1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacks and KSS findings.

Discussion in 'Virus & Other Malware Removal' started by mom4jdc, Mar 27, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    Hi,
    I've been having some hijacks in my search engine recently so I ran a KSS scan. It found two malware infections and I'm not sure of what to do with them. These are the two:

    • HEUR:Exploit.Java.CVE-2013-0431.gen
      39619b37-70954e46
      C:\Documents and Settings\Leslie Cliett\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55
    • HEUR:Exploit.Java.CVE-2013-0422.gen
      1284b759-74acd9dd
      C:\Documents and Settings\NEW\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25
    Any help would be greatly appreciated.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,202
    First Name:
    Derek
    most antiviruses will find exploits in java cache, but don't panic about them. in 99% of the time, you are safe, provided you always have the latest version of java, or even better don't install java unless you actually need it

    the way to deal with them is
    clear your Java cache as shown http://www.java.com/en/download/help/5000020300.xml

    then make sure java is updated
    www.java.com
    or uninstall java completely

    but they are unlikely to be the reason for the search engine diverts

    to see if we can find the cause

    follow advice here and post the logs those programs make
     
  3. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:43:57 PM, on 3/28/2013
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v10.0 (10.00.9200.16521)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    C:\PROGRA~2\Citrix\ICACLI~1\WFICA32.EXE
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://newcitrix.newcorp.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
    O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
    O4 - HKUS\S-1-5-21-2163887345-1273869074-3315108452-1003\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (User 'NEW')
    O4 - HKUS\S-1-5-21-2163887345-1273869074-3315108452-1003\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'NEW')
    O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WDSmartWare.lnk = C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://newcorp.mzinga.com
    O15 - Trusted Zone: http://*.newcorpsupport.com
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.5.1.0.cab
    O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} (Java Plug-in 1.6.0_37) -
    O16 - DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} (Java Plug-in 1.6.0_41) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WD SmartWare Drive Manager Service (WDDMService.exe) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 19965 bytes
     
  4. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2
    Run by Leslie Cliett at 21:46:04 on 2013-03-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.848 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    C:\PROGRA~2\Citrix\ICACLI~1\WFICA32.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\sdclt.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://newcitrix.newcorp.com/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [PCShowServer] "C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
    uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    dRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    StartupFolder: C:\Users\LESLIE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\Users\LESLIE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~2.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: livemeeting.com
    Trusted Zone: newcorpsupport.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.5.1.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.254.254
    TCP: Interfaces\{7DB5A0DE-29A0-4C41-9136-8FB3177AD49A} : DHCPNameServer = 192.168.254.254
    TCP: Interfaces\{7DB5A0DE-29A0-4C41-9136-8FB3177AD49A}\7594E4F533336444 : DHCPNameServer = 192.168.254.254
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [wscor] "C:\Windows\System32\rundll32.exe" "C:\Users\NEW\AppData\Roaming\wscor.dll",set_expand
    x64-Run: [dmfxy] "C:\Windows\System32\rundll32.exe" "C:\Users\NEW\AppData\Roaming\dmfxy.dll",set_rows
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Leslie Cliett\AppData\Roaming\Mozilla\Firefox\Profiles\h9co7gyh.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\NPcol500.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee.dll
    FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee64.dll
    FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
    FF - plugin: C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
    FF - plugin: C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-02-07 13:47; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-21 98208]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-21 13336]
    R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
    R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2320920]
    R2 WDDMService.exe;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-8-17 116224]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-22 287232]
    R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-1-28 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-2-3 35840]
    S3 GKUPRO2D;GKUPRO2D;C:\Windows\System32\drivers\GKUPRO2D.sys [2005-2-18 120704]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-1-1 243744]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-8 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-03-27 18:55:31 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2013-03-27 18:55:31 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2013-03-22 01:59:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-03-20 21:05:57 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-15 23:01:16 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
    2013-03-12 16:08:52 -------- d-----w- C:\Users\Leslie Cliett\AppData\Local\{EA58C009-745A-47E8-AB5A-5731F5160C62}
    2013-03-12 14:47:41 -------- d-----w- C:\Users\Leslie Cliett\AppData\Local\Apple Computer
    2013-03-12 00:48:16 -------- d-----w- C:\Program Files\iTunes
    2013-03-12 00:48:16 -------- d-----w- C:\Program Files\iPod
    2013-03-12 00:48:16 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-03-07 13:19:37 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    .
    ==================== Find3M ====================
    .
    2013-03-20 13:38:58 599552 ----a-w- C:\Windows\System32\vbscript.dll
    2013-03-20 13:38:58 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-03-20 13:38:58 173568 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-03-20 13:38:58 167424 ----a-w- C:\Windows\System32\iexpress.exe
    2013-03-20 13:38:58 144896 ----a-w- C:\Windows\System32\wextract.exe
    2013-03-20 13:38:57 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
    2013-03-20 13:38:57 51200 ----a-w- C:\Windows\System32\imgutil.dll
    2013-03-20 13:38:57 48640 ----a-w- C:\Windows\System32\mshtmler.dll
    2013-03-20 13:38:57 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-03-20 13:38:57 13824 ----a-w- C:\Windows\System32\mshta.exe
    2013-03-20 13:38:57 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-03-20 13:38:57 135680 ----a-w- C:\Windows\System32\IEAdvpack.dll
    2013-03-20 13:38:56 77312 ----a-w- C:\Windows\System32\tdc.ocx
    2013-03-13 16:38:29 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 16:38:29 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-07 13:19:31 963488 ----a-w- C:\Windows\System32\deployJava1.dll
    2013-03-07 13:19:31 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2013-03-07 13:18:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-07 13:18:10 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-03-07 13:18:10 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 21:46:43.04 ===============
     
  5. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/7/2011 9:57:17 PM
    System Uptime: 3/23/2013 5:15:48 PM (124 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1439
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 911/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 448 GiB total, 358.411 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.462 GiB free.
    E: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Canon MX860 ser Network
    Device ID: ROOT\CANON_IJ_NETWORK\0000
    Manufacturer: Canon
    Name: Canon MX860 ser Network
    PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
    Service: StillCam
    .
    ==== System Restore Points ===================
    .
    RP238: 3/10/2013 9:55:49 PM - Scheduled Checkpoint
    RP239: 3/14/2013 8:35:24 AM - Windows Update
    RP240: 3/20/2013 9:36:38 AM - Windows Update
    RP241: 3/21/2013 7:55:58 AM - Windows Update
    RP242: 3/28/2013 9:24:50 PM - Windows Backup
    RP243: 3/28/2013 9:41:28 PM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Connect Add-in
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Adobe Shockwave Player 11.5
    Adobe Shockwave Player 12.0
    Amazon Kindle For PC
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    Build-a-lot 2
    Canon MX860 series MP Drivers
    CCleaner
    Chuzzle Deluxe
    CinemaNow Media Manager
    Citrix Access Gateway Endpoint Analysis
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Convergys Health Checker
    Coupon Printer for Windows
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink YouCam
    D3DX10
    Defraggler
    Diner Dash 2 Restaurant Rescue
    DIRECTV Player
    DIRECTV2PC Playback Advisor
    DIRECTV2PC(TM)
    Dora's Carnival Adventure
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESET Online Scanner v3
    ESU for Microsoft Windows 7
    FATE
    Final Drive Nitro
    Google Earth Plug-in
    Google SketchUp 8
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.2.1.1
    HijackThis 2.0.2
    HP Advisor
    HP Customer Experience Enhancements
    HP Deskjet 1050 J410 series Basic Device Software
    HP Deskjet 1050 J410 series Help
    HP Deskjet 2050 J510 series Basic Device Software
    HP Deskjet 2050 J510 series Help
    HP Documentation
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP Photo Creations
    HP Power Manager
    HP Product Detection
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Update
    HP Wireless Assistant
    iCloud
    iLinc Client
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Internet TV for Windows Media Center
    iTunes
    Java 7 Update 17
    Java 7 Update 17 (64-bit)
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 43
    Java(TM) 6 Update 43 (64-bit)
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kaspersky Security Scan
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Communications Server 2007 R2 Group Chat
    Microsoft Office Communicator 2007 R2
    Microsoft Office Live Meeting 2007
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Firefox 20.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0.4 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    Norton Online Backup
    OpenOffice.org 3.4.1
    Penguins!
    PhotoNow!
    Picasa 3
    Plants vs. Zombies
    PlayReady PC Runtime amd64
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    QuickTime
    Radialpoint Servicepoint Dashboard Extensions version 12.2.27.36396
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Roxio CinemaNow 2.0
    RSA SecurID Software Token
    RtVOsd
    Secunia PSI (3.0.0.4001)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Skype¬ô 5.10
    SolveigMM WMP Trimmer Plugin
    Spybot - Search & Destroy
    swMSM
    Synaptics Pointing Device Driver
    System Requirements Lab
    Tweaking.com - Windows Repair (All in One)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Virtual Families
    Virtual Villagers - The Secret City
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    WD SmartWare
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    World Book 2002 (Deluxe)
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/27/2013 3:36:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service.
    3/22/2013 8:33:03 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.254.2 with the system having network hardware address B4-F2-E8-FF-B9-B2. Network operations on this system may be disrupted as a result.
    3/21/2013 9:24:19 PM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
    3/21/2013 9:21:46 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    3/21/2013 9:21:43 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    .
    ==== End Of File ===========================
     
  6. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    Still working on the gmer. Waiting for my backup to finish.
     
  7. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    GMER 2.1.19155 - http://www.gmer.net
    Rootkit scan 2013-03-28 22:09:55
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0006 465.76GB
    Running: 4nosk6g3.exe; Driver: C:\Users\LESLIE~1\AppData\Local\Temp\ffliyaob.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
    .text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
    .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Secunia\PSI\sua.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
    .text C:\Program Files (x86)\Secunia\PSI\sua.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe[2084] C:\Windows\syswow64\USER32.dll!SetProcessDPIAware 0000000075fdfcb8 5 bytes JMP 000000010034e93c
    .text C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe[2084] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000070431b41 2 bytes [43, 70]
    .text C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe[2084] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000070431be8 2 bytes [43, 70]
    .text C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe[2084] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000070431c20 2 bytes [43, 70]
    .text C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe[2084] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000070431cd2 2 bytes [43, 70]
    .text C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe[2084] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000070431cf2 2 bytes [43, 70]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6964] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000734311a8 2 bytes [43, 73]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6964] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000734313a8 2 bytes [43, 73]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6964] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073431422 2 bytes [43, 73]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6964] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073431498 2 bytes [43, 73]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fdf991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000076fdf99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000076fdfa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000076fdfa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000076fdfb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000076fdfb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fdfbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000076fdfbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fdfc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000076fdfc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fdfc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000076fdfc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fdfc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000076fdfc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fdfc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000076fdfc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fdfce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000076fdfcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fdfcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000076fdfd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fdfd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000076fdfd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000076fdfdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000076fdfdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fdfe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000076fdfe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000076fdff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000076fdff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fe0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000076fe00a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000076fe0781 8 bytes {MOV EDX, 0x90268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000076fe078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000076fe0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000076fe1007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000076fe105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000076fe1067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fe10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000076fe10af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fe111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000076fe1127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fe1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000076fe132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007640103d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076401072 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000075f6119f 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000075f611cf 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!MapWindowPoints 0000000075fd8c40 5 bytes JMP 0000000100160570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!RegisterClipboardFormatW 0000000075fd9ebd 5 bytes JMP 00000001001602b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!RegisterClipboardFormatA 0000000075fe0afa 5 bytes JMP 00000001001602f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetClientRect 0000000075fe0c62 7 bytes JMP 00000001001605b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetParent 0000000075fe0f68 7 bytes JMP 00000001001606f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!IsWindowVisible 0000000075fe112d 7 bytes JMP 00000001001606b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!PostMessageW 0000000075fe12a5 5 bytes JMP 00000001001605f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!ScreenToClient 0000000075fe227d 7 bytes JMP 0000000100160670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!MonitorFromWindow 0000000075fe3150 7 bytes JMP 0000000100160630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!SetCursor 0000000075fe41f6 5 bytes JMP 0000000100160530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetClipboardFormatNameA 0000000075fe68ef 5 bytes JMP 0000000100160270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetClipboardFormatNameW 0000000075fe77fa 5 bytes JMP 0000000100160230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetTopWindow 0000000075fe7887 7 bytes JMP 0000000100160730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!IsClipboardFormatAvailable 0000000075fe8676 5 bytes JMP 00000001001600f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetClipboardSequenceNumber 0000000075fe8696 5 bytes JMP 0000000100160330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!CloseClipboard 0000000075fe8e8d 5 bytes JMP 00000001001600b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!OpenClipboard 0000000075fe8ecb 5 bytes JMP 0000000100160070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!ChangeClipboardChain 0000000075fec17b 5 bytes JMP 0000000100160430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!EnumClipboardFormats 0000000075fec449 5 bytes JMP 00000001001601b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetOpenClipboardWindow 0000000075fec468 5 bytes JMP 00000001001603f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!CountClipboardFormats 0000000075fec486 5 bytes JMP 00000001001601f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!SetClipboardViewer 0000000075fec4b6 5 bytes JMP 00000001001604b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!ActivateKeyboardLayout 0000000075fed6c0 5 bytes JMP 00000001001604f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetClipboardOwner 0000000075fee360 5 bytes JMP 0000000100160370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!SetClipboardData 0000000076018e57 5 bytes JMP 0000000100160170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!SetCursorPos 0000000076019cfd 5 bytes JMP 0000000100160770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetClipboardData 0000000076019f1d 5 bytes JMP 0000000100160030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!EmptyClipboard 0000000076037cb9 5 bytes JMP 0000000100160130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetClipboardViewer 0000000076038111 5 bytes JMP 0000000100160470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6564] C:\Windows\syswow64\user32.DLL!GetPriorityClipboardFormat 000000007603832f 5 bytes JMP 00000001001603b0
    .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[8572] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076fe0018 5 bytes JMP 00000001698b17e3
    .text C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[7292] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
    .text C:\Users\Leslie Cliett\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[7292] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
    .text ... * 2
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
    .text ... * 2
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fdf991 8 bytes {MOV EDX, 0x1d03e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000076fdf99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000076fdfa0d 8 bytes {MOV EDX, 0x1d01a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000076fdfa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000076fdfb25 8 bytes {MOV EDX, 0x1d0168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000076fdfb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fdfbd5 8 bytes {MOV EDX, 0x1d0428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000076fdfbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fdfc05 8 bytes {MOV EDX, 0x1d0368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000076fdfc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fdfc1d 8 bytes {MOV EDX, 0x1d0128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000076fdfc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fdfc35 8 bytes {MOV EDX, 0x1d04e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000076fdfc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fdfc65 8 bytes {MOV EDX, 0x1d0528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000076fdfc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fdfce5 8 bytes {MOV EDX, 0x1d04a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000076fdfcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fdfcfd 8 bytes {MOV EDX, 0x1d0468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000076fdfd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fdfd49 8 bytes {MOV EDX, 0x1d0068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000076fdfd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000076fdfdad 8 bytes {MOV EDX, 0x1d02e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000076fdfdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fdfe41 8 bytes {MOV EDX, 0x1d00a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000076fdfe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000076fdff89 8 bytes {MOV EDX, 0x1d02a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000076fdff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fe0099 8 bytes {MOV EDX, 0x1d0028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000076fe00a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000076fe0781 8 bytes {MOV EDX, 0x1d0268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000076fe078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000076fe0ffd 8 bytes {MOV EDX, 0x1d01e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000076fe1007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000076fe105d 8 bytes {MOV EDX, 0x1d0228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000076fe1067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fe10a5 8 bytes {MOV EDX, 0x1d03a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000076fe10af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fe111d 8 bytes {MOV EDX, 0x1d0328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000076fe1127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fe1321 8 bytes {MOV EDX, 0x1d00e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000076fe132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007640103d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076401072 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000075f6119f 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000075f611cf 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!MapWindowPoints 0000000075fd8c40 5 bytes JMP 0000000100260570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!RegisterClipboardFormatW 0000000075fd9ebd 5 bytes JMP 00000001002602b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!RegisterClipboardFormatA 0000000075fe0afa 5 bytes JMP 00000001002602f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetClientRect 0000000075fe0c62 7 bytes JMP 00000001002605b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetParent 0000000075fe0f68 7 bytes JMP 00000001002606f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!IsWindowVisible 0000000075fe112d 7 bytes JMP 00000001002606b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!PostMessageW 0000000075fe12a5 5 bytes JMP 00000001002605f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!ScreenToClient 0000000075fe227d 7 bytes JMP 0000000100260670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!MonitorFromWindow 0000000075fe3150 7 bytes JMP 0000000100260630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!SetCursor 0000000075fe41f6 5 bytes JMP 0000000100260530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetClipboardFormatNameA 0000000075fe68ef 5 bytes JMP 0000000100260270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetClipboardFormatNameW 0000000075fe77fa 5 bytes JMP 0000000100260230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetTopWindow 0000000075fe7887 7 bytes JMP 0000000100260730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!IsClipboardFormatAvailable 0000000075fe8676 5 bytes JMP 00000001002600f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetClipboardSequenceNumber 0000000075fe8696 5 bytes JMP 0000000100260330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!CloseClipboard 0000000075fe8e8d 5 bytes JMP 00000001002600b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!OpenClipboard 0000000075fe8ecb 5 bytes JMP 0000000100260070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!ChangeClipboardChain 0000000075fec17b 5 bytes JMP 0000000100260430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!EnumClipboardFormats 0000000075fec449 5 bytes JMP 00000001002601b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetOpenClipboardWindow 0000000075fec468 5 bytes JMP 00000001002603f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!CountClipboardFormats 0000000075fec486 5 bytes JMP 00000001002601f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!SetClipboardViewer 0000000075fec4b6 5 bytes JMP 00000001002604b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!ActivateKeyboardLayout 0000000075fed6c0 5 bytes JMP 00000001002604f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetClipboardOwner 0000000075fee360 5 bytes JMP 0000000100260370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!SetClipboardData 0000000076018e57 5 bytes JMP 0000000100260170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!SetCursorPos 0000000076019cfd 5 bytes JMP 0000000100260770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetClipboardData 0000000076019f1d 5 bytes JMP 0000000100260030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!EmptyClipboard 0000000076037cb9 5 bytes JMP 0000000100260130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetClipboardViewer 0000000076038111 5 bytes JMP 0000000100260470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\user32.DLL!GetPriorityClipboardFormat 000000007603832f 5 bytes JMP 00000001002603b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000765b4de0 5 bytes JMP 00000001002703b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000765b4f70 5 bytes JMP 00000001002705f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000765b51a2 5 bytes JMP 00000001002708f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000765b522d 5 bytes JMP 0000000100270a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000765b5689 5 bytes JMP 00000001002701b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000765b58b3 5 bytes JMP 0000000100270170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000765b6bad 5 bytes JMP 0000000100270370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000765b6e05 5 bytes JMP 0000000100270570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000765b6ead 5 bytes JMP 0000000100270530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000765b7180 5 bytes JMP 00000001002706b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000765b7435 5 bytes JMP 0000000100270770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000765b7bcc 5 bytes JMP 00000001002700b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000765b7dc4 5 bytes JMP 00000001002703f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000765b7fd5 5 bytes JMP 0000000100270d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000765b82b2 5 bytes JMP 0000000100270e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000765b8401 5 bytes JMP 00000001002709f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000765b879f 5 bytes JMP 00000001002702f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000765b8916 5 bytes JMP 00000001002705b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000765b8b7a 5 bytes JMP 0000000100270970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000765b8ee6 5 bytes JMP 0000000100270470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000765b9875 5 bytes JMP 0000000100270c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000765b9936 5 bytes JMP 0000000100270d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000765ba53a 5 bytes JMP 00000001002709b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000765baf9f 5 bytes JMP 0000000100270330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!LineTo 00000000765bb9e5 5 bytes JMP 0000000100270430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000765bbd55 5 bytes JMP 0000000100270db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000765bc040 5 bytes JMP 0000000100270130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000765bc107 5 bytes JMP 0000000100270670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000765bc269 5 bytes JMP 00000001002706f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000765bd1f1 5 bytes JMP 0000000100270df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000765bd349 5 bytes JMP 0000000100270630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000765bdce4 5 bytes JMP 0000000100270930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000765be743 5 bytes JMP 00000001002700f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000765c03b7 5 bytes JMP 00000001002702b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!Escape 00000000765c1bda 5 bytes JMP 0000000100270270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000765c1e89 5 bytes JMP 0000000100270cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000765c4843 5 bytes JMP 0000000100270b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000765c5690 5 bytes JMP 0000000100270b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!EndPage 00000000765c6bde 5 bytes JMP 0000000100270230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000765ce2db 5 bytes JMP 0000000100270ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000765d940d 5 bytes JMP 0000000100270cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000765dc621 5 bytes JMP 0000000100270bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000765dd2b2 5 bytes JMP 0000000100270bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000765dd919 5 bytes JMP 0000000100270c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000765e3adc 5 bytes JMP 0000000100270030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000765e3f29 5 bytes JMP 00000001002701f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!StartPage 00000000765e401a 5 bytes JMP 0000000100270730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000765e4c51 5 bytes JMP 00000001002707f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000765e53fd 5 bytes JMP 0000000100270830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000765e5454 5 bytes JMP 0000000100270af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000765e54af 5 bytes JMP 0000000100270070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!EndPath 00000000765e5506 5 bytes JMP 0000000100270a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000765e573f 5 bytes JMP 00000001002707b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!FillPath 00000000765e57d2 5 bytes JMP 0000000100270870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000765e5c44 5 bytes JMP 00000001002704f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000765e5cd5 5 bytes JMP 00000001002704b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000765e5d87 5 bytes JMP 00000001002708b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074a39606 5 bytes JMP 00000001002800f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074a40581 5 bytes JMP 0000000100280130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074a40bb9 5 bytes JMP 0000000100280270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074a40c2e 5 bytes JMP 00000001002801b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074a40f2e 5 bytes JMP 0000000100280070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074a41096 5 bytes JMP 00000001002800b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074a4124e 5 bytes JMP 00000001002801f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074a4129d 5 bytes JMP 0000000100280230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074a41527 5 bytes JMP 0000000100280030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074a41590 5 bytes JMP 0000000100280170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000076120045 5 bytes JMP 00000001002e0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000761236b2 5 bytes JMP 00000001002e0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007614fdcd 5 bytes JMP 00000001002e00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [1124:1596] 000007fef8451e00
    Thread C:\Windows\system32\svchost.exe [1124:1600] 000007fef8311a50
    Thread C:\Windows\system32\svchost.exe [1124:1916] 000007fef78ace0c
    Thread C:\Windows\system32\svchost.exe [1124:2428] 000007fefb9f1a70
    Thread C:\Windows\system32\svchost.exe [1124:3200] 000007fefb9f1a70
    Thread C:\Windows\system32\svchost.exe [1124:4816] 000007fef13d506c
    Thread C:\Windows\system32\svchost.exe [1124:3656] 000007fef30d1c20
    Thread C:\Windows\system32\svchost.exe [1124:4828] 000007fef30d1c20
    Thread C:\Windows\system32\svchost.exe [1124:5144] 000007fef73e5124
    Thread C:\Windows\system32\svchost.exe [1124:9908] 000007feea2b818c
    Thread C:\Windows\system32\svchost.exe [1124:9880] 000007fef9c884d8
    Thread C:\Windows\system32\svchost.exe [1124:6992] 000007fef8fc23a8
    Thread C:\Windows\system32\svchost.exe [1124:9168] 000007fef3010d00
    Thread C:\Windows\system32\svchost.exe [1124:9448] 000007fef1489498
    Thread C:\Windows\system32\svchost.exe [1124:8984] 000007fef78ace0c
    Thread C:\Windows\system32\svchost.exe [1124:2468] 000007fef8dc1ab0
    Thread C:\Windows\system32\svchost.exe [1456:8352] 000007feea2b818c
    Thread C:\Windows\system32\svchost.exe [1456:6104] 000007fef90583d8
    Thread C:\Windows\system32\svchost.exe [1456:7844] 000007fef90583d8
    Thread C:\Windows\system32\svchost.exe [1456:9144] 000007fef90583d8
    Thread C:\Windows\system32\svchost.exe [1456:5052] 000007fef90583d8
    Thread C:\Windows\system32\svchost.exe [1456:9904] 000007fef2553f1c
    Thread C:\Windows\system32\svchost.exe [1456:10084] 000007fefa301a38
    Thread C:\Windows\system32\svchost.exe [1456:9900] 000007fef9ae5388
    Thread C:\Windows\system32\svchost.exe [1456:9792] 000007fef9567738
    Thread C:\Windows\system32\svchost.exe [1456:4644] 000007fef9ad1f90
    Thread C:\Windows\system32\WLANExt.exe [1536:1572] 000000018000b674
    Thread C:\Windows\system32\WLANExt.exe [1536:1576] 000000018000b690
    Thread C:\Windows\system32\WLANExt.exe [1536:1580] 000000018000b658
    Thread C:\Windows\system32\WLANExt.exe [1536:1584] 0000000180022170
    Thread C:\Windows\system32\WLANExt.exe [1536:1588] 000007fef8412f9c
    Thread C:\Windows\System32\spoolsv.exe [1620:1892] 000007fef7c410c8
    Thread C:\Windows\System32\spoolsv.exe [1620:1900] 000007fef7c06144
    Thread C:\Windows\System32\spoolsv.exe [1620:1904] 000007fef79f5fd0
    Thread C:\Windows\System32\spoolsv.exe [1620:1908] 000007fef79e3438
    Thread C:\Windows\System32\spoolsv.exe [1620:1912] 000007fef79f63ec
    Thread C:\Windows\System32\spoolsv.exe [1620:1920] 000007fef7db5e5c
    Thread C:\Windows\system32\svchost.exe [1652:1076] 000007fef79f5fd0
    Thread C:\Windows\system32\svchost.exe [1652:5100] 000007fef79f63ec
    Thread C:\Windows\system32\svchost.exe [1652:5464] 000007feeee68470
    Thread C:\Windows\system32\svchost.exe [1652:5472] 000007feeee72418
    Thread C:\Windows\system32\svchost.exe [1652:5656] 000007fee7f8f130
    Thread C:\Windows\system32\svchost.exe [1652:6576] 000007feeee7976c
    Thread C:\Windows\system32\svchost.exe [1652:6164] 000007fef73e5124
    Thread C:\Windows\system32\svchost.exe [1652:8472] 000007fee7f84734
    Thread C:\Windows\system32\svchost.exe [1652:5724] 000007fee7f84734
    Thread C:\Windows\system32\svchost.exe [2796:8644] 000007fef79f5fd0
    Thread C:\Windows\system32\svchost.exe [2796:7604] 000007fef79e3438
    Thread C:\Windows\system32\svchost.exe [2796:7476] 000007fef79f63ec
    Thread C:\Windows\Explorer.EXE [3928:4576] 000007fef2592154
    Thread C:\Windows\Explorer.EXE [3928:1560] 000007fefad96204
    Thread C:\Windows\Explorer.EXE [3928:716] 000007feebe42118
    Thread C:\Windows\Explorer.EXE [3928:5168] 000007fef8412f9c
    Thread C:\Windows\Explorer.EXE [3928:4436] 000007fef9e71010
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:6048] 0000000073ec62ee
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:6004] 0000000070c7786a
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:8980] 000000005e349c67
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:8612] 000000006540198a
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:8740] 00000000653c4fad
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:6472] 00000000653c4fad
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:9100] 00000000653c4fad
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:8160] 00000000653c4fad
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:6272] 000000006540198a
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:1112] 00000000653b62fa
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:5296] 00000000653b6312
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:7744] 000000006540198a
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:7860] 000000006540198a
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:4132] 000000005e16fb3a
    Thread C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [2084:7112] 000000005e16fb3a
    Thread C:\Windows\System32\svchost.exe [184:10784] 000007fef4fc5170
    Thread C:\Windows\System32\svchost.exe [184:10664] 000007fef73e9874
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5384:3016] 000007fefa392a7c
    Thread C:\Windows\system32\DllHost.exe [5692:5728] 000007fefd8c0168
    Thread C:\Windows\system32\DllHost.exe [5692:5952] 000007fee9e7ae40
    Thread C:\Windows\system32\taskhost.exe [852:6156] 000007fef27c3d18
    Thread C:\Windows\system32\taskhost.exe [852:5604] 000007fef4fc5170
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:2648] 0000000070c7786a
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:5928] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:7868] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:8060] 0000000071b727e1
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:8584] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:8420] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:952] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:8028] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:8672] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:8256] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:6400] 000000007454345e
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:7144] 0000000059a73233
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:7800] 0000000073ec62ee
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:7344] 0000000059a73233
    Thread C:\Program Files (x86)\Microsoft Office Communications Server 2007 R2\Group Chat Console\GroupChatConsole.exe [9048:8092] 00000000742227c1
    Thread C:\Program Files\Internet Explorer\iexplore.exe [9192:9036] 000007feefce5ef4
    Thread C:\Program Files\Internet Explorer\iexplore.exe [9192:7864] 000007fef009c29c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [9192:6984] 000007fefd4722c8
    Thread C:\Program Files\Internet Explorer\iexplore.exe [9192:8392] 000007feeff8829c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [9192:9512] 000007fef2592154
    Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6804:1896] 0000000068e3313c
    Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6804:5588] 0000000076ae1fe3
    Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6804:6224] 0000000068e3313c
    Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6804:9612] 0000000076a7023a
    Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6804:8340] 0000000068e3313c
    Thread C:\Windows\system32\taskhost.exe [5628:10284] 000007fef2f4ef24

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d5d391
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d5d391 (not active ControlSet)

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,202
    First Name:
    Derek
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  9. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    Thank you for your help. Off to work for the next 11 hours then I'll get this done.
     
  10. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    TDSS didn't find anything and did not reboot.


    22:16:36.0638 6344 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
    22:16:37.0161 6344 ============================================================
    22:16:37.0161 6344 Current date / time: 2013/03/29 22:16:37.0161
    22:16:37.0161 6344 SystemInfo:
    22:16:37.0161 6344
    22:16:37.0161 6344 OS Version: 6.1.7601 ServicePack: 1.0
    22:16:37.0161 6344 Product type: Workstation
    22:16:37.0161 6344 ComputerName: LESLIECLIETT-HP
    22:16:37.0162 6344 UserName: Leslie Cliett
    22:16:37.0162 6344 Windows directory: C:\Windows
    22:16:37.0162 6344 System windows directory: C:\Windows
    22:16:37.0162 6344 Running under WOW64
    22:16:37.0162 6344 Processor architecture: Intel x64
    22:16:37.0162 6344 Number of processors: 4
    22:16:37.0162 6344 Page size: 0x1000
    22:16:37.0162 6344 Boot type: Normal boot
    22:16:37.0162 6344 ============================================================
    22:16:39.0492 6344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:16:39.0500 6344 ============================================================
    22:16:39.0500 6344 \Device\Harddisk0\DR0:
    22:16:39.0501 6344 MBR partitions:
    22:16:39.0501 6344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    22:16:39.0501 6344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380DC800
    22:16:39.0501 6344 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38140800, BlocksNum 0x2211800
    22:16:39.0501 6344 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
    22:16:39.0501 6344 ============================================================
    22:16:39.0558 6344 C: <-> \Device\Harddisk0\DR0\Partition2
    22:16:39.0648 6344 D: <-> \Device\Harddisk0\DR0\Partition3
    22:16:39.0648 6344 ============================================================
    22:16:39.0648 6344 Initialize success
    22:16:39.0648 6344 ============================================================
    22:17:03.0402 4132 ============================================================
    22:17:03.0402 4132 Scan started
    22:17:03.0402 4132 Mode: Manual;
    22:17:03.0402 4132 ============================================================
    22:17:04.0844 4132 ================ Scan system memory ========================
    22:17:04.0844 4132 System memory - ok
    22:17:04.0845 4132 ================ Scan services =============================
    22:17:05.0007 4132 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:17:05.0014 4132 1394ohci - ok
    22:17:05.0040 4132 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:17:05.0049 4132 ACPI - ok
    22:17:05.0066 4132 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:17:05.0069 4132 AcpiPmi - ok
    22:17:05.0150 4132 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:17:05.0153 4132 AdobeARMservice - ok
    22:17:05.0302 4132 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:17:05.0308 4132 AdobeFlashPlayerUpdateSvc - ok
    22:17:05.0334 4132 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    22:17:05.0343 4132 adp94xx - ok
    22:17:05.0375 4132 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    22:17:05.0382 4132 adpahci - ok
    22:17:05.0407 4132 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    22:17:05.0412 4132 adpu320 - ok
    22:17:05.0439 4132 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:17:05.0441 4132 AeLookupSvc - ok
    22:17:05.0510 4132 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    22:17:05.0593 4132 AERTFilters - ok
    22:17:05.0650 4132 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:17:05.0661 4132 AFD - ok
    22:17:05.0714 4132 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    22:17:05.0745 4132 AgereSoftModem - ok
    22:17:05.0778 4132 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:17:05.0781 4132 agp440 - ok
    22:17:05.0801 4132 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:17:05.0831 4132 ALG - ok
    22:17:05.0858 4132 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:17:05.0861 4132 aliide - ok
    22:17:05.0886 4132 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:17:05.0889 4132 amdide - ok
    22:17:05.0927 4132 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    22:17:05.0931 4132 AmdK8 - ok
    22:17:05.0946 4132 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    22:17:05.0950 4132 AmdPPM - ok
    22:17:05.0981 4132 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:17:05.0985 4132 amdsata - ok
    22:17:06.0009 4132 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    22:17:06.0023 4132 amdsbs - ok
    22:17:06.0036 4132 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:17:06.0038 4132 amdxata - ok
    22:17:06.0072 4132 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:17:06.0088 4132 AppID - ok
    22:17:06.0107 4132 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:17:06.0110 4132 AppIDSvc - ok
    22:17:06.0144 4132 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:17:06.0157 4132 Appinfo - ok
    22:17:06.0240 4132 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:17:06.0244 4132 Apple Mobile Device - ok
    22:17:06.0293 4132 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    22:17:06.0296 4132 arc - ok
    22:17:06.0326 4132 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    22:17:06.0329 4132 arcsas - ok
    22:17:06.0339 4132 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:17:06.0341 4132 AsyncMac - ok
    22:17:06.0366 4132 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:17:06.0368 4132 atapi - ok
    22:17:06.0421 4132 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    22:17:06.0451 4132 athr - ok
    22:17:06.0507 4132 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:17:06.0537 4132 AudioEndpointBuilder - ok
    22:17:06.0556 4132 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:17:06.0561 4132 AudioSrv - ok
    22:17:06.0719 4132 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    22:17:06.0847 4132 AVGIDSAgent - ok
    22:17:06.0895 4132 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    22:17:06.0899 4132 AVGIDSDriver - ok
    22:17:06.0932 4132 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    22:17:06.0935 4132 AVGIDSHA - ok
    22:17:06.0970 4132 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    22:17:06.0975 4132 Avgldx64 - ok
    22:17:07.0017 4132 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    22:17:07.0023 4132 Avgloga - ok
    22:17:07.0046 4132 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    22:17:07.0049 4132 Avgmfx64 - ok
    22:17:07.0058 4132 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    22:17:07.0061 4132 Avgrkx64 - ok
    22:17:07.0079 4132 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    22:17:07.0084 4132 Avgtdia - ok
    22:17:07.0112 4132 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    22:17:07.0116 4132 avgwd - ok
    22:17:07.0159 4132 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:17:07.0186 4132 AxInstSV - ok
    22:17:07.0225 4132 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    22:17:07.0243 4132 b06bdrv - ok
    22:17:07.0283 4132 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:17:07.0289 4132 b57nd60a - ok
    22:17:07.0377 4132 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    22:17:07.0439 4132 BCM43XX - ok
    22:17:07.0464 4132 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:17:07.0479 4132 BDESVC - ok
    22:17:07.0498 4132 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:17:07.0501 4132 Beep - ok
    22:17:07.0545 4132 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    22:17:07.0579 4132 BFE - ok
    22:17:07.0608 4132 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    22:17:07.0642 4132 BITS - ok
    22:17:07.0667 4132 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:17:07.0671 4132 blbdrive - ok
    22:17:07.0733 4132 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:17:07.0742 4132 Bonjour Service - ok
    22:17:07.0763 4132 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:17:07.0767 4132 bowser - ok
    22:17:07.0784 4132 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:17:07.0787 4132 BrFiltLo - ok
    22:17:07.0804 4132 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:17:07.0807 4132 BrFiltUp - ok
    22:17:07.0841 4132 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    22:17:07.0845 4132 BridgeMP - ok
    22:17:07.0869 4132 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:17:07.0937 4132 Browser - ok
    22:17:07.0980 4132 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:17:07.0989 4132 Brserid - ok
    22:17:08.0005 4132 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:17:08.0008 4132 BrSerWdm - ok
    22:17:08.0032 4132 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:17:08.0034 4132 BrUsbMdm - ok
    22:17:08.0047 4132 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:17:08.0050 4132 BrUsbSer - ok
    22:17:08.0088 4132 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    22:17:08.0091 4132 BthEnum - ok
    22:17:08.0110 4132 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    22:17:08.0113 4132 BTHMODEM - ok
    22:17:08.0145 4132 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    22:17:08.0148 4132 BthPan - ok
    22:17:08.0175 4132 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    22:17:08.0193 4132 BTHPORT - ok
    22:17:08.0230 4132 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:17:08.0233 4132 bthserv - ok
    22:17:08.0260 4132 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    22:17:08.0264 4132 BTHUSB - ok
    22:17:08.0319 4132 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    22:17:08.0322 4132 BVRPMPR5a64 - ok
    22:17:08.0351 4132 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:17:08.0355 4132 cdfs - ok
    22:17:08.0393 4132 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    22:17:08.0398 4132 cdrom - ok
    22:17:08.0423 4132 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:17:08.0436 4132 CertPropSvc - ok
    22:17:08.0470 4132 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    22:17:08.0474 4132 CinemaNow Service - ok
    22:17:08.0492 4132 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    22:17:08.0496 4132 circlass - ok
    22:17:08.0554 4132 [ 6C99DE57C87D6F3EE85998A7E49F7BF9 ] CLDTVHNService C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
    22:17:08.0558 4132 CLDTVHNService - ok
    22:17:08.0596 4132 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:17:08.0605 4132 CLFS - ok
    22:17:08.0667 4132 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:17:08.0737 4132 clr_optimization_v2.0.50727_32 - ok
    22:17:08.0781 4132 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:17:08.0832 4132 clr_optimization_v2.0.50727_64 - ok
    22:17:08.0909 4132 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:17:08.0942 4132 clr_optimization_v4.0.30319_32 - ok
    22:17:08.0977 4132 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:17:08.0982 4132 clr_optimization_v4.0.30319_64 - ok
    22:17:09.0030 4132 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
    22:17:09.0033 4132 clwvd - ok
    22:17:09.0066 4132 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:17:09.0069 4132 CmBatt - ok
    22:17:09.0091 4132 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:17:09.0094 4132 cmdide - ok
    22:17:09.0121 4132 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    22:17:09.0138 4132 CNG - ok
    22:17:09.0165 4132 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    22:17:09.0168 4132 Compbatt - ok
    22:17:09.0202 4132 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    22:17:09.0205 4132 CompositeBus - ok
    22:17:09.0225 4132 COMSysApp - ok
    22:17:09.0244 4132 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    22:17:09.0247 4132 crcdisk - ok
    22:17:09.0287 4132 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:17:09.0344 4132 CryptSvc - ok
    22:17:09.0385 4132 [ EB7439918F3E04B51CD8822FD8C8E018 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
    22:17:09.0392 4132 ctxusbm - ok
    22:17:09.0461 4132 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    22:17:09.0481 4132 cvhsvc - ok
    22:17:09.0542 4132 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:17:09.0557 4132 DcomLaunch - ok
    22:17:09.0588 4132 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:17:09.0601 4132 defragsvc - ok
    22:17:09.0620 4132 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:17:09.0625 4132 DfsC - ok
    22:17:09.0664 4132 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:17:09.0691 4132 Dhcp - ok
    22:17:09.0724 4132 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:17:09.0727 4132 discache - ok
    22:17:09.0752 4132 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    22:17:09.0755 4132 Disk - ok
    22:17:09.0783 4132 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:17:09.0822 4132 Dnscache - ok
    22:17:09.0853 4132 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:17:09.0868 4132 dot3svc - ok
    22:17:09.0901 4132 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:17:09.0906 4132 DPS - ok
    22:17:09.0921 4132 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:17:09.0925 4132 drmkaud - ok
    22:17:09.0962 4132 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:17:09.0988 4132 DXGKrnl - ok
    22:17:10.0022 4132 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:17:10.0026 4132 EapHost - ok
    22:17:10.0108 4132 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    22:17:10.0179 4132 ebdrv - ok
    22:17:10.0214 4132 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:17:10.0250 4132 EFS - ok
    22:17:10.0301 4132 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:17:10.0361 4132 ehRecvr - ok
    22:17:10.0390 4132 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:17:10.0402 4132 ehSched - ok
    22:17:10.0442 4132 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    22:17:10.0459 4132 elxstor - ok
    22:17:10.0478 4132 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:17:10.0481 4132 ErrDev - ok
    22:17:10.0512 4132 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:17:10.0519 4132 EventSystem - ok
    22:17:10.0532 4132 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:17:10.0537 4132 exfat - ok
    22:17:10.0554 4132 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:17:10.0560 4132 fastfat - ok
    22:17:10.0605 4132 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:17:10.0627 4132 Fax - ok
    22:17:10.0644 4132 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    22:17:10.0647 4132 fdc - ok
    22:17:10.0669 4132 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:17:10.0671 4132 fdPHost - ok
    22:17:10.0680 4132 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:17:10.0682 4132 FDResPub - ok
    22:17:10.0697 4132 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:17:10.0701 4132 FileInfo - ok
    22:17:10.0712 4132 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:17:10.0714 4132 Filetrace - ok
    22:17:10.0729 4132 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    22:17:10.0731 4132 flpydisk - ok
    22:17:10.0756 4132 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:17:10.0764 4132 FltMgr - ok
    22:17:10.0804 4132 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
    22:17:11.0706 4132 FontCache - ok
    22:17:11.0752 4132 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:17:11.0798 4132 FontCache3.0.0.0 - ok
    22:17:11.0827 4132 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:17:11.0830 4132 FsDepends - ok
    22:17:11.0849 4132 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:17:11.0852 4132 Fs_Rec - ok
    22:17:11.0874 4132 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:17:11.0880 4132 fvevol - ok
    22:17:11.0919 4132 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:17:11.0922 4132 gagp30kx - ok
    22:17:11.0968 4132 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    22:17:12.0031 4132 GameConsoleService - ok
    22:17:12.0078 4132 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:17:12.0081 4132 GEARAspiWDM - ok
    22:17:12.0118 4132 [ 78DF6B481A14C0C6532BCC9E6BD3B259 ] GKUPRO2D C:\Windows\system32\Drivers\GKUPRO2D.sys
    22:17:12.0122 4132 GKUPRO2D - ok
    22:17:12.0164 4132 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:17:12.0190 4132 gpsvc - ok
    22:17:12.0233 4132 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:17:12.0237 4132 gupdate - ok
    22:17:12.0254 4132 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:17:12.0256 4132 gupdatem - ok
    22:17:12.0291 4132 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:17:12.0333 4132 gusvc - ok
    22:17:12.0354 4132 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:17:12.0357 4132 hcw85cir - ok
    22:17:12.0386 4132 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:17:12.0395 4132 HdAudAddService - ok
    22:17:12.0429 4132 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    22:17:12.0432 4132 HDAudBus - ok
    22:17:12.0463 4132 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    22:17:12.0467 4132 HECIx64 - ok
    22:17:12.0485 4132 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    22:17:12.0488 4132 HidBatt - ok
    22:17:12.0503 4132 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    22:17:12.0507 4132 HidBth - ok
    22:17:12.0534 4132 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    22:17:12.0538 4132 HidIr - ok
    22:17:12.0560 4132 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    22:17:12.0572 4132 hidserv - ok
    22:17:12.0593 4132 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:17:12.0596 4132 HidUsb - ok
    22:17:12.0618 4132 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:17:12.0621 4132 hkmsvc - ok
    22:17:12.0649 4132 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:17:12.0654 4132 HomeGroupListener - ok
    22:17:12.0672 4132 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:17:12.0677 4132 HomeGroupProvider - ok
    22:17:12.0779 4132 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    22:17:12.0783 4132 HP Support Assistant Service - ok
    22:17:12.0842 4132 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    22:17:12.0847 4132 HP Wireless Assistant Service - ok
    22:17:12.0898 4132 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    22:17:12.0925 4132 hpqwmiex - ok
    22:17:12.0962 4132 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:17:12.0966 4132 HpSAMD - ok
    22:17:13.0018 4132 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    22:17:13.0020 4132 HPWMISVC - ok
    22:17:13.0063 4132 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:17:13.0089 4132 HTTP - ok
    22:17:13.0107 4132 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:17:13.0108 4132 hwpolicy - ok
    22:17:13.0135 4132 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    22:17:13.0139 4132 i8042prt - ok
    22:17:13.0183 4132 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    22:17:13.0187 4132 iaStor - ok
    22:17:13.0229 4132 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    22:17:13.0232 4132 IAStorDataMgrSvc - ok
    22:17:13.0265 4132 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:17:13.0282 4132 iaStorV - ok
    22:17:13.0339 4132 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:17:13.0366 4132 idsvc - ok
    22:17:13.0606 4132 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:17:13.0796 4132 igfx - ok
    22:17:13.0828 4132 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    22:17:13.0830 4132 iirsp - ok
    22:17:13.0874 4132 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:17:13.0908 4132 IKEEXT - ok
    22:17:13.0983 4132 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:17:14.0044 4132 IntcAzAudAddService - ok
    22:17:14.0086 4132 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    22:17:14.0092 4132 IntcDAud - ok
    22:17:14.0106 4132 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:17:14.0108 4132 intelide - ok
    22:17:14.0127 4132 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:17:14.0130 4132 intelppm - ok
    22:17:14.0160 4132 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:17:14.0164 4132 IPBusEnum - ok
    22:17:14.0190 4132 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:17:14.0193 4132 IpFilterDriver - ok
    22:17:14.0212 4132 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:17:14.0216 4132 IPMIDRV - ok
    22:17:14.0242 4132 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:17:14.0246 4132 IPNAT - ok
    22:17:14.0306 4132 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:17:14.0324 4132 iPod Service - ok
    22:17:14.0347 4132 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:17:14.0349 4132 IRENUM - ok
    22:17:14.0375 4132 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:17:14.0377 4132 isapnp - ok
    22:17:14.0407 4132 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:17:14.0413 4132 iScsiPrt - ok
    22:17:14.0438 4132 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:17:14.0441 4132 kbdclass - ok
    22:17:14.0454 4132 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:17:14.0457 4132 kbdhid - ok
    22:17:14.0471 4132 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:17:14.0473 4132 KeyIso - ok
    22:17:14.0494 4132 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:17:14.0497 4132 KSecDD - ok
    22:17:14.0519 4132 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:17:14.0524 4132 KSecPkg - ok
    22:17:14.0645 4132 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    22:17:14.0652 4132 KSS - ok
    22:17:14.0686 4132 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:17:14.0689 4132 ksthunk - ok
    22:17:14.0727 4132 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:17:14.0747 4132 KtmRm - ok
    22:17:14.0794 4132 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    22:17:14.0801 4132 LanmanServer - ok
    22:17:14.0828 4132 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:17:14.0838 4132 LanmanWorkstation - ok
    22:17:14.0880 4132 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    22:17:14.0882 4132 LightScribeService - ok
    22:17:14.0898 4132 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:17:14.0901 4132 lltdio - ok
    22:17:14.0933 4132 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:17:14.0942 4132 lltdsvc - ok
    22:17:14.0957 4132 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:17:14.0976 4132 lmhosts - ok
    22:17:15.0040 4132 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:17:15.0047 4132 LMS - ok
    22:17:15.0080 4132 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:17:15.0085 4132 LSI_FC - ok
    22:17:15.0115 4132 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:17:15.0119 4132 LSI_SAS - ok
    22:17:15.0132 4132 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:17:15.0135 4132 LSI_SAS2 - ok
    22:17:15.0152 4132 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:17:15.0156 4132 LSI_SCSI - ok
    22:17:15.0179 4132 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:17:15.0182 4132 luafv - ok
    22:17:15.0205 4132 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:17:15.0209 4132 Mcx2Svc - ok
    22:17:15.0229 4132 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    22:17:15.0232 4132 megasas - ok
    22:17:15.0254 4132 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    22:17:15.0261 4132 MegaSR - ok
    22:17:15.0282 4132 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:17:15.0286 4132 MMCSS - ok
    22:17:15.0303 4132 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:17:15.0306 4132 Modem - ok
    22:17:15.0336 4132 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:17:15.0338 4132 monitor - ok
    22:17:15.0368 4132 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    22:17:15.0372 4132 mouclass - ok
    22:17:15.0383 4132 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:17:15.0386 4132 mouhid - ok
    22:17:15.0403 4132 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:17:15.0406 4132 mountmgr - ok
    22:17:15.0470 4132 [ 7E164DE3EE617E3A7EAD9ADB471D6AAD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:17:15.0473 4132 MozillaMaintenance - ok
    22:17:15.0500 4132 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:17:15.0505 4132 mpio - ok
    22:17:15.0520 4132 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:17:15.0523 4132 mpsdrv - ok
    22:17:15.0586 4132 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    22:17:15.0613 4132 MpsSvc - ok
    22:17:15.0637 4132 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:17:15.0641 4132 MRxDAV - ok
    22:17:15.0666 4132 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:17:15.0671 4132 mrxsmb - ok
    22:17:15.0704 4132 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:17:15.0709 4132 mrxsmb10 - ok
    22:17:15.0727 4132 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:17:15.0730 4132 mrxsmb20 - ok
    22:17:15.0745 4132 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:17:15.0748 4132 msahci - ok
    22:17:15.0764 4132 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:17:15.0768 4132 msdsm - ok
    22:17:15.0797 4132 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:17:15.0821 4132 MSDTC - ok
    22:17:15.0865 4132 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:17:15.0867 4132 Msfs - ok
    22:17:15.0879 4132 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:17:15.0881 4132 mshidkmdf - ok
    22:17:15.0913 4132 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:17:15.0915 4132 msisadrv - ok
    22:17:15.0941 4132 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:17:15.0946 4132 MSiSCSI - ok
    22:17:15.0950 4132 msiserver - ok
    22:17:15.0966 4132 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:17:15.0969 4132 MSKSSRV - ok
    22:17:15.0989 4132 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:17:15.0991 4132 MSPCLOCK - ok
    22:17:16.0009 4132 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:17:16.0011 4132 MSPQM - ok
    22:17:16.0040 4132 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:17:16.0048 4132 MsRPC - ok
    22:17:16.0055 4132 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    22:17:16.0056 4132 mssmbios - ok
    22:17:16.0061 4132 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:17:16.0065 4132 MSTEE - ok
    22:17:16.0087 4132 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    22:17:16.0091 4132 MTConfig - ok
    22:17:16.0105 4132 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:17:16.0108 4132 Mup - ok
    22:17:16.0138 4132 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:17:16.0147 4132 napagent - ok
    22:17:16.0180 4132 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:17:16.0186 4132 NativeWifiP - ok
    22:17:16.0258 4132 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:17:16.0301 4132 NDIS - ok
    22:17:16.0315 4132 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:17:16.0318 4132 NdisCap - ok
    22:17:16.0336 4132 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:17:16.0339 4132 NdisTapi - ok
    22:17:16.0369 4132 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:17:16.0372 4132 Ndisuio - ok
    22:17:16.0402 4132 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:17:16.0423 4132 NdisWan - ok
    22:17:16.0510 4132 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:17:16.0525 4132 NDProxy - ok
    22:17:16.0595 4132 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:17:16.0601 4132 NetBIOS - ok
    22:17:16.0686 4132 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:17:16.0694 4132 NetBT - ok
    22:17:16.0707 4132 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:17:16.0709 4132 Netlogon - ok
    22:17:16.0740 4132 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:17:16.0747 4132 Netman - ok
    22:17:16.0768 4132 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:17:16.0777 4132 netprofm - ok
    22:17:16.0802 4132 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:17:16.0806 4132 NetTcpPortSharing - ok
    22:17:16.0917 4132 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    22:17:17.0038 4132 netw5v64 - ok
    22:17:17.0081 4132 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    22:17:17.0083 4132 nfrd960 - ok
    22:17:17.0116 4132 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:17:17.0123 4132 NlaSvc - ok
    22:17:17.0195 4132 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    22:17:17.0289 4132 NOBU - ok
    22:17:17.0326 4132 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:17:17.0329 4132 Npfs - ok
    22:17:17.0349 4132 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:17:17.0369 4132 nsi - ok
    22:17:17.0383 4132 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:17:17.0386 4132 nsiproxy - ok
    22:17:17.0441 4132 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:17:17.0509 4132 Ntfs - ok
    22:17:17.0554 4132 [ 10694A19236A6355741914C3737CF3A5 ] ntk_dtv C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys
    22:17:17.0559 4132 ntk_dtv - ok
    22:17:17.0568 4132 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:17:17.0571 4132 Null - ok
    22:17:17.0601 4132 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:17:17.0606 4132 nvraid - ok
    22:17:17.0620 4132 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:17:17.0625 4132 nvstor - ok
    22:17:17.0657 4132 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:17:17.0661 4132 nv_agp - ok
    22:17:17.0674 4132 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:17:17.0678 4132 ohci1394 - ok
    22:17:17.0714 4132 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:17:17.0731 4132 ose - ok
    22:17:17.0860 4132 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:17:17.0994 4132 osppsvc - ok
    22:17:18.0024 4132 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:17:18.0030 4132 p2pimsvc - ok
    22:17:18.0055 4132 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:17:18.0063 4132 p2psvc - ok
    22:17:18.0087 4132 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    22:17:18.0091 4132 Parport - ok
    22:17:18.0116 4132 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:17:18.0119 4132 partmgr - ok
    22:17:18.0135 4132 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:17:18.0142 4132 PcaSvc - ok
    22:17:18.0155 4132 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:17:18.0160 4132 pci - ok
    22:17:18.0184 4132 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:17:18.0186 4132 pciide - ok
    22:17:18.0209 4132 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    22:17:18.0215 4132 pcmcia - ok
    22:17:18.0241 4132 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:17:18.0244 4132 pcw - ok
    22:17:18.0262 4132 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:17:18.0280 4132 PEAUTH - ok
    22:17:18.0357 4132 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:17:18.0362 4132 PerfHost - ok
    22:17:18.0434 4132 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:17:18.0492 4132 pla - ok
    22:17:18.0536 4132 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:17:18.0553 4132 PlugPlay - ok
    22:17:18.0577 4132 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:17:18.0603 4132 PNRPAutoReg - ok
    22:17:18.0627 4132 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:17:18.0631 4132 PNRPsvc - ok
    22:17:18.0655 4132 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:17:18.0664 4132 PolicyAgent - ok
    22:17:18.0698 4132 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:17:18.0705 4132 Power - ok
    22:17:18.0731 4132 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:17:18.0735 4132 PptpMiniport - ok
    22:17:18.0757 4132 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    22:17:18.0760 4132 Processor - ok
    22:17:18.0784 4132 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:17:18.0791 4132 ProfSvc - ok
    22:17:18.0811 4132 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:17:18.0813 4132 ProtectedStorage - ok
    22:17:18.0837 4132 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:17:18.0841 4132 Psched - ok
    22:17:18.0881 4132 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
    22:17:18.0883 4132 PSI - ok
    22:17:18.0923 4132 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    22:17:18.0957 4132 ql2300 - ok
    22:17:18.0976 4132 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    22:17:18.0980 4132 ql40xx - ok
    22:17:19.0000 4132 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:17:19.0018 4132 QWAVE - ok
    22:17:19.0044 4132 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:17:19.0047 4132 QWAVEdrv - ok
    22:17:19.0058 4132 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:17:19.0061 4132 RasAcd - ok
    22:17:19.0078 4132 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:17:19.0082 4132 RasAgileVpn - ok
    22:17:19.0098 4132 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:17:19.0112 4132 RasAuto - ok
    22:17:19.0141 4132 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:17:19.0145 4132 Rasl2tp - ok
    22:17:19.0170 4132 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:17:19.0179 4132 RasMan - ok
    22:17:19.0198 4132 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:17:19.0201 4132 RasPppoe - ok
    22:17:19.0210 4132 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:17:19.0213 4132 RasSstp - ok
    22:17:19.0240 4132 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:17:19.0246 4132 rdbss - ok
    22:17:19.0265 4132 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    22:17:19.0268 4132 rdpbus - ok
    22:17:19.0280 4132 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:17:19.0283 4132 RDPCDD - ok
    22:17:19.0301 4132 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:17:19.0303 4132 RDPENCDD - ok
    22:17:19.0313 4132 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:17:19.0315 4132 RDPREFMP - ok
    22:17:19.0336 4132 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:17:19.0353 4132 RDPWD - ok
    22:17:19.0389 4132 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:17:19.0394 4132 rdyboost - ok
    22:17:19.0431 4132 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:17:19.0436 4132 RemoteAccess - ok
    22:17:19.0460 4132 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:17:19.0466 4132 RemoteRegistry - ok
    22:17:19.0501 4132 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    22:17:19.0505 4132 RFCOMM - ok
    22:17:19.0525 4132 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:17:19.0529 4132 RpcEptMapper - ok
    22:17:19.0543 4132 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:17:19.0546 4132 RpcLocator - ok
    22:17:19.0574 4132 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:17:19.0579 4132 RpcSs - ok
    22:17:19.0601 4132 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:17:19.0604 4132 rspndr - ok
    22:17:19.0628 4132 [ 79BAD3E977966AF21DF982DEF5A99C76 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    22:17:19.0633 4132 RSUSBSTOR - ok
    22:17:19.0660 4132 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:17:19.0669 4132 RTL8167 - ok
    22:17:19.0713 4132 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    22:17:19.0720 4132 RtVOsdService - ok
    22:17:19.0735 4132 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:17:19.0737 4132 SamSs - ok
    22:17:19.0760 4132 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:17:19.0763 4132 sbp2port - ok
    22:17:19.0837 4132 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    22:17:19.0886 4132 SBSDWSCService - ok
    22:17:19.0918 4132 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:17:19.0925 4132 SCardSvr - ok
    22:17:19.0963 4132 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:17:19.0966 4132 scfilter - ok
    22:17:19.0997 4132 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:17:20.0023 4132 Schedule - ok
    22:17:20.0048 4132 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:17:20.0049 4132 SCPolicySvc - ok
    22:17:20.0083 4132 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    22:17:20.0086 4132 sdbus - ok
    22:17:20.0100 4132 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:17:20.0107 4132 SDRSVC - ok
    22:17:20.0141 4132 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:17:20.0144 4132 secdrv - ok
    22:17:20.0161 4132 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:17:20.0165 4132 seclogon - ok
    22:17:20.0257 4132 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    22:17:20.0299 4132 Secunia PSI Agent - ok
    22:17:20.0341 4132 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
    22:17:20.0362 4132 Secunia Update Agent - ok
    22:17:20.0392 4132 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    22:17:20.0396 4132 SENS - ok
    22:17:20.0413 4132 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:17:20.0447 4132 SensrSvc - ok
    22:17:20.0474 4132 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    22:17:20.0476 4132 Serenum - ok
    22:17:20.0499 4132 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    22:17:20.0502 4132 Serial - ok
    22:17:20.0513 4132 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    22:17:20.0516 4132 sermouse - ok
    22:17:20.0547 4132 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:17:20.0551 4132 SessionEnv - ok
    22:17:20.0574 4132 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:17:20.0576 4132 sffdisk - ok
    22:17:20.0590 4132 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:17:20.0593 4132 sffp_mmc - ok
    22:17:20.0605 4132 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:17:20.0607 4132 sffp_sd - ok
    22:17:20.0620 4132 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    22:17:20.0623 4132 sfloppy - ok
    22:17:20.0668 4132 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    22:17:20.0689 4132 Sftfs - ok
    22:17:20.0744 4132 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    22:17:20.0753 4132 sftlist - ok
    22:17:20.0772 4132 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    22:17:20.0778 4132 Sftplay - ok
    22:17:20.0791 4132 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    22:17:20.0794 4132 Sftredir - ok
    22:17:20.0810 4132 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    22:17:20.0812 4132 Sftvol - ok
    22:17:20.0831 4132 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    22:17:20.0836 4132 sftvsa - ok
    22:17:20.0884 4132 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    22:17:20.0916 4132 SharedAccess - ok
    22:17:20.0944 4132 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:17:20.0952 4132 ShellHWDetection - ok
    22:17:20.0982 4132 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:17:20.0985 4132 SiSRaid2 - ok
    22:17:21.0013 4132 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    22:17:21.0016 4132 SiSRaid4 - ok
    22:17:21.0054 4132 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:17:21.0059 4132 SkypeUpdate - ok
    22:17:21.0077 4132 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:17:21.0081 4132 Smb - ok
    22:17:21.0123 4132 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:17:21.0128 4132 SNMPTRAP - ok
    22:17:21.0143 4132 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:17:21.0146 4132 spldr - ok
    22:17:21.0176 4132 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    22:17:21.0218 4132 Spooler - ok
    22:17:21.0310 4132 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:17:21.0406 4132 sppsvc - ok
    22:17:21.0431 4132 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:17:21.0440 4132 sppuinotify - ok
    22:17:21.0463 4132 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:17:21.0472 4132 srv - ok
    22:17:21.0486 4132 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:17:21.0494 4132 srv2 - ok
    22:17:21.0521 4132 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    22:17:21.0528 4132 SrvHsfHDA - ok
    22:17:21.0565 4132 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    22:17:21.0600 4132 SrvHsfV92 - ok
    22:17:21.0625 4132 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    22:17:21.0646 4132 SrvHsfWinac - ok
    22:17:21.0667 4132 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:17:21.0673 4132 srvnet - ok
    22:17:21.0697 4132 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:17:21.0703 4132 SSDPSRV - ok
    22:17:21.0719 4132 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:17:21.0724 4132 SstpSvc - ok
    22:17:21.0746 4132 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    22:17:21.0749 4132 stexstor - ok
    22:17:21.0787 4132 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    22:17:21.0789 4132 StillCam - ok
    22:17:21.0815 4132 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:17:21.0846 4132 stisvc - ok
    22:17:21.0871 4132 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    22:17:21.0873 4132 swenum - ok
    22:17:21.0891 4132 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:17:21.0924 4132 swprv - ok
    22:17:21.0982 4132 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    22:17:22.0012 4132 SynTP - ok
    22:17:22.0053 4132 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:17:22.0096 4132 SysMain - ok
    22:17:22.0118 4132 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:17:22.0122 4132 TabletInputService - ok
    22:17:22.0140 4132 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:17:22.0148 4132 TapiSrv - ok
    22:17:22.0159 4132 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:17:22.0163 4132 TBS - ok
    22:17:22.0214 4132 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:17:22.0256 4132 Tcpip - ok
    22:17:22.0313 4132 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:17:22.0326 4132 TCPIP6 - ok
    22:17:22.0356 4132 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:17:22.0359 4132 tcpipreg - ok
    22:17:22.0385 4132 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:17:22.0388 4132 TDPIPE - ok
    22:17:22.0412 4132 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:17:22.0428 4132 TDTCP - ok
    22:17:22.0458 4132 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:17:22.0462 4132 tdx - ok
    22:17:22.0485 4132 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    22:17:22.0488 4132 TermDD - ok
    22:17:22.0514 4132 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:17:22.0535 4132 TermService - ok
    22:17:22.0551 4132 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:17:22.0555 4132 Themes - ok
    22:17:22.0576 4132 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:17:22.0578 4132 THREADORDER - ok
    22:17:22.0595 4132 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:17:22.0628 4132 TrkWks - ok
    22:17:22.0667 4132 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:17:22.0674 4132 TrustedInstaller - ok
    22:17:22.0697 4132 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:17:22.0700 4132 tssecsrv - ok
    22:17:22.0746 4132 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:17:22.0749 4132 TsUsbFlt - ok
    22:17:22.0775 4132 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:17:22.0779 4132 tunnel - ok
    22:17:22.0803 4132 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    22:17:22.0806 4132 uagp35 - ok
    22:17:22.0826 4132 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:17:22.0833 4132 udfs - ok
    22:17:22.0855 4132 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:17:22.0870 4132 UI0Detect - ok
    22:17:22.0909 4132 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:17:22.0938 4132 uliagpkx - ok
    22:17:22.0975 4132 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    22:17:22.0980 4132 umbus - ok
    22:17:23.0006 4132 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:17:23.0010 4132 UmPass - ok
    22:17:23.0195 4132 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:17:23.0270 4132 UNS - ok
    22:17:23.0313 4132 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:17:23.0322 4132 upnphost - ok
    22:17:23.0365 4132 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    22:17:23.0368 4132 USBAAPL64 - ok
    22:17:23.0386 4132 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:17:23.0390 4132 usbccgp - ok
    22:17:23.0406 4132 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:17:23.0409 4132 usbcir - ok
    22:17:23.0424 4132 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    22:17:23.0428 4132 usbehci - ok
    22:17:23.0445 4132 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:17:23.0452 4132 usbhub - ok
    22:17:23.0467 4132 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    22:17:23.0471 4132 usbohci - ok
    22:17:23.0499 4132 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    22:17:23.0513 4132 usbprint - ok
    22:17:23.0537 4132 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    22:17:23.0540 4132 usbscan - ok
    22:17:23.0558 4132 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:17:23.0562 4132 USBSTOR - ok
    22:17:23.0574 4132 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:17:23.0576 4132 usbuhci - ok
    22:17:23.0606 4132 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    22:17:23.0610 4132 usbvideo - ok
    22:17:23.0636 4132 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:17:23.0640 4132 UxSms - ok
    22:17:23.0646 4132 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:17:23.0648 4132 VaultSvc - ok
    22:17:23.0667 4132 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:17:23.0671 4132 vdrvroot - ok
    22:17:23.0694 4132 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:17:23.0712 4132 vds - ok
    22:17:23.0737 4132 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:17:23.0740 4132 vga - ok
    22:17:23.0753 4132 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:17:23.0756 4132 VgaSave - ok
    22:17:23.0774 4132 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:17:23.0780 4132 vhdmp - ok
    22:17:23.0796 4132 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:17:23.0799 4132 viaide - ok
    22:17:23.0820 4132 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:17:23.0823 4132 volmgr - ok
    22:17:23.0851 4132 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:17:23.0857 4132 volmgrx - ok
    22:17:23.0876 4132 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:17:23.0882 4132 volsnap - ok
    22:17:23.0922 4132 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    22:17:23.0931 4132 vsmraid - ok
    22:17:23.0977 4132 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:17:24.0008 4132 VSS - ok
    22:17:24.0025 4132 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:17:24.0027 4132 vwifibus - ok
    22:17:24.0056 4132 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:17:24.0059 4132 vwififlt - ok
    22:17:24.0088 4132 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:17:24.0096 4132 W32Time - ok
    22:17:24.0122 4132 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    22:17:24.0125 4132 WacomPen - ok
    22:17:24.0151 4132 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:17:24.0154 4132 WANARP - ok
    22:17:24.0158 4132 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:17:24.0160 4132 Wanarpv6 - ok
    22:17:24.0217 4132 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:17:24.0284 4132 WatAdminSvc - ok
    22:17:24.0334 4132 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:17:24.0407 4132 wbengine - ok
    22:17:24.0435 4132 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:17:24.0442 4132 WbioSrvc - ok
    22:17:24.0475 4132 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:17:24.0500 4132 wcncsvc - ok
    22:17:24.0513 4132 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:17:24.0541 4132 WcsPlugInService - ok
    22:17:24.0569 4132 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    22:17:24.0571 4132 Wd - ok
    22:17:24.0592 4132 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    22:17:24.0594 4132 WDC_SAM - ok
    22:17:24.0637 4132 [ EAB3C68E3C38646AC5D5225F9D943D12 ] WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    22:17:25.0140 4132 WDDMService.exe - ok
    22:17:25.0179 4132 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:17:25.0205 4132 Wdf01000 - ok
    22:17:25.0222 4132 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:17:25.0228 4132 WdiServiceHost - ok
    22:17:25.0235 4132 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:17:25.0238 4132 WdiSystemHost - ok
    22:17:25.0290 4132 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    22:17:25.0960 4132 WDSmartWareBackgroundService - ok
    22:17:25.0990 4132 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:17:25.0997 4132 WebClient - ok
    22:17:26.0020 4132 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:17:26.0027 4132 Wecsvc - ok
    22:17:26.0038 4132 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:17:26.0042 4132 wercplsupport - ok
    22:17:26.0066 4132 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:17:26.0070 4132 WerSvc - ok
    22:17:26.0108 4132 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:17:26.0110 4132 WfpLwf - ok
    22:17:26.0127 4132 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:17:26.0129 4132 WIMMount - ok
    22:17:26.0144 4132 WinHttpAutoProxySvc - ok
    22:17:26.0190 4132 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:17:26.0196 4132 Winmgmt - ok
    22:17:26.0246 4132 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:17:26.0297 4132 WinRM - ok
    22:17:26.0333 4132 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    22:17:26.0336 4132 WinUsb - ok
    22:17:26.0368 4132 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:17:26.0393 4132 Wlansvc - ok
    22:17:26.0521 4132 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:17:26.0580 4132 wlidsvc - ok
    22:17:26.0611 4132 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    22:17:26.0613 4132 WmiAcpi - ok
    22:17:26.0641 4132 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:17:26.0647 4132 wmiApSrv - ok
    22:17:26.0665 4132 WMPNetworkSvc - ok
    22:17:26.0690 4132 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:17:26.0723 4132 WPCSvc - ok
    22:17:26.0747 4132 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:17:26.0754 4132 WPDBusEnum - ok
    22:17:26.0774 4132 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:17:26.0776 4132 ws2ifsl - ok
    22:17:26.0782 4132 WSearch - ok
    22:17:26.0843 4132 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    22:17:26.0903 4132 wuauserv - ok
    22:17:26.0925 4132 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:17:26.0928 4132 WudfPf - ok
    22:17:26.0949 4132 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:17:26.0953 4132 WUDFRd - ok
    22:17:26.0970 4132 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:17:27.0013 4132 wudfsvc - ok
    22:17:27.0035 4132 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:17:27.0059 4132 WwanSvc - ok
    22:17:27.0093 4132 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    22:17:27.0102 4132 yukonw7 - ok
    22:17:27.0121 4132 ================ Scan global ===============================
    22:17:27.0141 4132 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:17:27.0163 4132 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    22:17:27.0175 4132 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    22:17:27.0194 4132 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:17:27.0212 4132 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:17:27.0219 4132 [Global] - ok
    22:17:27.0220 4132 ================ Scan MBR ==================================
    22:17:27.0229 4132 [ 33FC832430A67035AF985B98DB77DEF9 ] \Device\Harddisk0\DR0
    22:17:27.0522 4132 \Device\Harddisk0\DR0 - ok
    22:17:27.0523 4132 ================ Scan VBR ==================================
    22:17:27.0528 4132 [ 2FEB82B3A42E5476932B0D67585DFD49 ] \Device\Harddisk0\DR0\Partition1
    22:17:27.0533 4132 \Device\Harddisk0\DR0\Partition1 - ok
    22:17:27.0551 4132 [ F9F50A876598DDC86E2E5573E7E2E688 ] \Device\Harddisk0\DR0\Partition2
    22:17:27.0554 4132 \Device\Harddisk0\DR0\Partition2 - ok
    22:17:27.0588 4132 [ 4DCB12C6EA7A776D924BC5BECFCA9F71 ] \Device\Harddisk0\DR0\Partition3
    22:17:27.0592 4132 \Device\Harddisk0\DR0\Partition3 - ok
    22:17:27.0631 4132 [ DBA47EB2BBE554EDDD649EBB3863E592 ] \Device\Harddisk0\DR0\Partition4
    22:17:27.0633 4132 \Device\Harddisk0\DR0\Partition4 - ok
    22:17:27.0634 4132 ============================================================
    22:17:27.0634 4132 Scan finished
    22:17:27.0634 4132 ============================================================
    22:17:27.0738 6076 Detected object count: 0
    22:17:27.0738 6076 Actual detected object count: 0
    22:17:45.0894 6572 ============================================================
    22:17:45.0894 6572 Scan started
    22:17:45.0894 6572 Mode: Manual;
    22:17:45.0894 6572 ============================================================
    22:17:46.0324 6572 ================ Scan system memory ========================
    22:17:46.0324 6572 System memory - ok
    22:17:46.0325 6572 ================ Scan services =============================
    22:17:46.0514 6572 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:17:46.0517 6572 1394ohci - ok
    22:17:46.0539 6572 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:17:46.0543 6572 ACPI - ok
    22:17:46.0565 6572 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:17:46.0566 6572 AcpiPmi - ok
    22:17:46.0657 6572 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:17:46.0659 6572 AdobeARMservice - ok
    22:17:46.0769 6572 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:17:46.0773 6572 AdobeFlashPlayerUpdateSvc - ok
    22:17:46.0807 6572 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    22:17:46.0811 6572 adp94xx - ok
    22:17:46.0832 6572 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    22:17:46.0835 6572 adpahci - ok
    22:17:46.0856 6572 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    22:17:46.0857 6572 adpu320 - ok
    22:17:46.0879 6572 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:17:46.0881 6572 AeLookupSvc - ok
    22:17:46.0934 6572 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    22:17:46.0935 6572 AERTFilters - ok
    22:17:46.0966 6572 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:17:46.0970 6572 AFD - ok
    22:17:47.0013 6572 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    22:17:47.0022 6572 AgereSoftModem - ok
    22:17:47.0053 6572 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:17:47.0054 6572 agp440 - ok
    22:17:47.0068 6572 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:17:47.0069 6572 ALG - ok
    22:17:47.0084 6572 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:17:47.0084 6572 aliide - ok
    22:17:47.0096 6572 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:17:47.0096 6572 amdide - ok
    22:17:47.0128 6572 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    22:17:47.0130 6572 AmdK8 - ok
    22:17:47.0139 6572 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    22:17:47.0140 6572 AmdPPM - ok
    22:17:47.0166 6572 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:17:47.0167 6572 amdsata - ok
    22:17:47.0194 6572 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    22:17:47.0195 6572 amdsbs - ok
    22:17:47.0212 6572 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:17:47.0213 6572 amdxata - ok
    22:17:47.0240 6572 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:17:47.0241 6572 AppID - ok
    22:17:47.0259 6572 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:17:47.0260 6572 AppIDSvc - ok
    22:17:47.0287 6572 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:17:47.0288 6572 Appinfo - ok
    22:17:47.0342 6572 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:17:47.0344 6572 Apple Mobile Device - ok
    22:17:47.0371 6572 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    22:17:47.0372 6572 arc - ok
    22:17:47.0395 6572 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    22:17:47.0397 6572 arcsas - ok
    22:17:47.0408 6572 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:17:47.0409 6572 AsyncMac - ok
    22:17:47.0427 6572 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:17:47.0427 6572 atapi - ok
    22:17:47.0474 6572 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    22:17:47.0483 6572 athr - ok
    22:17:47.0509 6572 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:17:47.0516 6572 AudioEndpointBuilder - ok
    22:17:47.0534 6572 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:17:47.0539 6572 AudioSrv - ok
    22:17:47.0686 6572 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    22:17:47.0717 6572 AVGIDSAgent - ok
    22:17:47.0757 6572 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    22:17:47.0760 6572 AVGIDSDriver - ok
    22:17:47.0786 6572 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    22:17:47.0788 6572 AVGIDSHA - ok
    22:17:47.0807 6572 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    22:17:47.0810 6572 Avgldx64 - ok
    22:17:47.0830 6572 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    22:17:47.0833 6572 Avgloga - ok
    22:17:47.0858 6572 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    22:17:47.0860 6572 Avgmfx64 - ok
    22:17:47.0871 6572 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    22:17:47.0872 6572 Avgrkx64 - ok
    22:17:47.0892 6572 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    22:17:47.0894 6572 Avgtdia - ok
    22:17:47.0925 6572 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    22:17:47.0931 6572 avgwd - ok
    22:17:47.0955 6572 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:17:47.0956 6572 AxInstSV - ok
    22:17:47.0988 6572 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    22:17:47.0990 6572 b06bdrv - ok
    22:17:48.0013 6572 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:17:48.0015 6572 b57nd60a - ok
    22:17:48.0084 6572 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    22:17:48.0101 6572 BCM43XX - ok
    22:17:48.0136 6572 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:17:48.0137 6572 BDESVC - ok
    22:17:48.0145 6572 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:17:48.0146 6572 Beep - ok
    22:17:48.0188 6572 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    22:17:48.0192 6572 BFE - ok
    22:17:48.0342 6572 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    22:17:48.0354 6572 BITS - ok
    22:17:48.0381 6572 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:17:48.0382 6572 blbdrive - ok
    22:17:48.0422 6572 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:17:48.0427 6572 Bonjour Service - ok
    22:17:48.0452 6572 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:17:48.0453 6572 bowser - ok
    22:17:48.0465 6572 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:17:48.0466 6572 BrFiltLo - ok
    22:17:48.0485 6572 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:17:48.0485 6572 BrFiltUp - ok
    22:17:48.0505 6572 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    22:17:48.0507 6572 BridgeMP - ok
    22:17:48.0533 6572 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:17:48.0535 6572 Browser - ok
    22:17:48.0552 6572 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:17:48.0555 6572 Brserid - ok
    22:17:48.0586 6572 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:17:48.0587 6572 BrSerWdm - ok
    22:17:48.0597 6572 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:17:48.0597 6572 BrUsbMdm - ok
    22:17:48.0612 6572 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:17:48.0612 6572 BrUsbSer - ok
    22:17:48.0636 6572 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    22:17:48.0637 6572 BthEnum - ok
    22:17:48.0650 6572 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    22:17:48.0651 6572 BTHMODEM - ok
    22:17:48.0677 6572 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    22:17:48.0678 6572 BthPan - ok
    22:17:48.0706 6572 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    22:17:48.0710 6572 BTHPORT - ok
    22:17:48.0737 6572 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:17:48.0738 6572 bthserv - ok
    22:17:48.0759 6572 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    22:17:48.0760 6572 BTHUSB - ok
    22:17:48.0785 6572 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    22:17:48.0786 6572 BVRPMPR5a64 - ok
    22:17:48.0801 6572 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:17:48.0802 6572 cdfs - ok
    22:17:48.0833 6572 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    22:17:48.0835 6572 cdrom - ok
    22:17:48.0856 6572 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:17:48.0857 6572 CertPropSvc - ok
    22:17:48.0895 6572 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    22:17:48.0897 6572 CinemaNow Service - ok
    22:17:48.0909 6572 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    22:17:48.0910 6572 circlass - ok
    22:17:48.0954 6572 [ 6C99DE57C87D6F3EE85998A7E49F7BF9 ] CLDTVHNService C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
    22:17:48.0956 6572 CLDTVHNService - ok
    22:17:48.0979 6572 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:17:48.0982 6572 CLFS - ok
    22:17:49.0042 6572 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:17:49.0044 6572 clr_optimization_v2.0.50727_32 - ok
    22:17:49.0082 6572 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:17:49.0084 6572 clr_optimization_v2.0.50727_64 - ok
    22:17:49.0135 6572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:17:49.0137 6572 clr_optimization_v4.0.30319_32 - ok
    22:17:49.0171 6572 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:17:49.0172 6572 clr_optimization_v4.0.30319_64 - ok
    22:17:49.0191 6572 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
    22:17:49.0191 6572 clwvd - ok
    22:17:49.0218 6572 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:17:49.0219 6572 CmBatt - ok
    22:17:49.0243 6572 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:17:49.0244 6572 cmdide - ok
    22:17:49.0273 6572 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    22:17:49.0276 6572 CNG - ok
    22:17:49.0285 6572 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    22:17:49.0285 6572 Compbatt - ok
    22:17:49.0305 6572 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    22:17:49.0306 6572 CompositeBus - ok
    22:17:49.0311 6572 COMSysApp - ok
    22:17:49.0331 6572 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    22:17:49.0332 6572 crcdisk - ok
    22:17:49.0357 6572 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:17:49.0359 6572 CryptSvc - ok
    22:17:49.0380 6572 [ EB7439918F3E04B51CD8822FD8C8E018 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
    22:17:49.0381 6572 ctxusbm - ok
    22:17:49.0444 6572 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    22:17:49.0454 6572 cvhsvc - ok
    22:17:49.0488 6572 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:17:49.0493 6572 DcomLaunch - ok
    22:17:49.0526 6572 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:17:49.0528 6572 defragsvc - ok
    22:17:49.0550 6572 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:17:49.0551 6572 DfsC - ok
    22:17:49.0568 6572 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:17:49.0570 6572 Dhcp - ok
    22:17:49.0596 6572 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:17:49.0597 6572 discache - ok
    22:17:49.0608 6572 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    22:17:49.0609 6572 Disk - ok
    22:17:49.0639 6572 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:17:49.0640 6572 Dnscache - ok
    22:17:49.0667 6572 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:17:49.0669 6572 dot3svc - ok
    22:17:49.0699 6572 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:17:49.0700 6572 DPS - ok
    22:17:49.0711 6572 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:17:49.0712 6572 drmkaud - ok
    22:17:49.0742 6572 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:17:49.0749 6572 DXGKrnl - ok
    22:17:49.0770 6572 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:17:49.0772 6572 EapHost - ok
    22:17:49.0855 6572 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    22:17:49.0878 6572 ebdrv - ok
    22:17:49.0896 6572 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:17:49.0898 6572 EFS - ok
    22:17:49.0941 6572 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:17:49.0945 6572 ehRecvr - ok
    22:17:49.0965 6572 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:17:49.0966 6572 ehSched - ok
    22:17:49.0991 6572 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    22:17:49.0995 6572 elxstor - ok
    22:17:50.0004 6572 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:17:50.0004 6572 ErrDev - ok
    22:17:50.0029 6572 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:17:50.0032 6572 EventSystem - ok
    22:17:50.0049 6572 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:17:50.0051 6572 exfat - ok
    22:17:50.0071 6572 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:17:50.0073 6572 fastfat - ok
    22:17:50.0114 6572 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:17:50.0119 6572 Fax - ok
    22:17:50.0136 6572 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    22:17:50.0137 6572 fdc - ok
    22:17:50.0153 6572 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:17:50.0154 6572 fdPHost - ok
    22:17:50.0164 6572 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:17:50.0165 6572 FDResPub - ok
    22:17:50.0173 6572 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:17:50.0174 6572 FileInfo - ok
    22:17:50.0187 6572 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:17:50.0188 6572 Filetrace - ok
    22:17:50.0205 6572 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    22:17:50.0205 6572 flpydisk - ok
    22:17:50.0224 6572 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:17:50.0226 6572 FltMgr - ok
    22:17:50.0263 6572 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
    22:17:50.0269 6572 FontCache - ok
    22:17:50.0304 6572 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:17:50.0305 6572 FontCache3.0.0.0 - ok
    22:17:50.0321 6572 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:17:50.0322 6572 FsDepends - ok
    22:17:50.0343 6572 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:17:50.0344 6572 Fs_Rec - ok
    22:17:50.0368 6572 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:17:50.0370 6572 fvevol - ok
    22:17:50.0388 6572 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:17:50.0389 6572 gagp30kx - ok
    22:17:50.0429 6572 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    22:17:50.0431 6572 GameConsoleService - ok
    22:17:50.0449 6572 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:17:50.0450 6572 GEARAspiWDM - ok
    22:17:50.0480 6572 [ 78DF6B481A14C0C6532BCC9E6BD3B259 ] GKUPRO2D C:\Windows\system32\Drivers\GKUPRO2D.sys
    22:17:50.0481 6572 GKUPRO2D - ok
    22:17:50.0526 6572 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:17:50.0532 6572 gpsvc - ok
    22:17:50.0562 6572 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:17:50.0563 6572 gupdate - ok
    22:17:50.0570 6572 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:17:50.0572 6572 gupdatem - ok
    22:17:50.0595 6572 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:17:50.0597 6572 gusvc - ok
    22:17:50.0617 6572 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:17:50.0618 6572 hcw85cir - ok
    22:17:50.0640 6572 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:17:50.0643 6572 HdAudAddService - ok
    22:17:50.0659 6572 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    22:17:50.0660 6572 HDAudBus - ok
    22:17:50.0685 6572 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    22:17:50.0686 6572 HECIx64 - ok
    22:17:50.0699 6572 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    22:17:50.0700 6572 HidBatt - ok
    22:17:50.0716 6572 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    22:17:50.0718 6572 HidBth - ok
    22:17:50.0748 6572 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    22:17:50.0749 6572 HidIr - ok
    22:17:50.0774 6572 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    22:17:50.0775 6572 hidserv - ok
    22:17:50.0790 6572 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:17:50.0791 6572 HidUsb - ok
    22:17:50.0815 6572 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:17:50.0817 6572 hkmsvc - ok
    22:17:50.0846 6572 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:17:50.0849 6572 HomeGroupListener - ok
    22:17:50.0861 6572 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:17:50.0864 6572 HomeGroupProvider - ok
    22:17:50.0926 6572 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    22:17:50.0928 6572 HP Support Assistant Service - ok
    22:17:50.0965 6572 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    22:17:50.0967 6572 HP Wireless Assistant Service - ok
    22:17:51.0005 6572 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    22:17:51.0015 6572 hpqwmiex - ok
    22:17:51.0043 6572 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:17:51.0044 6572 HpSAMD - ok
    22:17:51.0083 6572 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    22:17:51.0084 6572 HPWMISVC - ok
    22:17:51.0128 6572 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:17:51.0135 6572 HTTP - ok
    22:17:51.0156 6572 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:17:51.0157 6572 hwpolicy - ok
    22:17:51.0176 6572 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    22:17:51.0177 6572 i8042prt - ok
    22:17:51.0198 6572 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    22:17:51.0202 6572 iaStor - ok
    22:17:51.0245 6572 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    22:17:51.0245 6572 IAStorDataMgrSvc - ok
    22:17:51.0263 6572 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:17:51.0265 6572 iaStorV - ok
    22:17:51.0312 6572 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:17:51.0317 6572 idsvc - ok
    22:17:51.0516 6572 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:17:51.0571 6572 igfx - ok
    22:17:51.0612 6572 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    22:17:51.0613 6572 iirsp - ok
    22:17:51.0650 6572 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:17:51.0656 6572 IKEEXT - ok
    22:17:51.0716 6572 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:17:51.0731 6572 IntcAzAudAddService - ok
    22:17:51.0771 6572 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    22:17:51.0773 6572 IntcDAud - ok
    22:17:51.0791 6572 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:17:51.0792 6572 intelide - ok
    22:17:51.0804 6572 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:17:51.0805 6572 intelppm - ok
    22:17:51.0829 6572 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:17:51.0831 6572 IPBusEnum - ok
    22:17:51.0851 6572 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:17:51.0852 6572 IpFilterDriver - ok
    22:17:51.0873 6572 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:17:51.0874 6572 IPMIDRV - ok
    22:17:51.0886 6572 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:17:51.0888 6572 IPNAT - ok
    22:17:51.0927 6572 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:17:51.0931 6572 iPod Service - ok
    22:17:51.0941 6572 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:17:51.0942 6572 IRENUM - ok
    22:17:51.0961 6572 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:17:51.0962 6572 isapnp - ok
    22:17:51.0976 6572 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:17:51.0978 6572 iScsiPrt - ok
    22:17:51.0992 6572 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:17:51.0993 6572 kbdclass - ok
    22:17:52.0005 6572 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:17:52.0006 6572 kbdhid - ok
    22:17:52.0017 6572 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:17:52.0018 6572 KeyIso - ok
    22:17:52.0039 6572 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:17:52.0040 6572 KSecDD - ok
    22:17:52.0065 6572 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:17:52.0066 6572 KSecPkg - ok
    22:17:52.0175 6572 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    22:17:52.0177 6572 KSS - ok
    22:17:52.0199 6572 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:17:52.0199 6572 ksthunk - ok
    22:17:52.0232 6572 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:17:52.0236 6572 KtmRm - ok
    22:17:52.0265 6572 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    22:17:52.0267 6572 LanmanServer - ok
    22:17:52.0299 6572 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:17:52.0301 6572 LanmanWorkstation - ok
    22:17:52.0342 6572 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    22:17:52.0344 6572 LightScribeService - ok
    22:17:52.0361 6572 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:17:52.0362 6572 lltdio - ok
    22:17:52.0397 6572 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:17:52.0401 6572 lltdsvc - ok
    22:17:52.0420 6572 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:17:52.0422 6572 lmhosts - ok
    22:17:52.0470 6572 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:17:52.0474 6572 LMS - ok
    22:17:52.0510 6572 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:17:52.0512 6572 LSI_FC - ok
    22:17:52.0544 6572 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:17:52.0546 6572 LSI_SAS - ok
    22:17:52.0562 6572 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:17:52.0563 6572 LSI_SAS2 - ok
    22:17:52.0582 6572 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:17:52.0583 6572 LSI_SCSI - ok
    22:17:52.0600 6572 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:17:52.0602 6572 luafv - ok
    22:17:52.0626 6572 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:17:52.0628 6572 Mcx2Svc - ok
    22:17:52.0651 6572 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    22:17:52.0652 6572 megasas - ok
    22:17:52.0667 6572 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    22:17:52.0669 6572 MegaSR - ok
    22:17:52.0696 6572 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:17:52.0697 6572 MMCSS - ok
    22:17:52.0708 6572 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:17:52.0709 6572 Modem - ok
    22:17:52.0724 6572 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:17:52.0725 6572 monitor - ok
    22:17:52.0748 6572 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    22:17:52.0749 6572 mouclass - ok
    22:17:52.0763 6572 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:17:52.0764 6572 mouhid - ok
    22:17:52.0783 6572 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:17:52.0784 6572 mountmgr - ok
    22:17:52.0825 6572 [ 7E164DE3EE617E3A7EAD9ADB471D6AAD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:17:52.0827 6572 MozillaMaintenance - ok
    22:17:52.0855 6572 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:17:52.0858 6572 mpio - ok
    22:17:52.0875 6572 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:17:52.0877 6572 mpsdrv - ok
    22:17:52.0917 6572 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    22:17:52.0926 6572 MpsSvc - ok
    22:17:52.0951 6572 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:17:52.0952 6572 MRxDAV - ok
    22:17:52.0972 6572 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:17:52.0973 6572 mrxsmb - ok
    22:17:53.0002 6572 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:17:53.0004 6572 mrxsmb10 - ok
    22:17:53.0016 6572 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:17:53.0017 6572 mrxsmb20 - ok
    22:17:53.0026 6572 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:17:53.0027 6572 msahci - ok
    22:17:53.0045 6572 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:17:53.0047 6572 msdsm - ok
    22:17:53.0071 6572 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:17:53.0073 6572 MSDTC - ok
    22:17:53.0097 6572 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:17:53.0098 6572 Msfs - ok
    22:17:53.0110 6572 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:17:53.0111 6572 mshidkmdf - ok
    22:17:53.0120 6572 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:17:53.0120 6572 msisadrv - ok
    22:17:53.0148 6572 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:17:53.0150 6572 MSiSCSI - ok
    22:17:53.0153 6572 msiserver - ok
    22:17:53.0165 6572 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:17:53.0166 6572 MSKSSRV - ok
    22:17:53.0180 6572 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:17:53.0180 6572 MSPCLOCK - ok
    22:17:53.0191 6572 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:17:53.0192 6572 MSPQM - ok
    22:17:53.0222 6572 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:17:53.0225 6572 MsRPC - ok
    22:17:53.0237 6572 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    22:17:53.0238 6572 mssmbios - ok
    22:17:53.0243 6572 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:17:53.0243 6572 MSTEE - ok
    22:17:53.0253 6572 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    22:17:53.0254 6572 MTConfig - ok
    22:17:53.0271 6572 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:17:53.0272 6572 Mup - ok
    22:17:53.0303 6572 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:17:53.0307 6572 napagent - ok
    22:17:53.0327 6572 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:17:53.0329 6572 NativeWifiP - ok
    22:17:53.0371 6572 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:17:53.0377 6572 NDIS - ok
    22:17:53.0390 6572 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:17:53.0391 6572 NdisCap - ok
    22:17:53.0403 6572 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:17:53.0404 6572 NdisTapi - ok
    22:17:53.0428 6572 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:17:53.0429 6572 Ndisuio - ok
    22:17:53.0452 6572 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:17:53.0453 6572 NdisWan - ok
    22:17:53.0485 6572 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:17:53.0486 6572 NDProxy - ok
    22:17:53.0496 6572 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:17:53.0497 6572 NetBIOS - ok
    22:17:53.0521 6572 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:17:53.0524 6572 NetBT - ok
    22:17:53.0535 6572 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:17:53.0536 6572 Netlogon - ok
    22:17:53.0559 6572 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:17:53.0563 6572 Netman - ok
    22:17:53.0580 6572 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:17:53.0584 6572 netprofm - ok
    22:17:53.0613 6572 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:17:53.0615 6572 NetTcpPortSharing - ok
    22:17:53.0722 6572 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    22:17:53.0750 6572 netw5v64 - ok
    22:17:53.0785 6572 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    22:17:53.0785 6572 nfrd960 - ok
    22:17:53.0811 6572 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:17:53.0814 6572 NlaSvc - ok
    22:17:53.0883 6572 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    22:17:53.0901 6572 NOBU - ok
    22:17:53.0923 6572 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:17:53.0924 6572 Npfs - ok
    22:17:53.0938 6572 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:17:53.0939 6572 nsi - ok
    22:17:53.0947 6572 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:17:53.0947 6572 nsiproxy - ok
    22:17:53.0994 6572 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:17:54.0005 6572 Ntfs - ok
    22:17:54.0027 6572 [ 10694A19236A6355741914C3737CF3A5 ] ntk_dtv C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys
    22:17:54.0028 6572 ntk_dtv - ok
    22:17:54.0041 6572 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:17:54.0042 6572 Null - ok
    22:17:54.0074 6572 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:17:54.0075 6572 nvraid - ok
    22:17:54.0092 6572 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:17:54.0094 6572 nvstor - ok
    22:17:54.0113 6572 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:17:54.0114 6572 nv_agp - ok
    22:17:54.0139 6572 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:17:54.0140 6572 ohci1394 - ok
    22:17:54.0171 6572 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:17:54.0172 6572 ose - ok
    22:17:54.0324 6572 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:17:54.0350 6572 osppsvc - ok
    22:17:54.0389 6572 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:17:54.0393 6572 p2pimsvc - ok
    22:17:54.0421 6572 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:17:54.0425 6572 p2psvc - ok
    22:17:54.0452 6572 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    22:17:54.0453 6572 Parport - ok
    22:17:54.0482 6572 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:17:54.0483 6572 partmgr - ok
    22:17:54.0501 6572 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:17:54.0503 6572 PcaSvc - ok
    22:17:54.0520 6572 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:17:54.0522 6572 pci - ok
    22:17:54.0549 6572 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:17:54.0550 6572 pciide - ok
    22:17:54.0583 6572 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    22:17:54.0585 6572 pcmcia - ok
    22:17:54.0607 6572 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:17:54.0608 6572 pcw - ok
    22:17:54.0628 6572 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:17:54.0633 6572 PEAUTH - ok
    22:17:54.0706 6572 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:17:54.0708 6572 PerfHost - ok
    22:17:54.0768 6572 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:17:54.0781 6572 pla - ok
    22:17:54.0828 6572 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:17:54.0833 6572 PlugPlay - ok
    22:17:54.0852 6572 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:17:54.0854 6572 PNRPAutoReg - ok
    22:17:54.0868 6572 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:17:54.0872 6572 PNRPsvc - ok
    22:17:54.0896 6572 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:17:54.0901 6572 PolicyAgent - ok
    22:17:54.0931 6572 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:17:54.0935 6572 Power - ok
    22:17:54.0948 6572 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:17:54.0949 6572 PptpMiniport - ok
    22:17:54.0974 6572 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    22:17:54.0975 6572 Processor - ok
    22:17:55.0001 6572 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:17:55.0005 6572 ProfSvc - ok
    22:17:55.0020 6572 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:17:55.0022 6572 ProtectedStorage - ok
    22:17:55.0054 6572 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:17:55.0056 6572 Psched - ok
    22:17:55.0081 6572 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
    22:17:55.0082 6572 PSI - ok
    22:17:55.0125 6572 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    22:17:55.0137 6572 ql2300 - ok
    22:17:55.0176 6572 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    22:17:55.0178 6572 ql40xx - ok
    22:17:55.0200 6572 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:17:55.0204 6572 QWAVE - ok
    22:17:55.0228 6572 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:17:55.0229 6572 QWAVEdrv - ok
    22:17:55.0242 6572 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:17:55.0243 6572 RasAcd - ok
    22:17:55.0254 6572 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:17:55.0255 6572 RasAgileVpn - ok
    22:17:55.0266 6572 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:17:55.0269 6572 RasAuto - ok
    22:17:55.0285 6572 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:17:55.0287 6572 Rasl2tp - ok
    22:17:55.0313 6572 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:17:55.0317 6572 RasMan - ok
    22:17:55.0332 6572 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:17:55.0334 6572 RasPppoe - ok
    22:17:55.0345 6572 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:17:55.0346 6572 RasSstp - ok
    22:17:55.0357 6572 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:17:55.0360 6572 rdbss - ok
    22:17:55.0374 6572 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    22:17:55.0375 6572 rdpbus - ok
    22:17:55.0390 6572 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:17:55.0390 6572 RDPCDD - ok
    22:17:55.0402 6572 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:17:55.0403 6572 RDPENCDD - ok
    22:17:55.0414 6572 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:17:55.0415 6572 RDPREFMP - ok
    22:17:55.0438 6572 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:17:55.0439 6572 RDPWD - ok
    22:17:55.0466 6572 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:17:55.0467 6572 rdyboost - ok
    22:17:55.0491 6572 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:17:55.0493 6572 RemoteAccess - ok
    22:17:55.0520 6572 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:17:55.0523 6572 RemoteRegistry - ok
    22:17:55.0545 6572 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    22:17:55.0547 6572 RFCOMM - ok
    22:17:55.0561 6572 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:17:55.0563 6572 RpcEptMapper - ok
    22:17:55.0570 6572 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:17:55.0572 6572 RpcLocator - ok
    22:17:55.0602 6572 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:17:55.0606 6572 RpcSs - ok
    22:17:55.0629 6572 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:17:55.0630 6572 rspndr - ok
    22:17:55.0647 6572 [ 79BAD3E977966AF21DF982DEF5A99C76 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    22:17:55.0649 6572 RSUSBSTOR - ok
    22:17:55.0679 6572 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:17:55.0683 6572 RTL8167 - ok
    22:17:55.0724 6572 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    22:17:55.0726 6572 RtVOsdService - ok
    22:17:55.0738 6572 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:17:55.0739 6572 SamSs - ok
    22:17:55.0762 6572 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:17:55.0764 6572 sbp2port - ok
    22:17:55.0822 6572 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    22:17:55.0830 6572 SBSDWSCService - ok
    22:17:55.0859 6572 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:17:55.0862 6572 SCardSvr - ok
    22:17:55.0883 6572 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:17:55.0884 6572 scfilter - ok
    22:17:55.0917 6572 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:17:55.0928 6572 Schedule - ok
    22:17:55.0968 6572 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:17:55.0969 6572 SCPolicySvc - ok
    22:17:55.0994 6572 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    22:17:55.0995 6572 sdbus - ok
    22:17:56.0012 6572 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:17:56.0014 6572 SDRSVC - ok
    22:17:56.0037 6572 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:17:56.0037 6572 secdrv - ok
    22:17:56.0065 6572 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:17:56.0067 6572 seclogon - ok
    22:17:56.0135 6572 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    22:17:56.0152 6572 Secunia PSI Agent - ok
    22:17:56.0185 6572 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
    22:17:56.0189 6572 Secunia Update Agent - ok
    22:17:56.0213 6572 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    22:17:56.0215 6572 SENS - ok
    22:17:56.0226 6572 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:17:56.0227 6572 SensrSvc - ok
    22:17:56.0245 6572 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    22:17:56.0246 6572 Serenum - ok
    22:17:56.0270 6572 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    22:17:56.0271 6572 Serial - ok
    22:17:56.0284 6572 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    22:17:56.0285 6572 sermouse - ok
    22:17:56.0310 6572 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:17:56.0312 6572 SessionEnv - ok
    22:17:56.0337 6572 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:17:56.0338 6572 sffdisk - ok
    22:17:56.0345 6572 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:17:56.0346 6572 sffp_mmc - ok
    22:17:56.0360 6572 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:17:56.0361 6572 sffp_sd - ok
    22:17:56.0384 6572 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    22:17:56.0384 6572 sfloppy - ok
    22:17:56.0414 6572 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    22:17:56.0418 6572 Sftfs - ok
    22:17:56.0457 6572 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    22:17:56.0460 6572 sftlist - ok
    22:17:56.0477 6572 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    22:17:56.0479 6572 Sftplay - ok
    22:17:56.0489 6572 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    22:17:56.0489 6572 Sftredir - ok
    22:17:56.0499 6572 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    22:17:56.0499 6572 Sftvol - ok
    22:17:56.0511 6572 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    22:17:56.0513 6572 sftvsa - ok
    22:17:56.0541 6572 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    22:17:56.0544 6572 SharedAccess - ok
    22:17:56.0575 6572 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:17:56.0579 6572 ShellHWDetection - ok
    22:17:56.0605 6572 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:17:56.0606 6572 SiSRaid2 - ok
    22:17:56.0636 6572 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    22:17:56.0637 6572 SiSRaid4 - ok
    22:17:56.0677 6572 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:17:56.0678 6572 SkypeUpdate - ok
    22:17:56.0691 6572 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:17:56.0692 6572 Smb - ok
    22:17:56.0722 6572 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:17:56.0724 6572 SNMPTRAP - ok
    22:17:56.0732 6572 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:17:56.0733 6572 spldr - ok
    22:17:56.0766 6572 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    22:17:56.0772 6572 Spooler - ok
    22:17:56.0853 6572 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:17:56.0875 6572 sppsvc - ok
    22:17:56.0905 6572 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:17:56.0907 6572 sppuinotify - ok
    22:17:56.0938 6572 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:17:56.0941 6572 srv - ok
    22:17:56.0961 6572 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:17:56.0964 6572 srv2 - ok
    22:17:56.0979 6572 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    22:17:56.0981 6572 SrvHsfHDA - ok
    22:17:57.0022 6572 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    22:17:57.0031 6572 SrvHsfV92 - ok
    22:17:57.0066 6572 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    22:17:57.0071 6572 SrvHsfWinac - ok
    22:17:57.0084 6572 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:17:57.0086 6572 srvnet - ok
    22:17:57.0097 6572 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:17:57.0100 6572 SSDPSRV - ok
    22:17:57.0111 6572 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:17:57.0113 6572 SstpSvc - ok
    22:17:57.0146 6572 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    22:17:57.0147 6572 stexstor - ok
    22:17:57.0170 6572 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    22:17:57.0171 6572 StillCam - ok
    22:17:57.0198 6572 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:17:57.0204 6572 stisvc - ok
    22:17:57.0230 6572 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    22:17:57.0230 6572 swenum - ok
    22:17:57.0274 6572 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:17:57.0279 6572 swprv - ok
    22:17:57.0335 6572 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    22:17:57.0345 6572 SynTP - ok
    22:17:57.0412 6572 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:17:57.0430 6572 SysMain - ok
    22:17:57.0452 6572 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:17:57.0454 6572 TabletInputService - ok
    22:17:57.0482 6572 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:17:57.0485 6572 TapiSrv - ok
    22:17:57.0493 6572 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:17:57.0495 6572 TBS - ok
    22:17:57.0558 6572 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:17:57.0572 6572 Tcpip - ok
    22:17:57.0641 6572 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:17:57.0660 6572 TCPIP6 - ok
    22:17:57.0682 6572 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:17:57.0683 6572 tcpipreg - ok
    22:17:57.0711 6572 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:17:57.0712 6572 TDPIPE - ok
    22:17:57.0738 6572 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:17:57.0739 6572 TDTCP - ok
    22:17:57.0759 6572 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:17:57.0761 6572 tdx - ok
    22:17:57.0786 6572 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    22:17:57.0787 6572 TermDD - ok
    22:17:57.0807 6572 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:17:57.0813 6572 TermService - ok
    22:17:57.0835 6572 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:17:57.0837 6572 Themes - ok
    22:17:57.0860 6572 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:17:57.0862 6572 THREADORDER - ok
    22:17:57.0871 6572 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:17:57.0874 6572 TrkWks - ok
    22:17:57.0918 6572 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:17:57.0920 6572 TrustedInstaller - ok
    22:17:57.0949 6572 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:17:57.0950 6572 tssecsrv - ok
    22:17:57.0973 6572 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:17:57.0974 6572 TsUsbFlt - ok
    22:17:57.0994 6572 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:17:57.0995 6572 tunnel - ok
    22:17:58.0021 6572 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    22:17:58.0022 6572 uagp35 - ok
    22:17:58.0044 6572 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:17:58.0047 6572 udfs - ok
    22:17:58.0065 6572 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:17:58.0068 6572 UI0Detect - ok
    22:17:58.0086 6572 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:17:58.0087 6572 uliagpkx - ok
    22:17:58.0103 6572 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    22:17:58.0104 6572 umbus - ok
    22:17:58.0126 6572 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:17:58.0127 6572 UmPass - ok
    22:17:58.0247 6572 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:17:58.0263 6572 UNS - ok
    22:17:58.0300 6572 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:17:58.0304 6572 upnphost - ok
    22:17:58.0327 6572 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    22:17:58.0328 6572 USBAAPL64 - ok
    22:17:58.0340 6572 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:17:58.0342 6572 usbccgp - ok
    22:17:58.0352 6572 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:17:58.0353 6572 usbcir - ok
    22:17:58.0370 6572 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    22:17:58.0371 6572 usbehci - ok
    22:17:58.0407 6572 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:17:58.0410 6572 usbhub - ok
    22:17:58.0422 6572 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    22:17:58.0423 6572 usbohci - ok
    22:17:58.0446 6572 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    22:17:58.0446 6572 usbprint - ok
    22:17:58.0475 6572 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    22:17:58.0476 6572 usbscan - ok
    22:17:58.0488 6572 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:17:58.0489 6572 USBSTOR - ok
    22:17:58.0503 6572 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:17:58.0504 6572 usbuhci - ok
    22:17:58.0519 6572 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    22:17:58.0520 6572 usbvideo - ok
    22:17:58.0549 6572 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:17:58.0551 6572 UxSms - ok
    22:17:58.0560 6572 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:17:58.0561 6572 VaultSvc - ok
    22:17:58.0572 6572 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:17:58.0573 6572 vdrvroot - ok
    22:17:58.0600 6572 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:17:58.0604 6572 vds - ok
    22:17:58.0626 6572 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:17:58.0627 6572 vga - ok
    22:17:58.0642 6572 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:17:58.0643 6572 VgaSave - ok
    22:17:58.0663 6572 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:17:58.0664 6572 vhdmp - ok
    22:17:58.0677 6572 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:17:58.0678 6572 viaide - ok
    22:17:58.0692 6572 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:17:58.0693 6572 volmgr - ok
    22:17:58.0723 6572 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:17:58.0725 6572 volmgrx - ok
    22:17:58.0740 6572 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:17:58.0742 6572 volsnap - ok
    22:17:58.0769 6572 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    22:17:58.0771 6572 vsmraid - ok
    22:17:58.0814 6572 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:17:58.0827 6572 VSS - ok
    22:17:58.0872 6572 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:17:58.0872 6572 vwifibus - ok
    22:17:58.0886 6572 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:17:58.0887 6572 vwififlt - ok
    22:17:58.0918 6572 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:17:58.0924 6572 W32Time - ok
    22:17:58.0953 6572 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    22:17:58.0954 6572 WacomPen - ok
    22:17:58.0973 6572 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:17:58.0975 6572 WANARP - ok
    22:17:58.0980 6572 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:17:58.0981 6572 Wanarpv6 - ok
    22:17:59.0032 6572 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:17:59.0041 6572 WatAdminSvc - ok
    22:17:59.0088 6572 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:17:59.0097 6572 wbengine - ok
    22:17:59.0133 6572 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:17:59.0136 6572 WbioSrvc - ok
    22:17:59.0165 6572 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:17:59.0169 6572 wcncsvc - ok
    22:17:59.0179 6572 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:17:59.0181 6572 WcsPlugInService - ok
    22:17:59.0193 6572 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    22:17:59.0194 6572 Wd - ok
    22:17:59.0208 6572 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    22:17:59.0209 6572 WDC_SAM - ok
    22:17:59.0245 6572 [ EAB3C68E3C38646AC5D5225F9D943D12 ] WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    22:17:59.0246 6572 WDDMService.exe - ok
    22:17:59.0275 6572 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:17:59.0280 6572 Wdf01000 - ok
    22:17:59.0294 6572 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:17:59.0296 6572 WdiServiceHost - ok
    22:17:59.0301 6572 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:17:59.0304 6572 WdiSystemHost - ok
    22:17:59.0329 6572 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    22:17:59.0330 6572 WDSmartWareBackgroundService - ok
    22:17:59.0353 6572 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:17:59.0356 6572 WebClient - ok
    22:17:59.0366 6572 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:17:59.0370 6572 Wecsvc - ok
    22:17:59.0384 6572 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:17:59.0387 6572 wercplsupport - ok
    22:17:59.0403 6572 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:17:59.0405 6572 WerSvc - ok
    22:17:59.0429 6572 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:17:59.0430 6572 WfpLwf - ok
    22:17:59.0440 6572 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:17:59.0440 6572 WIMMount - ok
    22:17:59.0445 6572 WinHttpAutoProxySvc - ok
    22:17:59.0503 6572 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:17:59.0505 6572 Winmgmt - ok
    22:17:59.0556 6572 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:17:59.0568 6572 WinRM - ok
    22:17:59.0605 6572 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    22:17:59.0606 6572 WinUsb - ok
    22:17:59.0631 6572 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:17:59.0637 6572 Wlansvc - ok
    22:17:59.0722 6572 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:17:59.0736 6572 wlidsvc - ok
    22:17:59.0775 6572 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    22:17:59.0776 6572 WmiAcpi - ok
    22:17:59.0805 6572 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:17:59.0807 6572 wmiApSrv - ok
    22:17:59.0822 6572 WMPNetworkSvc - ok
    22:17:59.0838 6572 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:17:59.0840 6572 WPCSvc - ok
    22:17:59.0870 6572 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:17:59.0872 6572 WPDBusEnum - ok
    22:17:59.0895 6572 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:17:59.0896 6572 ws2ifsl - ok
    22:17:59.0901 6572 WSearch - ok
    22:17:59.0969 6572 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    22:17:59.0987 6572 wuauserv - ok
    22:18:00.0024 6572 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:18:00.0026 6572 WudfPf - ok
    22:18:00.0047 6572 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:18:00.0051 6572 WUDFRd - ok
    22:18:00.0068 6572 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:18:00.0071 6572 wudfsvc - ok
    22:18:00.0084 6572 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:18:00.0088 6572 WwanSvc - ok
    22:18:00.0109 6572 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    22:18:00.0113 6572 yukonw7 - ok
    22:18:00.0121 6572 ================ Scan global ===============================
    22:18:00.0140 6572 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:18:00.0163 6572 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    22:18:00.0179 6572 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    22:18:00.0201 6572 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:18:00.0220 6572 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:18:00.0223 6572 [Global] - ok
    22:18:00.0224 6572 ================ Scan MBR ==================================
    22:18:00.0237 6572 [ 33FC832430A67035AF985B98DB77DEF9 ] \Device\Harddisk0\DR0
    22:18:00.0461 6572 \Device\Harddisk0\DR0 - ok
    22:18:00.0462 6572 ================ Scan VBR ==================================
    22:18:00.0465 6572 [ 2FEB82B3A42E5476932B0D67585DFD49 ] \Device\Harddisk0\DR0\Partition1
    22:18:00.0469 6572 \Device\Harddisk0\DR0\Partition1 - ok
    22:18:00.0484 6572 [ F9F50A876598DDC86E2E5573E7E2E688 ] \Device\Harddisk0\DR0\Partition2
    22:18:00.0487 6572 \Device\Harddisk0\DR0\Partition2 - ok
    22:18:00.0513 6572 [ 4DCB12C6EA7A776D924BC5BECFCA9F71 ] \Device\Harddisk0\DR0\Partition3
    22:18:00.0524 6572 \Device\Harddisk0\DR0\Partition3 - ok
    22:18:00.0565 6572 [ DBA47EB2BBE554EDDD649EBB3863E592 ] \Device\Harddisk0\DR0\Partition4
    22:18:00.0566 6572 \Device\Harddisk0\DR0\Partition4 - ok
    22:18:00.0567 6572 ============================================================
    22:18:00.0567 6572 Scan finished
    22:18:00.0567 6572 ============================================================
    22:18:00.0577 3920 Detected object count: 0
    22:18:00.0577 3920 Actual detected object count: 0
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,202
    First Name:
    Derek
    ok try this

    Malwarebytes Anti-Rootkit Tool

    1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the update completes select Next.

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

    [​IMG]

    11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
    12. If no threats were found you will see the following image, Select Exit:

    [​IMG]

    13. Verify that your system is now running normally, making sure that the following items are functional:
    • Internet access
    • Windows Update
    • Windows Firewall
    14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

    [​IMG]

    15. The following Window will open, Select "Y" from your Keyboard, tap Enter.

    [​IMG]

    16. The fix will be applied, select any key to Exit.

    [​IMG]

    15. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    [​IMG]
     
  12. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    Malwarebytes Anti-Rootkit BETA 1.01.0.1022
    www.malwarebytes.org

    Database version: v2013.03.21.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16521
    Leslie Cliett :: LESLIECLIETT-HP [administrator]

    3/30/2013 8:12:43 AM
    mbar-log-2013-03-30 (08-12-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 32288
    Time elapsed: 12 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wscor (Trojan.Medfos) -> Data: "C:\Windows\System32\rundll32.exe" "C:\Users\NEW\AppData\Roaming\wscor.dll",set_expand -> Delete on reboot.

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\n.) Good: (fastprox.dll) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Hijack.Trojan.Siredef.C) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\n.) Good: (%systemroot%\system32\wbem\fastprox.dll) -> Delete on reboot.

    Folders Detected: 6
    c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\U (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\L (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\L (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe (Trojan.Siredef.C) -> Delete on reboot.

    Files Detected: 2
    c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\@ (Trojan.Siredef.C) -> Delete on reboot.
    c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\@ (Trojan.Siredef.C) -> Delete on reboot.

    (end)
     
  13. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    Malwarebytes Anti-Rootkit BETA 1.01.0.1022
    www.malwarebytes.org

    Database version: v2013.03.30.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16521
    Leslie Cliett :: LESLIECLIETT-HP [administrator]

    3/30/2013 8:49:37 AM
    mbar-log-2013-03-30 (08-49-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 32022
    Time elapsed: 11 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1022

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16521

    Java version: 1.6.0_43

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.400000 GHz
    Memory total: 4083007488, free: 1297088512

    ------------ Kernel report ------------
    03/30/2013 07:58:28
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ctxusbm.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\clwvd.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\psi_mf.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\System32\cdd.dll
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006f43060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004f0f050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006f43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006de7a70, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006f43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004f0f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a007aaf340, 0xfffffa8006f43060, 0xfffffa8004823670
    Lower DeviceData: 0xfffff8a00f77e340, 0xfffffa8004f0f050, 0xfffffa80048eecc0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1D505CB8

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 940427264

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 940836864 Numsec = 35723264

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128 Numsec = 210992

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "c:\ProgramData\AVG2013\chjw\a2e8cc08e8cbd925.dat" is sparse (flags = 32768)
    Read File: File "c:\ProgramData\AVG2013\chjw\ee2e10db2e109f21.dat" is sparse (flags = 32768)
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\@ --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\@ --> [Trojan.Siredef.C]
    Read File: File "c:\Users\Leslie Cliett\AppData\Local\Avg2013\log\avgual.2013-03-12.log" is compressed (flags = 1)
    Read File: File "c:\Users\NEW\AppData\Local\Avg2013\log\avgual.2013-03-20.log" is compressed (flags = 1)
    Read File: File "c:\Users\Leslie Cliett\AppData\Local\Avg2013\log\avgual.2013-03-12.log" is compressed (flags = 1)
    Read File: File "c:\Users\NEW\AppData\Local\Avg2013\log\avgual.2013-03-20.log" is compressed (flags = 1)
    Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wscor --> [Trojan.Medfos]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\U --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\L --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\L --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe --> [Trojan.Siredef.C]
    Infected: c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe --> [Trojan.Siredef.C]
    Infected: HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| --> [Trojan.0Access]
    Infected: HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| --> [Hijack.Trojan.Siredef.C]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1022

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16521

    Java version: 1.6.0_43

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.400000 GHz
    Memory total: 4083007488, free: 2228486144

    Removal queue found; removal started
    Removing c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\@...
    Removing c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\@...
    Removing c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U...
    Removing c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\U...
    Removing c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\L...
    Removing c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe\L...
    Removing c:\$RECYCLE.BIN\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe...
    Removing c:\$RECYCLE.BIN\S-1-5-21-2163887345-1273869074-3315108452-1003\$34abdb91f75e6e4d3541138e74b7a4fe...
    Removal finished
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1022

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16521

    Java version: 1.6.0_43

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.400000 GHz
    Memory total: 4083007488, free: 1739628544

    ------------ Kernel report ------------
    03/30/2013 08:37:17
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ctxusbm.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\clwvd.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\system32\DRIVERS\psi_mf.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006f44060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004f56050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.03.30.04
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006f44060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006f44b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006f44060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004f56050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a010339600, 0xfffffa8006f44060, 0xfffffa800a50b790
    Lower DeviceData: 0xfffff8a010dae980, 0xfffffa8004f56050, 0xfffffa800a2af090
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1D505CB8

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 940427264

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 940836864 Numsec = 35723264

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128 Numsec = 210992

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "c:\ProgramData\AVG2013\chjw\a2e8cc08e8cbd925.dat" is sparse (flags = 32768)
    Read File: File "c:\ProgramData\AVG2013\chjw\ee2e10db2e109f21.dat" is sparse (flags = 32768)
    Done!
    Scan finished
    =======================================
     
  15. mom4jdc

    mom4jdc Thread Starter

    Joined:
    Nov 7, 2009
    Messages:
    88
    So far I haven't had any hijacks...but it was very intermittent anyway. Maybe every 6th or 7th search that I made. IE seems to be working as normal. Windows firewall is on and no important updates in Windows update.

    I'll try to do some intensive surfing this evening to see if I can make it redirect.

    Thank you again for all of your help!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1094479

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice