
Handler: ftp - <Clsid value has no data>
Handler: https - <Clsid value has no data>
Handler: javascript - <Clsid value has no data>
Handler: local - <Clsid value has no data>
Handler: mailto - <Clsid value has no data>
Handler: mk - <Clsid value has no data>
Handler: res - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
x64-mStart Page = hxxp://acer.msn.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Handler: cdl - <Clsid value has no data>
x64-Handler: file - <Clsid value has no data>
x64-Handler: ftp - <Clsid value has no data>
x64-Handler: https - <Clsid value has no data>
x64-Handler: javascript - <Clsid value has no data>
x64-Handler: local - <Clsid value has no data>
x64-Handler: mailto - <Clsid value has no data>
x64-Handler: mk - <Clsid value has no data>
x64-Handler: res - <Clsid value has no data>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-03-22 21:23:14 -------- d-----w- C:\Program Files\WhoCrashed
2013-03-22 14:39:54 -------- d-----w- C:\Program Files (x86)\ZooskMessenger
2013-03-22 06:53:25 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-22 06:53:21 -------- d-----w- C:\53cea30de4155d3316e6387f
2013-03-22 06:53:02 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9b4cd1c01ce26c901\skydrivesetup.exe
2013-03-22 06:53:02 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-03-22 06:52:57 -------- d-----r- C:\Users\Gary\SkyDrive
2013-03-22 06:52:54 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\da1d4c651ce26c908\DSETUP.dll
2013-03-22 06:52:54 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\da1d4c651ce26c908\DXSETUP.exe
2013-03-22 06:52:54 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\da1d4c651ce26c908\dsetup32.dll
2013-03-22 06:52:14 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c4e43f981ce26c906\DXSETUP.exe
2013-03-22 06:52:13 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c4e43f981ce26c906\DSETUP.dll
2013-03-22 06:52:13 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c4e43f981ce26c906\dsetup32.dll
2013-03-22 06:52:11 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-03-22 06:51:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a2bb64dc1ce26c903\DXSETUP.exe
2013-03-22 06:51:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a2bb64dc1ce26c903\DSETUP.dll
2013-03-22 06:51:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a2bb64dc1ce26c903\dsetup32.dll
2013-03-22 06:51:06 889416 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9f6920291ce26c902\dotNetFx40_Full_setup.exe
2013-03-22 06:50:04 -------- d-----w- C:\Users\Gary\AppData\Local\Windows Live
2013-03-22 06:43:13 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2013-03-22 04:34:58 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-22 04:34:58 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-22 04:34:15 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-03-22 04:33:51 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-22 04:33:17 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-03-22 04:33:06 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-07 05:01:43 -------- d-----w- C:\_OTL
2013-03-06 23:44:45 -------- d-----w- C:\Users\Gary\AppData\Roaming\Malwarebytes
2013-03-06 23:44:26 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-06 23:44:25 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-06 23:44:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-06 23:44:12 -------- d-----w- C:\Users\Gary\AppData\Local\Programs
2013-03-06 23:42:33 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-06 23:14:56 98816 ----a-w- C:\Windows\sed.exe
2013-03-06 23:14:56 256000 ----a-w- C:\Windows\PEV.exe
2013-03-06 23:14:56 208896 ----a-w- C:\Windows\MBR.exe
2013-03-06 21:34:39 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-06 21:34:37 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-06 21:34:36 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-06 21:34:23 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-03-06 21:34:20 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-03-06 21:34:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-03-06 21:34:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-03-06 21:34:18 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-03-06 21:34:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-03-06 21:34:15 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-03-06 21:34:12 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-06 21:34:11 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-06 21:10:24 -------- d-----w- C:\Users\Gary\AppData\Local\ElevatedDiagnostics
2013-03-06 16:26:18 2205696 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2013-03-06 04:14:54 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 04:14:52 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 04:14:50 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 04:14:47 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 04:14:41 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 04:13:55 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-06 04:13:24 -------- d-----w- C:\Program Files\AVAST Software
2013-03-06 04:10:13 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-06 04:07:38 -------- d-----w- C:\Program Files (x86)\SpywareGuard
2013-03-06 03:59:59 -------- d-----w- C:\ProgramData\Licenses
2013-03-06 03:59:51 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-03-06 03:59:51 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2013-03-06 03:59:49 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-03-06 03:58:13 -------- d-----w- C:\Program Files\CCleaner
2013-03-06 03:30:20 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2013-03-22 07:09:59 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 07:09:59 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
.
============= FINISH: 14:31:24.58 ===============




attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
4 Elements
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX
Agatha Christie - Death on the Nile
AMD APP SDK Runtime
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
avast! Free Antivirus
Backup Manager V3
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chronicles of Albian
Chuzzle Deluxe
clear.fi
clear.fi Client
Cradle of Rome 2
D3DX10
Dora's World Adventure
Drop!
eBay Worldwide
eGames Toolbar
Escape Whisper Valley
Evernote v. 4.5.2
FATE
Final Drive: Nitro
Fooz Kids
Fooz Kids Platform
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Governor of Poker 2 Premium Edition
Identity Card
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Norton Online Backup
NTI Media Maker 9
PCHealthBoost 2.2.3
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Shredder
Skype™ 6.3
SpywareBlaster 5.0
SpywareGuard v2.2
Synaptics Pointing Device Driver
Tales of Lagoona
The Lost Inca Prophecy
Torchlight
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
Welcome Center
WhoCrashed 4.01
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zoosk Messenger
Zuma's Revenge
.
==== End Of File ===========================

Attached Files


  • 0

#14
RKinner
Posted 22 March 2013 - 12:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
WhoCrashed didn't find any dumps. Not sure it's working correctly. Let's try Bluescreenview:


Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Right click on BlueScreenView.exe file and Run As Admin.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Let's see if your event viewer is even working.

Right click on Computer and select Manage (continue) then click on the arrow in front of Event Viewer then on the arrow in front of Windows Logs. Click on System. It will usually take a few seconds but then you should get a list of all events. Do you see any? Do they have recent dates?
  • 0

#15
honeybear2002
Posted 01 April 2013 - 01:41 PM

honeybear2002

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
BlueScreenView did not find any dumps either, which is strange because there were all kinds of critical/error events listed in the event viewer. I ordered the logs by status (critical first, then error, warning, and informational) instead of by date - the dates were set up in a strange way - all of January's dates were listed first because they were listed as mm/dd/yy, but the logs from March were listed as dd/mm/yy...anyway...I saved the events into a txt file and have pasted the results here in case that helps in any way. Not sure why blue screen view and VEW did not work - I am right-clicking and running them as administrator but still nothing is being found. This system is a 64-bit system as opposed to a 32-bit? I also noticed that in the C drive, it lists two nearly-identical folders - their names are "Program Files" and "Program Files (x86)" - is this ok? thanks again for all of your help!

Level Date and Time Source Event ID Task Category
Critical 06/03/2013 8:40:25 PM Microsoft-Windows-Kernel-Power 41 (63) The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Error 22/03/2013 2:14:11 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 2:17:08 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 9:41:48 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
Error 22/03/2013 2:14:11 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 9:41:48 PM Service Control Manager 7000 None "The Yahoo! Updater service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 12:06:23 AM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 2:17:08 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 9:41:48 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
Error 22/03/2013 12:10:46 AM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 12:29:08 AM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 06/03/2013 4:18:21 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
Error 06/03/2013 4:18:22 PM Service Control Manager 7000 None "The Yahoo! Updater service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 06/03/2013 4:18:22 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
Error 06/03/2013 9:01:57 PM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 22/03/2013 12:10:46 AM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 12:20:29 AM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 12:20:29 AM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 2:36:59 PM Microsoft-Windows-DistributedCOM 10016 None "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B77C4C36-0154-4C52-AB49-FAA03837E47F}
and APPID
{EA022610-0748-4C24-B229-6C507EBDFDBB}
to the user Gary-PC\Gary SID (S-1-5-21-580463329-609618652-2980673513-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool."
Error 22/03/2013 2:37:24 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 2:30:00 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 2:30:00 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 2:38:57 PM Microsoft-Windows-DistributedCOM 10016 None "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B77C4C36-0154-4C52-AB49-FAA03837E47F}
and APPID
{EA022610-0748-4C24-B229-6C507EBDFDBB}
to the user Gary-PC\Gary SID (S-1-5-21-580463329-609618652-2980673513-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool."
Error 06/03/2013 9:02:48 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
Error 22/03/2013 2:37:24 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 06/03/2013 9:02:48 PM Service Control Manager 7000 None "The Yahoo! Updater service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 2:28:38 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 2:18:32 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 2:20:25 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 12:06:23 AM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 2:18:32 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 2:25:06 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 2:28:38 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 2:20:25 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 2:25:06 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 7:41:08 AM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 11:42:04 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 11:42:04 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 10:00:02 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 10:00:02 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 11:47:12 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 11:47:12 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 11:45:41 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 11:45:41 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 11:40:26 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 06/03/2013 8:40:40 PM EventLog 6008 None The previous system shutdown at 8:38:54 PM on ‎3/‎6/‎2013 was unexpected.
Error 21/03/2013 10:25:41 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 06/03/2013 8:40:46 PM Microsoft-Windows-WER-SystemErrorReporting 1001 None The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa80055c54e0, 0xfffff88003fb4a1c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030613-27393-01.
Error 21/03/2013 9:39:25 PM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 21/03/2013 10:11:44 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 11:40:26 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 10:25:41 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 10:11:44 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 06/03/2013 8:40:44 PM Service Control Manager 7000 None "The Yahoo! Updater service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 9:53:19 PM Service Control Manager 7000 None "The Yahoo! Updater service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 7:38:37 AM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Error 22/03/2013 7:38:37 AM Service Control Manager 7000 None "The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 9:53:18 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
Error 22/03/2013 7:41:08 AM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 9:53:19 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
Error 22/03/2013 12:03:17 AM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 22/03/2013 7:38:37 AM Microsoft-Windows-DistributedCOM 10005 None "DCOM got error ""1053"" attempting to start the service WSearch with arguments """" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}"
Error 21/03/2013 11:49:35 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 11:49:35 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 7:37:34 AM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
Error 22/03/2013 7:37:34 AM Service Control Manager 7000 None "The Yahoo! Updater service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 22/03/2013 7:38:21 AM Service Control Manager 7031 None The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error 06/03/2013 8:40:44 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
Error 06/03/2013 8:40:44 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
Error 22/03/2013 7:38:21 AM Service Control Manager 7024 None The Windows Search service terminated with service-specific error %%-1073473535.
Error 22/03/2013 12:04:21 AM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
Error 01/04/2013 12:02:25 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 01/04/2013 12:02:54 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 12:05:35 AM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 12:04:21 AM Service Control Manager 7000 None "The Yahoo! Updater service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 06/03/2013 4:17:09 PM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 01/04/2013 12:02:54 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 01/04/2013 12:04:16 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 9:48:08 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 9:52:24 PM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 01/04/2013 12:01:47 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 01/04/2013 3:02:10 PM Microsoft-Windows-DistributedCOM 10016 None "The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Gary-PC\Gary SID (S-1-5-21-580463329-609618652-2980673513-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool."
Error 01/04/2013 12:04:16 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 9:48:32 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 21/03/2013 9:48:32 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 21/03/2013 9:48:08 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 06/03/2013 9:02:47 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
Error 01/04/2013 12:02:25 PM Service Control Manager 7009 None A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
Error 22/03/2013 12:05:35 AM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Error 01/04/2013 12:01:47 PM Service Control Manager 7000 None "The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion."
Warning 06/03/2013 4:17:19 PM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 21/03/2013 9:40:24 PM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 21/03/2013 9:40:24 PM Microsoft-Windows-Time-Service 134 None NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The requested name is valid, but no data of the requested type was found. (0x80072AFC)
Warning 22/03/2013 12:03:25 AM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 22/03/2013 12:06:12 AM Microsoft-Windows-DNS-Client 1014 None Name resolution for the name ad.yieldmanager.com timed out after none of the configured DNS servers responded.
Warning 06/03/2013 9:02:03 PM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 21/03/2013 9:52:30 PM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 22/03/2013 12:06:00 AM Microsoft-Windows-DNS-Client 1014 None Name resolution for the name ad.yieldmanager.com timed out after none of the configured DNS servers responded.
Warning 22/03/2013 12:35:27 AM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 22/03/2013 12:06:13 AM Microsoft-Windows-DNS-Client 1014 None Name resolution for the name ci.beap.ad.yieldmanager.net timed out after none of the configured DNS servers responded.
Information 07/03/2013 9:55:37 AM Service Control Manager 7036 None The Disk Defragmenter service entered the stopped state.
Information 07/03/2013 9:55:37 AM Service Control Manager 7036 None The DNS Client service entered the stopped state.
Information 07/03/2013 9:55:40 AM Service Control Manager 7036 None The DNS Client service entered the running state.
Information 06/03/2013 9:02:41 PM Service Control Manager 7036 None The User Profile Service service entered the running state.
Information 06/03/2013 9:26:32 PM Service Control Manager 7036 None The Volume Shadow Copy service entered the stopped state.
Information 07/03/2013 9:55:40 AM Service Control Manager 7036 None The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Information 07/03/2013 9:55:38 AM Service Control Manager 7042 None "The TCP/IP NetBIOS Helper service was successfully sent a stop control.

The reason specified was: 0x40030011 [Operating System: Network Connectivity (Planned)]

Comment: None"
Information 07/03/2013 9:55:38 AM Service Control Manager 7036 None The TCP/IP NetBIOS Helper service entered the stopped state.
Information 06/03/2013 9:02:41 PM Service Control Manager 7036 None The Desktop Window Manager Session Manager service entered the running state.
Information 06/03/2013 9:02:41 PM Service Control Manager 7036 None The Security Accounts Manager service entered the running state.
Information 06/03/2013 9:38:46 PM Service Control Manager 7036 None The Disk Defragmenter service entered the running state.
Information 06/03/2013 9:42:44 PM Service Control Manager 7036 None The Diagnostic System Host service entered the stopped state.
Information 06/03/2013 9:02:41 PM Service Control Manager 7036 None The System Event Notification Service service entered the running state.
Information 06/03/2013 9:29:10 PM Service Control Manager 7036 None The Multimedia Class Scheduler service entered the stopped state.
Information 06/03/2013 9:28:10 PM Service Control Manager 7036 None The Application Experience service entered the stopped state.
Information 06/03/2013 9:29:32 PM Service Control Manager 7036 None The Microsoft Software Shadow Copy Provider service entered the stopped state.
Information 06/03/2013 9:02:41 PM Service Control Manager 7036 None The Windows Driver Foundation - User-mode Driver Framework service entered the running state.
Information 06/03/2013 9:35:57 PM Service Control Manager 7036 None The Windows Installer service entered the stopped state.
Information 06/03/2013 9:45:39 PM volsnap 33 None The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.
Information 06/03/2013 9:54:42 PM Service Control Manager 7036 None The Microsoft Software Shadow Copy Provider service entered the stopped state.
Information 06/03/2013 9:51:42 PM Service Control Manager 7036 None The Volume Shadow Copy service entered the stopped state.
Information 06/03/2013 9:55:32 PM Service Control Manager 7036 None The Windows Image Acquisition (WIA) service entered the paused state.
Information 07/03/2013 9:55:37 AM Microsoft-Windows-Kernel-General 1 None The system time has changed to ‎2013‎-‎03‎-‎07T17:55:37.500000000Z from ‎2013‎-‎03‎-‎07T05:55:37.177999600Z.
Information 06/03/2013 9:55:35 PM Microsoft-Windows-Kernel-Power 42 (64) "The system is entering sleep.

Sleep Reason: System Idle"
Information 06/03/2013 9:48:41 PM Service Control Manager 7036 None The Microsoft Software Shadow Copy Provider service entered the running state.
Information 06/03/2013 9:48:41 PM Service Control Manager 7036 None The Volume Shadow Copy service entered the running state.
Information 06/03/2013 9:49:32 PM volsnap 33 None The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.
Information 06/03/2013 9:02:41 PM Service Control Manager 7036 None The COM+ Event System service entered the running state.
Information 06/03/2013 9:50:05 PM Service Control Manager 7036 None The Windows Modules Installer service entered the running state.
Information 21/03/2013 9:30:37 PM Service Control Manager 7036 None The Adobe Flash Player Update Service service entered the stopped state.
Information 21/03/2013 9:30:37 PM Service Control Manager 7036 None The Adobe Flash Player Update Service service entered the running state.
Information 21/03/2013 9:31:56 PM Service Control Manager 7036 None The Windows Error Reporting Service service entered the stopped state.
Information 21/03/2013 9:30:54 PM Service Control Manager 7036 None The Windows Media Center Scheduler Service service entered the running state.
Information 21/03/2013 9:30:36 PM Service Control Manager 7036 None The Windows Time service entered the running state.
Information 21/03/2013 9:30:23 PM Service Control Manager 7036 None The Multimedia Class Scheduler service entered the running state.
Information 21/03/2013 9:29:56 PM Service Control Manager 7036 None The Windows Error Reporting Service service entered the running state.
Information 21/03/2013 9:30:32 PM EventLog 6013 None The system uptime is 3257 seconds.
Information 21/03/2013 9:30:26 PM Service Control Manager 7040 None The start type of the Windows Modules Installer service was changed from demand start to auto start.
Information 21/03/2013 9:32:40 PM Service Control Manager 7040 None The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
Information 21/03/2013 9:36:07 PM Service Control Manager 7036 None The Windows Media Center Receiver Service service entered the running state.
Information 21/03/2013 9:36:05 PM Service Control Manager 7036 None The Windows Search service entered the running state.
Information 21/03/2013 9:37:01 PM Service Control Manager 7036 None The Application Experience service entered the running state.
Information 06/03/2013 9:02:39 PM Service Control Manager 7036 None The AMD External Events Utility service entered the running state.
Information 21/03/2013 9:35:51 PM Service Control Manager 7036 None The Windows Media Center Receiver Service service entered the stopped state.
Information 06/03/2013 9:02:40 PM Service Control Manager 7036 None The Multimedia Class Scheduler service entered the running state.
Information 21/03/2013 9:34:51 PM Service Control Manager 7036 None The Windows Media Center Receiver Service service entered the running state.
Information 21/03/2013 9:35:24 PM Service Control Manager 7036 None The Multimedia Class Scheduler service entered the stopped state.
Information 06/03/2013 9:02:39 PM Service Control Manager 7036 None The Windows Event Log service entered the running state.
Information 21/03/2013 9:29:55 PM Service Control Manager 7036 None The Windows Image Acquisition (WIA) service entered the running state.
Information 07/03/2013 9:55:46 AM Service Control Manager 7036 None The Microsoft Software Shadow Copy Provider service entered the running state.
Information 07/03/2013 9:55:46 AM Service Control Manager 7036 None The Volume Shadow Copy service entered the running state.
Information 06/03/2013 9:02:41 PM Service Control Manager 7036 None The Group Policy Client service entered the running state.
Information 21/03/2013 9:29:50 PM Microsoft-Windows-Kernel-General 1 None The system time has changed to ‎2013‎-‎03‎-‎22T04:29:50.500000000Z from ‎2013‎-‎03‎-‎07T17:56:01.352441600Z.
Information 07/03/2013 9:55:45 AM Microsoft-Windows-Kernel-Power 42 (64) "The system is entering sleep.

Sleep Reason: Hibernate from Sleep"
Information 07/03/2013 9:55:40 AM Microsoft-Windows-Power-Troubleshooter 1 None "The system has resumed from sleep.

Sleep Time: ‎2013‎-‎03‎-‎07T17:55:39.372003300Z
Wake Time: ‎2013‎-‎03‎-‎07T17:55:38.264401300Z

Wake Source: S4 Doze to Hibernate"
Information 07/03/2013 9:55:40 AM Service Control Manager 7036 None The TCP/IP NetBIOS Helper service entered the running state.
Information 07/03/2013 9:55:44 AM Service Control Manager 7036 None The Windows Image Acquisition (WIA) service entered the paused state.
Information 07/03/2013 9:55:42 AM Service Control Manager 7036 None The Windows Image Acquisition (WIA) service entered the running state.
Information 06/03/2013 9:02:41 PM Service Control Manager 7036 None The Themes service entered the running state.
Information 21/03/2013 9:29:54 PM Microsoft-Windows-Power-Troubleshooter 1 None "The system has resumed from sleep.

Sleep Time: ‎2013‎-‎03‎-‎07T17:55:39.372003300Z
Wake Time: ‎2013‎-‎03‎-‎22T04:29:53.230004700Z

Wake Source: Unknown"
Information 21/03/2013 9:29:53 PM Service Control Manager 7036 None The TCP/IP NetBIOS Helper service entered the stopped state.
Information 21/03/2013 9:29:55 PM Service Control Manager 7036 None The TCP/IP NetBIOS Helper service entered the running state.
Information 21/03/2013 9:29:54 PM Service Control Manager 7036 None The DNS Client service entered the running state.
Information 21/03/2013 9:29:53 PM Service Control Manager 7042 None "The TCP/IP NetBIOS Helper service was successfully sent a stop control.

The reason specified was: 0x40030011 [Operating System: Network Connectivity (Planned)]

Comment: None"
Information 06/03/2013 9:02:40 PM Service Control Manager 7036 None The Windows Audio Endpoint Builder service entered the running state.
Information 06/03/2013 9:02:40 PM Service Control Manager 7036 None The Windows Audio service entered the running state.
Information 21/03/2013 9:29:53 PM Service Control Manager 7036 None The DNS Client service entered the stopped state.
Information 21/03/2013 9:29:51 PM Microsoft-Windows-Kernel-General 1 None The system time has changed to ‎2013‎-‎03‎-‎22T04:29:51.654402000Z from ‎2013‎-‎03‎-‎22T04:29:51.654402000Z.
Information 06/03/2013 9:02:44 PM Service Control Manager 7036 None The Windows Firewall service entered the running state.
Information 06/03/2013 9:02:44 PM Service Control Manager 7036 None The Workstation service entered the running state.
Information 06/03/2013 9:02:43 PM Service Control Manager 7036 None The Base Filtering Engine service entered the running state.
Information 06/03/2013 9:02:51 PM Service Control Manager 7036 None The Computer Browser service entered the running state.
Information 06/03/2013 9:02:50 PM Service Control Manager 7036 None The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Information 06/03/2013 9:02:50 PM Service Control Manager 7036 None The Diagnostic System Host service entered the running state.
Information 06/03/2013 9:02:44 PM Service Control Manager 7036 None The Cryptographic Services service entered the running state.
Information 06/03/2013 9:02:50 PM Service Control Manager 7036 None The Internet Connection Sharing (ICS) service entered the stopped state.
Information 06/03/2013 9:02:44 PM Service Control Manager 7036 None The Adobe Acrobat Update Service service entered the running state.
Information 06/03/2013 9:02:50 PM Service Control Manager 7036 None The Network List Service service entered the running state.
Information 06/03/2013 9:02:50 PM Service Control Manager 7036 None The Diagnostic Service Host service entered the running state.
Information 06/03/2013 9:03:28 PM Service Control Manager 7036 None The Application Information service entered the running state.
Information 06/03/2013 9:02:43 PM Service Control Manager 7036 None The avast! Antivirus service entered the running state.
Information 06/03/2013 9:03:36 PM Microsoft-Windows-WMPNSS-Service 14204 None Service 'WMPNetworkSvc' started.
Information 06/03/2013 9:03:36 PM Service Control Manager 7036 None The Windows Search service entered the running state.
Information 06/03/2013 9:03:34 PM Service Control Manager 7036 None The Windows Error Reporting Service service entered the running state.
Information 06/03/2013 9:03:22 PM Microsoft-Windows-Winlogon 7001 (1101) User Logon Notification for Customer Experience Improvement Program
Information 06/03/2013 9:02:52 PM Service Control Manager 7036 None The Portable Device Enumerator Service service entered the running state.
Information 06/03/2013 9:02:51 PM Service Control Manager 7036 None The IPsec Policy Agent service entered the running state.
Information 06/03/2013 9:03:02 PM Microsoft-Windows-UserPnp 20003 (7005) Driver Management has concluded the process to add Service tunnel for Device Instance ID ROOT\*ISATAP\0000 with the following status: 0.
Information 06/03/2013 9:02:43 PM Service Control Manager 7036 None The Task Scheduler service entered the running state.
Information 06/03/2013 9:02:43 PM Service Control Manager 7036 None The Print Spooler service entered the running state.
Information 06/03/2013 9:02:47 PM Service Control Manager 7036 None The Program Compatibility Assistant Service service entered the running state.
Information 06/03/2013 9:02:49 PM Service Control Manager 7036 None The Windows Management Instrumentation service entered the running state.
Information 06/03/2013 9:02:47 PM Microsoft-Windows-Application-Experience 201 None The Program Compatibility Assistant service started successfully.
Information 06/03/2013 9:02:49 PM Service Control Manager 7036 None The IP Helper service entered the running state.
Information 06/03/2013 9:02:47 PM Service Control Manager 7036 None The NTI IScheduleSvc service entered the running state.
Information 06/03/2013 9:02:49 PM Service Control Manager 7036 None The Secondary Logon service entered the running state.
Information 06/03/2013 9:02:47 PM Service Control Manager 7036 None The Windows Image Acquisition (WIA) service entered the running state.
Information 06/03/2013 9:02:47 PM Service Control Manager 7036 None The Superfetch service entered the running state.
Information 06/03/2013 9:02:47 PM Service Control Manager 7036 None The Distributed Link Tracking Client service entered the running state.
Information 06/03/2013 9:02:47 PM Service Control Manager 7036 None The Telephony service entered the running state.
Information 06/03/2013 9:02:47 PM Service Control Manager 7036 None The Secure Socket Tunneling Protocol Service service entered the running state.
Information 06/03/2013 9:02:49 PM Service Control Manager 7036 None The Remote Access Connection Manager service entered the running state.
Information 06/03/2013 9:02:45 PM Service Control Manager 7036 None The GREGService service entered the running state.
Information 06/03/2013 9:02:44 PM Service Control Manager 7036 None The ePower Service service entered the running state.
Information 06/03/2013 9:02:44 PM Service Control Manager 7036 None The Diagnostic Policy Service service entered the running state.
Information 06/03/2013 9:02:44 PM Service Control Manager 7036 None The Dritek WMI Service service entered the running state.
Information 06/03/2013 9:02:45 PM Service Control Manager 7036 None The Live Updater Service service entered the running state.
Information 06/03/2013 9:02:46 PM Service Control Manager 7036 None The Network Location Awareness service entered the running state.
Information 06/03/2013 9:02:47 PM Service Control Manager 7036 None The Norton Online Backup service entered the running state.
Information 06/03/2013 9:02:49 PM Service Control Manager 7036 None The Server service entered the running state.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP