1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Windows could not automatically detect this network's proxy settings."

Discussion in 'Networking' started by dcarson108, Jan 5, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. dcarson108

    dcarson108 Thread Starter

    Joined:
    Jan 5, 2013
    Messages:
    39
    I'm using my old laptop now. On my regular laptop, my internet icon has the yellow triangle and when I trouble shoot it, the message says "Windows could not automatically detect this network's proxy settings".

    Any idea what the problem? I googled it and none of the solutions seem to help. I think my computer is infected with malware right now. It is heating up quickly and I'm seeing ads in text in websites that don't do that (cbc, reddit, wikipedia). I had this issue a couple of months ago but Spybot seemed to fix the issue.

    Recently I noticed my computer was heating faster (and hotter) than usual so I ran a search again and it said no threats were found. Not too long after I start noticing the ads again so I know there is a problem. I have ran the search twice since then and still nothing. I was advised to use ccleaner, malwarebytes, and Super Anti-Spyware. It removed one other threat but the problem was still there. I then started using combofix, but I did not like the look of it so I stopped that scan. It seemed a little sketchy.


    As of this morning, I'm having the internet problem. My old laptop (the one I'm on now) and my girlfriend's laptop work fine. I connected it with the Ethernet cord and that didn't change anything.

    I have Windows 7. It's on a 2010 Samsung (I'm not very tech savvy so I'm not sure about all the other details). I primarily used Firefox, but I just switched to Googlechrome this week (well after the problems began).


    Anyone have some solutions? Should I post this in the virus section? Thanks a lot to anyone that can help.
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Use your spare computer to d/l the following and save to a USB, transfer and run on the sick one. Transfer logs and post in next reply....

    download Farbar Service Scanner and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    Also this one....

    Download and save DDS to your USB stick, transfer to Desktop of sick PC from either of the following links:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://compendiate.net/sUBs/dds/dds.scr

    Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your USB stick.

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created on your Desktop"

    The logs will be named dds.txt and attach.txt".

    Wait until the logs appear and then copy and paste their contents in your post.

    Transfer logs and post in next reply...

    Kevin
     
  3. dcarson108

    dcarson108 Thread Starter

    Joined:
    Jan 5, 2013
    Messages:
    39
    Thanks for the response.

    The internet is working on my computer now, but I'm pretty sure the virus is still around. So I'm assuming I just skip the transfer with the USB and move right to the next few steps? I unfortunely don't have time tonight, but I will post all that tomorrow. Again, thanks for the response. I appreciate any hep I can get.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    If the internet is now OK just run and post logs from DDS...(y)
     
  5. dcarson108

    dcarson108 Thread Starter

    Joined:
    Jan 5, 2013
    Messages:
    39
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.17153
    Run by Dannnn at 21:18:03 on 2013-01-07
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4029.1737 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\runservice.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\ProgramData\OptimizerPro1\OptimizerPro1.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\hkcmd.exe
    C:\Windows\system32\igfxtray.exe
    C:\Windows\system32\igfxpers.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
    uSearch Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
    uDefault_Page_URL = hxxp://samsung.msn.com
    mStart Page = hxxp://websearch.mocaflix.com/
    uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
    uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: SaveAs Class: {1696D05C-C6CC-B007-08CD-818A6174ED1E} - C:\ProgramData\SaveAs\509f2a99e4a83.ocx
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    BHO: SaveAs Class: {C3F654DF-AAC2-1193-6F47-C58D29820BCD} - C:\ProgramData\SaveAs\509f29e091586.ocx
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    TB: SMART Sync: {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
    mRun: [SMART Board Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"
    mRun: [SMART Ink] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe"
    mRun: [Response Desktop Menu] "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"
    mRun: [SMARTClassroomCoordinator.exe] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    TCP: NameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9} : DHCPNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9}\354555D275962756C6563737 : DHCPNameServer = 138.73.2.253 192.197.143.16 198.164.30.2
    TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9}\56C6563647279636 : DHCPNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{E917552B-B4F9-4B6D-BB82-EACBCDAF3A0F} : DHCPNameServer = 204.81.0.10 204.81.0.99
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    AppInit_DLLs= c:\progra~2\mocaflix\sprote~1.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    x64-BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q=
    FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B36405247-abbe-46bd-a5b2-eb7869a196fc%7D&mid=2a6c3a23be1c47d0aa7cd16d123da097-e7015f33aa7d2cccaf2bfc9911bbcc2ab3c5b0c5&ds=AVG&v=13.2.0.5&lang=en&pr=fr&d=2012-09-27%2009%3A18%3A53&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - ExtSQL: 2012-11-17 16:59; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
    FF - ExtSQL: 2012-11-17 16:59; {EE223D7A-F30F-11DD-8F0A-D2AD55D89593}; C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
    FF - ExtSQL: 2012-11-26 23:16; [email protected]; C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - c27331fe-7fb3-405b-ac64-b063e19ea68e
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
    .
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyTQ4yX7V&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 3e06039800000000000018f46a3f6714
    FF - user.js: extensions.incredibar_i.instlDay - 15655
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:27:45
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6OyTQ4yX7V
    FF - user.js: extensions.incredibar_i.upn2n - 92262431172737351
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10658
    FF - user.js: extensions.incredibar_i.ppd -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 30568]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-8-28 13824]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2012-4-17 2560]
    R2 Response Hardware;Response Hardware;C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-3-2 19312]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-16 1153368]
    R2 SMARTHelperService;SMART Helper Service;C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2012-3-21 580976]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-8-28 111616]
    R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2012-3-21 13168]
    R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2012-3-21 16368]
    R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2012-3-21 24944]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-8 401696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-15 61288]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2012-4-15 166704]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-04 20:24:02 -------- d-----w- C:\ComboFix
    2013-01-04 15:04:09 -------- d-----w- C:\Users\Dannnn\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-04 03:32:26 -------- d-----w- C:\Users\Dannnn\AppData\Roaming\Malwarebytes
    2013-01-04 03:31:38 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-04 03:31:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-04 03:31:26 -------- d-----w- C:\Users\Dannnn\AppData\Local\Programs
    2012-12-22 09:25:03 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-22 09:25:03 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-22 09:25:02 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-22 09:25:02 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-12 10:37:17 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-12 10:37:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-12 10:37:11 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-12 10:37:00 860672 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2012-12-12 10:37:00 696400 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2012-12-12 10:37:00 672832 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    .
    ==================== Find3M ====================
    .
    2013-01-06 12:51:53 857 --sha-w- C:\Windows\SysWow64\mmf.sys
    2012-12-12 21:22:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 21:22:18 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-12 12:18:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-12 11:51:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 02:22:31 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec
    2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2012-10-22 17:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 07:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    .
    ============= FINISH: 21:18:59.09 ===============







    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15/04/2012 9:03:26 PM
    System Uptime: 07/01/2013 9:13:12 AM (12 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV410/RV510/S3510/E3510
    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 181 GiB total, 125.263 GiB free.
    D: is FIXED (NTFS) - 269 GiB total, 250.664 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP73: 29/12/2012 10:34:01 AM - Scheduled Checkpoint
    RP74: 04/01/2013 4:24:31 PM - ComboFix created restore point
    RP75: 05/01/2013 12:46:07 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Agatha Christie - Death on the Nile
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Client Installation Program
    Audacity 2.0.2
    AVG 2013
    AVG Security Toolbar
    BatteryLifeExtender
    Bejeweled 2 Deluxe
    Bing Rewards Client Installer
    Bonjour
    Broadcom 802.11 Network Adapter
    Build-a-lot
    Chuzzle Deluxe
    CyberLink YouCam
    Diner Dash 2 Restaurant Rescue
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    ETDWare PS/2-X64 8.0.7.0_WHQL
    Farm Frenzy
    Google Drive
    Google Update Helper
    Insaniquarium Deluxe
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    iTunes
    John Deere Drive Green
    Junk Mail filter update
    Marvell Miniport Driver
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Optimizer Pro v3.0
    OptimizerPro1 Updater
    Peggle
    Penguins!
    Plants vs. Zombies
    Polar Golfer
    Realtek High Definition Audio Driver
    Samsung AnyWeb Print
    Samsung Recovery Solution 5
    Samsung Support Center
    Samsung Universal Print Driver
    Samsung Update Plus
    SaveAs
    Search Assistant MocaFlix 1.66
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype™ 5.10
    SMART Common Files
    SMART English (United Kingdom) Language Pack
    SMART Ink
    SMART Notebook
    SMART Product Drivers
    SMART Response Software
    SMART Sync Teacher
    sprotector 1.62
    Spybot - Search & Destroy
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User Guide
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Vuze
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Yontoo 1.10.03
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07/01/2013 8:29:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DANNN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{414029DD-4B3C-4920-83E1-004C64775EB9}. The master browser is stopping or an election is being forced.
    06/01/2013 8:51:55 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    06/01/2013 8:45:07 AM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
    06/01/2013 8:44:10 AM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.
    06/01/2013 8:43:40 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
    06/01/2013 8:40:36 AM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Afd. This service might not be installed.
    06/01/2013 8:40:36 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    06/01/2013 8:40:23 AM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    06/01/2013 8:40:23 AM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
    06/01/2013 8:38:23 AM, Error: Service Control Manager [7034] - The Response Hardware service terminated unexpectedly. It has done this 1 time(s).
    06/01/2013 8:38:00 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    06/01/2013 8:37:54 AM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    06/01/2013 8:37:53 AM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: Afd. This service might not be installed.
    06/01/2013 8:26:16 AM, Error: Service Control Manager [7001] - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
    04/01/2013 4:32:39 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    04/01/2013 4:27:13 PM, Error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
    04/01/2013 11:33:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    01/01/2013 1:19:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    01/01/2013 1:18:04 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    01/01/2013 1:17:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================


    And in case you want it, here's the gmer log:

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-07 21:35:06
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
    Running: b0v48qmf.exe; Driver: C:\Users\Dannnn\AppData\Local\Temp\axdirpog.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007738f9a0 5 bytes JMP 000000016cc09c40
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007738fa38 5 bytes JMP 000000016cc02730
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007738fbc8 5 bytes JMP 000000016cc09ba0
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007738fdec 5 bytes JMP 000000016cc09cd0
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077390154 5 bytes JMP 000000016cc027c0
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000773912cc 5 bytes JMP 000000016cc09e10
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\syswow64\kernel32.dll!InterlockedIncrement + 11 00000000757d13cb 7 bytes JMP 000000016cc09ad0
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 372 00000000757d22f6 7 bytes JMP 000000016cc099b0
    .text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW + 8 00000000757dca69 7 bytes JMP 000000016cc09890
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000757dd03c 5 bytes JMP 000000015d7f50b8
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075473e59 5 bytes JMP 000000015d821b8f
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075473eae 5 bytes JMP 000000015d82c68a
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075474731 5 bytes JMP 000000015d82fac2
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075475dee 5 bytes JMP 000000015d82ff84
    ? C:\Windows\system32\mssprxy.dll [644] entry point in ".rdata" section 0000000063e071e6
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007738f941 8 bytes {MOV EDX, 0x903e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007738f94b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007738f9bd 8 bytes {MOV EDX, 0x901a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007738f9c7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007738fad5 8 bytes {MOV EDX, 0x90168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007738fadf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007738fb85 8 bytes {MOV EDX, 0x90428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007738fb8f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007738fbb5 8 bytes {MOV EDX, 0x90368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007738fbbf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007738fbcd 8 bytes {MOV EDX, 0x90128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007738fbd7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007738fbe5 8 bytes {MOV EDX, 0x904e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007738fbef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007738fc15 8 bytes {MOV EDX, 0x90528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007738fc1f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007738fc95 8 bytes {MOV EDX, 0x904a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007738fc9f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007738fcad 8 bytes {MOV EDX, 0x90468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007738fcb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007738fcf9 8 bytes {MOV EDX, 0x90068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007738fd03 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007738fd5d 8 bytes {MOV EDX, 0x902e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007738fd67 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007738fdf1 8 bytes {MOV EDX, 0x900a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007738fdfb 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007738ff39 8 bytes {MOV EDX, 0x902a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007738ff43 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077390049 8 bytes {MOV EDX, 0x90028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077390053 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077390731 8 bytes {MOV EDX, 0x90268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007739073b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077390fad 8 bytes {MOV EDX, 0x901e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077390fb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007739100d 8 bytes {MOV EDX, 0x90228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077391017 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077391055 8 bytes {MOV EDX, 0x903a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 000000007739105f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773910cd 8 bytes {MOV EDX, 0x90328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000773910d7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773912d1 8 bytes {MOV EDX, 0x900e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000773912db 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000757d102d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000757d1062 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007561119f 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000756111cf 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076af4df0 5 bytes JMP 00000001000b03b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076af4eb0 5 bytes JMP 00000001000b05f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000076af50eb 5 bytes JMP 00000001000b08f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000076af5176 5 bytes JMP 00000001000b0a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076af5689 5 bytes JMP 00000001000b01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076af5876 5 bytes JMP 00000001000b0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076af6abf 5 bytes JMP 00000001000b0370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076af6e3b 5 bytes JMP 00000001000b0570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076af6ee3 5 bytes JMP 00000001000b0530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076af6fb9 5 bytes JMP 00000001000b06b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076af726e 5 bytes JMP 00000001000b0770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076af7a94 5 bytes JMP 00000001000b03f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076af7ca5 5 bytes JMP 00000001000b0d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000076af7e47 5 bytes JMP 00000001000b0e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076af8080 5 bytes JMP 00000001000b09f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076af834a 5 bytes JMP 00000001000b0970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076af86b6 5 bytes JMP 00000001000b0470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000076af89e9 5 bytes JMP 00000001000b02f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076af8c0d 5 bytes JMP 00000001000b05b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076af95f4 5 bytes JMP 00000001000b00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000076af988e 5 bytes JMP 00000001000b0330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076afac0a 5 bytes JMP 00000001000b0d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076afaf37 5 bytes JMP 00000001000b0c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000076afb7c5 5 bytes JMP 00000001000b09b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!LineTo 0000000076afbba5 5 bytes JMP 00000001000b0430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000076afbf60 5 bytes JMP 00000001000b0db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000076afc208 5 bytes JMP 00000001000b0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000076afc4db 5 bytes JMP 00000001000b0670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000076afc6f6 5 bytes JMP 00000001000b06f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000076afcfb9 5 bytes JMP 00000001000b0df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000076afd0d5 5 bytes JMP 00000001000b0630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000076afd8bf 5 bytes JMP 00000001000b0930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076afe45d 5 bytes JMP 00000001000b00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000076affd24 5 bytes JMP 00000001000b02b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!Escape 0000000076b013bd 5 bytes JMP 00000001000b0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000076b018d0 5 bytes JMP 00000001000b0cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076b04bd0 5 bytes JMP 00000001000b0b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000076b04d07 5 bytes JMP 00000001000b0b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076b06665 5 bytes JMP 00000001000b0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000076b0e135 5 bytes JMP 00000001000b0ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000076b193cd 5 bytes JMP 00000001000b0cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 0000000076b1c5d9 5 bytes JMP 00000001000b0bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000076b1d26a 5 bytes JMP 00000001000b0bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 0000000076b1d8d1 5 bytes JMP 00000001000b0c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076b23acc 5 bytes JMP 00000001000b0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076b23f19 5 bytes JMP 00000001000b01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!StartPage 0000000076b2400a 5 bytes JMP 00000001000b0730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076b24c41 5 bytes JMP 00000001000b07f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000076b253ed 5 bytes JMP 00000001000b0830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076b25444 5 bytes JMP 00000001000b0af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000076b2549f 5 bytes JMP 00000001000b0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076b254f6 5 bytes JMP 00000001000b0a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!StrokePath 0000000076b2572f 5 bytes JMP 00000001000b07b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!FillPath 0000000076b257c2 5 bytes JMP 00000001000b0870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076b25c34 5 bytes JMP 00000001000b04f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076b25cc5 5 bytes JMP 00000001000b04b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076b25d77 5 bytes JMP 00000001000b08b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000758f819d 5 bytes JMP 00000001000c0570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000758fc55d 5 bytes JMP 00000001000c02b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000759005ff 5 bytes JMP 00000001000c02f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000759008e5 7 bytes JMP 00000001000c05b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetParent 0000000075900b0e 7 bytes JMP 00000001000c06f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075900cd5 7 bytes JMP 00000001000c06b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075900f14 5 bytes JMP 00000001000c05f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000759027db 7 bytes JMP 00000001000c0630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007590361b 7 bytes JMP 00000001000c0670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075904076 5 bytes JMP 00000001000c0530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000075907a54 7 bytes JMP 00000001000c0730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000759087c9 5 bytes JMP 00000001000c00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000759087e9 5 bytes JMP 00000001000c0330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000759091f4 5 bytes JMP 00000001000c00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000075909232 5 bytes JMP 00000001000c0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000075909485 5 bytes JMP 00000001000c04f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007590b779 5 bytes JMP 00000001000c01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007590b798 5 bytes JMP 00000001000c03f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007590b7b6 5 bytes JMP 00000001000c01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007590b7e6 5 bytes JMP 00000001000c04b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007590cee9 5 bytes JMP 00000001000c0370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000075910880 5 bytes JMP 00000001000c0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007591ec67 5 bytes JMP 00000001000c0430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 000000007591f66f 5 bytes JMP 00000001000c0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075938de7 5 bytes JMP 00000001000c0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075939c8d 5 bytes JMP 00000001000c0770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075939f3b 5 bytes JMP 00000001000c0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075957e49 5 bytes JMP 00000001000c0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000759582a1 5 bytes JMP 00000001000c0470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000759584bf 5 bytes JMP 00000001000c03b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074ee9556 5 bytes JMP 00000001000d00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074ef04d3 5 bytes JMP 00000001000d0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074ef0b0b 5 bytes JMP 00000001000d0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074ef0b80 5 bytes JMP 00000001000d01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074ef0e80 5 bytes JMP 00000001000d0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074ef0fe8 5 bytes JMP 00000001000d00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074ef11a0 5 bytes JMP 00000001000d01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074ef11ef 5 bytes JMP 00000001000d0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074ef1479 5 bytes JMP 00000001000d0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074ef14e2 5 bytes JMP 00000001000d0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000756af2fe 5 bytes JMP 00000001000e0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000756b2489 5 bytes JMP 00000001000e0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000756df825 5 bytes JMP 00000001000e00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007738f9a0 5 bytes JMP 000000016cc09c40
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007738fa38 5 bytes JMP 000000016cc02730
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007738fbc8 5 bytes JMP 000000016cc09ba0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007738fdec 5 bytes JMP 000000016cc09cd0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077390154 5 bytes JMP 000000016cc027c0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000773912cc 5 bytes JMP 000000016cc09e10
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\kernel32.dll!InterlockedIncrement + 11 00000000757d13cb 7 bytes JMP 000000016cc09ad0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 372 00000000757d22f6 7 bytes JMP 000000016cc099b0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW + 8 00000000757dca69 7 bytes JMP 000000016cc09890
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758f8b9a 5 bytes JMP 00000001657f8177
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075912a3e 5 bytes JMP 00000001659220e0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075912a62 5 bytes JMP 0000000165714b97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007593cc1a 5 bytes JMP 000000016592207d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007593cf72 5 bytes JMP 0000000165922143
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007594fd61 5 bytes JMP 0000000165922012
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007594fe2d 5 bytes JMP 0000000165921fa7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007594fe66 5 bytes JMP 0000000165921f45
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007594fe8a 5 bytes JMP 0000000165921ee3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000754d9404 5 bytes JMP 0000000165922c49
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 000000006f737c30 5 bytes JMP 0000000165923606
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 000000006f7d7bb2 5 bytes JMP 00000001659236a7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074f49a4c 5 bytes JMP 0000000165922d7b
    ? C:\Windows\system32\mssprxy.dll [728] entry point in ".rdata" section 0000000063e071e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758f8b9a 5 bytes JMP 00000001657f8177
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075902902 5 bytes JMP 000000016574d79a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075903f54 5 bytes JMP 000000016574c523
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075904858 5 bytes JMP 000000016570d6d9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000759095fa 5 bytes JMP 0000000165922d44
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007590b1dd 5 bytes JMP 0000000165922d0d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!EndDialog 000000007590c184 5 bytes JMP 0000000165715ad9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759106b3 5 bytes JMP 00000001657a464b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075910a8f 5 bytes JMP 000000016574c5a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075912174 5 bytes JMP 0000000165714274
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075912a3e 5 bytes JMP 00000001659220e0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075912a62 5 bytes JMP 0000000165714b97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075917051 5 bytes JMP 0000000165922577
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 000000007591711b 5 bytes JMP 0000000165922cd6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CallNextHookEx 000000007591f006 5 bytes JMP 00000001657e9d5c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075920efc 5 bytes JMP 00000001658083a2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SendInput 000000007592195e 3 bytes JMP 00000001659234a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000075921962 1 byte [F0]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000759224db 3 bytes JMP 00000001659228dc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SetKeyboardState + 4 00000000759224df 1 byte [F0]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075939c8d 5 bytes JMP 00000001659234f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007593cc1a 5 bytes JMP 000000016592207d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007593cf72 5 bytes JMP 0000000165922143
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007594fd61 5 bytes JMP 0000000165922012
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007594fe2d 5 bytes JMP 0000000165921fa7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007594fe66 5 bytes JMP 0000000165921f45
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007594fe8a 5 bytes JMP 0000000165921ee3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!keybd_event 000000007595044f 5 bytes JMP 000000016592382b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075655bf6 5 bytes JMP 0000000165922433
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000756a590c 5 bytes JMP 00000001657f8c65
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075473e59 5 bytes JMP 000000016592249b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075473eae 5 bytes JMP 0000000165923015
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075474731 5 bytes JMP 0000000165922f7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075475dee 5 bytes JMP 0000000165922fc6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000754d9404 5 bytes JMP 0000000165922c49
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 000000006f737c30 5 bytes JMP 0000000165923606
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 000000006f7d7bb2 5 bytes JMP 00000001659236a7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074f49a4c 5 bytes JMP 0000000165922d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000074f540fc 5 bytes JMP 0000000165922e15
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef648741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef6485f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef6485674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef6485e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef6487f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef6486a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef6486ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef6487b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef6487ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef64878b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef6484fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef6485d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef6487584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\System32\spoolsv.exe [1556:1408] 000007fef91e10c8
    Thread C:\Windows\System32\spoolsv.exe [1556:1396] 000007fef6db6144
    Thread C:\Windows\System32\spoolsv.exe [1556:1400] 000007fef6d65fd0
    Thread C:\Windows\System32\spoolsv.exe [1556:1404] 000007fef6d53438
    Thread C:\Windows\System32\spoolsv.exe [1556:1204] 000007fef6d663ec
    Thread C:\Windows\System32\spoolsv.exe [1556:2236] 000007fef9215e5c
    Thread C:\Windows\System32\spoolsv.exe [1556:2300] 000007fef6ec484c
    Thread C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [1804:2376] 000000006f8c7620
    Thread C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [1804:2380] 000000006f8d9100
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1328:3020] 000007fefaac2a88
    Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3696:3792] 000007fefaac2a88
    Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3696:3956] 000007fefac76204
    Thread C:\Program Files (x86)\AVG\AVG2013\avgui.exe [684:1420] 000000006f4c32fb
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232:3756] 000000007247c724
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232:3896] 000000007247c724
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232:3392] 000000007247c724
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232:2296] 000000007247c724
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:688] 0000000066ea91c4
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:5084] 00000000743f879c
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:4496] 0000000072cac59c
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:4700] 0000000072cac59c
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:4732] 0000000072cac59c
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:4668] 0000000072cac59c
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [3356:4180] 000000006cc28c80
    Thread C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [3356:4184] 000000006cc2fce0
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332:3272] 00000000735229e1
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332:4200] 00000000735229e1
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332:4204] 00000000735229e1
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332:4208] 000000006a54a2c0
    Thread C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [4916:4152] 000000006d177861
    Thread C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [4916:4932] 000000006dc22f69
    Thread C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [4916:3804] 0000000073352733
    Thread C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [5676:5684] 000000006d177861
    Thread C:\Windows\system32\svchost.exe [6000:2860] 000007fef6d65fd0
    Thread C:\Windows\system32\svchost.exe [6000:4084] 000007fef6d53438
    Thread C:\Windows\system32\svchost.exe [6000:4908] 000007fef6d663ec
    Thread C:\Windows\system32\DllHost.exe [3380:3040] 0000000063c0e320
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6796] 000000006cc28c80
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5324] 000000006cc2fce0
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:3924] 00000000616dfee5
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5440] 00000000616d8f6c
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6152] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5152] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:1784] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5448] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5436] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6664] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:2612] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6512] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6780] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6060] 00000000773c2e3e
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6528] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6884] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5236] 000000006dc22f69
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:1136] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6540] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6292] 00000000773c3e59
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5792] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5424] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5432] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6184] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6668] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:2588] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6812] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5524] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5192] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:2704] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:1592] 0000000073352733
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7016] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:2064] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:3420] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6088] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7988] 00000000755b45e9
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7908] 0000000072ff6f14
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7440] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6548] 00000000773c3e59
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6240] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7260] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7244] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:1176] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7580] 000000006654c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7364] 00000000773c3e59
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7656] 0000000076c2939b
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7608] 000000006f4c32fb
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5484:4472] 00000000616d8f6c
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5484:2576] 000000006dc22f69
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5484:7272] 00000000773c3e59
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:3568] 00000000616d8f6c
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:6368] 0000000057fbea20
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:6716] 0000000057fbea20
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:7064] 00000000773c2e3e
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:6920] 00000000773c3e59
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:1216] 0000000057fbea20
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:2000] 0000000057fbea20
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:4620] 000000006dc22f69
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:7024] 00000000773c3e59
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\system32\csrss.exe [676] 000007fefc3e0000
    Library ? (*** suspicious ***) @ C:\Windows\SYSTEM32\WISPTIS.EXE [1276] 000007fefbd70000
    Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1556] 000007fefa180000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1668] 00000000751f0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1728] 00000000768c0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [1804] 0000000072d10000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [1916] 0000000072360000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2040] 000000006fe30000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2196] 000007fefbb90000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgemca.exe [2208] 000007fefdc70000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2240] 000000006f380000
    Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [888] 000007fefc480000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [1328] 000007fef4430000
    Library ? (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3696] 000007fefc810000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [3784] 0000000076dd0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe [3916] 000000006e290000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgui.exe [684] 000000006a7e0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232] 0000000073350000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [3216] 0000000070930000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384] 0000000073980000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [3356] 000000006b7f0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [3592] 000000006aa60000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332] 00000000733e0000
    Library ? (*** suspicious ***) @ C:\Program Files\iPod\bin\iPodService.exe [4252] 000007fefa6e0000
    Library ? (*** suspicious ***) @ C:\Windows\system32\taskeng.exe [4868] 000007fefc3d0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe [2868] 0000000066730000
    Library ? (*** suspicious ***) @ C:\Windows\system32\wuauclt.exe [5536] 000007fefb120000
    Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [6000] 000007fefddb0000
    Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4804] 000007fefdff0000
    Library ? (*** suspicious ***) @ C:\Windows\system32\DllHost.exe [3380] 000007fefc3d0000

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.0 ----
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run the following and post both logs:

    Step 1

    Please download the latest version of TDSSKiller from Here and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


      [​IMG]

    • Put a checkmark beside loaded modules.


      [​IMG]

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.


      [​IMG]

    • Click the Start Scan button.


      [​IMG]

    • The scan will be quick.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.


      [​IMG]

    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Step 2

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post logs in next reply..

    Kevin
     
  7. dcarson108

    dcarson108 Thread Starter

    Joined:
    Jan 5, 2013
    Messages:
    39
    06:46:17.0435 6856 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    06:46:17.0947 6856 ============================================================
    06:46:17.0947 6856 Current date / time: 2013/01/08 06:46:17.0947
    06:46:17.0947 6856 SystemInfo:
    06:46:17.0947 6856
    06:46:17.0947 6856 OS Version: 6.1.7600 ServicePack: 0.0
    06:46:17.0947 6856 Product type: Workstation
    06:46:17.0947 6856 ComputerName: DANNNN-PC
    06:46:17.0948 6856 UserName: Dannnn
    06:46:17.0948 6856 Windows directory: C:\Windows
    06:46:17.0948 6856 System windows directory: C:\Windows
    06:46:17.0948 6856 Running under WOW64
    06:46:17.0948 6856 Processor architecture: Intel x64
    06:46:17.0948 6856 Number of processors: 2
    06:46:17.0949 6856 Page size: 0x1000
    06:46:17.0949 6856 Boot type: Normal boot
    06:46:17.0949 6856 ============================================================
    06:46:18.0407 6856 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    06:46:18.0412 6856 ============================================================
    06:46:18.0412 6856 \Device\Harddisk0\DR0:
    06:46:18.0415 6856 MBR partitions:
    06:46:18.0415 6856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    06:46:18.0415 6856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16A00000
    06:46:18.0439 6856 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16A33000, BlocksNum 0x21A52000
    06:46:18.0439 6856 ============================================================
    06:46:18.0467 6856 C: <-> \Device\Harddisk0\DR0\Partition2
    06:46:18.0502 6856 D: <-> \Device\Harddisk0\DR0\Partition3
    06:46:18.0502 6856 ============================================================
    06:46:18.0502 6856 Initialize success
    06:46:18.0502 6856 ============================================================
    06:46:19.0353 7240 ============================================================
    06:46:19.0354 7240 Scan started
    06:46:19.0354 7240 Mode: Manual;
    06:46:19.0354 7240 ============================================================
    06:46:21.0082 7240 ================ Scan system memory ========================
    06:46:21.0082 7240 System memory - ok
    06:46:21.0084 7240 ================ Scan services =============================
    06:46:21.0393 7240 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    06:46:21.0449 7240 1394ohci - ok
    06:46:21.0489 7240 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    06:46:21.0494 7240 ACPI - ok
    06:46:21.0534 7240 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    06:46:21.0547 7240 AcpiPmi - ok
    06:46:21.0671 7240 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    06:46:21.0674 7240 AdobeARMservice - ok
    06:46:21.0807 7240 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    06:46:21.0811 7240 AdobeFlashPlayerUpdateSvc - ok
    06:46:21.0855 7240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    06:46:21.0865 7240 adp94xx - ok
    06:46:21.0911 7240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    06:46:21.0922 7240 adpahci - ok
    06:46:21.0958 7240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    06:46:21.0962 7240 adpu320 - ok
    06:46:22.0009 7240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    06:46:22.0011 7240 AeLookupSvc - ok
    06:46:22.0063 7240 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    06:46:22.0070 7240 AFD - ok
    06:46:22.0249 7240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    06:46:22.0253 7240 agp440 - ok
    06:46:22.0286 7240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    06:46:22.0290 7240 ALG - ok
    06:46:22.0334 7240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    06:46:22.0337 7240 aliide - ok
    06:46:22.0359 7240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    06:46:22.0362 7240 amdide - ok
    06:46:22.0395 7240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    06:46:22.0399 7240 AmdK8 - ok
    06:46:22.0411 7240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    06:46:22.0416 7240 AmdPPM - ok
    06:46:22.0469 7240 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    06:46:22.0474 7240 amdsata - ok
    06:46:22.0507 7240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    06:46:22.0519 7240 amdsbs - ok
    06:46:22.0559 7240 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    06:46:22.0561 7240 amdxata - ok
    06:46:22.0595 7240 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    06:46:22.0601 7240 AppID - ok
    06:46:22.0644 7240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    06:46:22.0647 7240 AppIDSvc - ok
    06:46:22.0685 7240 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    06:46:22.0687 7240 Appinfo - ok
    06:46:22.0786 7240 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    06:46:22.0788 7240 Apple Mobile Device - ok
    06:46:22.0831 7240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    06:46:22.0835 7240 arc - ok
    06:46:22.0854 7240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    06:46:22.0867 7240 arcsas - ok
    06:46:22.0920 7240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    06:46:22.0922 7240 AsyncMac - ok
    06:46:22.0956 7240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    06:46:22.0957 7240 atapi - ok
    06:46:23.0022 7240 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\Windows\system32\DRIVERS\athrx.sys
    06:46:23.0082 7240 athr - ok
    06:46:23.0146 7240 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    06:46:23.0155 7240 AudioEndpointBuilder - ok
    06:46:23.0171 7240 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    06:46:23.0181 7240 AudioSrv - ok
    06:46:23.0367 7240 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    06:46:23.0483 7240 AVGIDSAgent - ok
    06:46:23.0539 7240 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    06:46:23.0541 7240 AVGIDSDriver - ok
    06:46:23.0625 7240 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    06:46:23.0626 7240 AVGIDSHA - ok
    06:46:23.0665 7240 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    06:46:23.0668 7240 Avgldx64 - ok
    06:46:23.0720 7240 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    06:46:23.0725 7240 Avgloga - ok
    06:46:23.0760 7240 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    06:46:23.0762 7240 Avgmfx64 - ok
    06:46:23.0814 7240 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    06:46:23.0816 7240 Avgrkx64 - ok
    06:46:23.0853 7240 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    06:46:23.0856 7240 Avgtdia - ok
    06:46:23.0909 7240 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    06:46:23.0911 7240 avgtp - ok
    06:46:23.0959 7240 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    06:46:23.0962 7240 avgwd - ok
    06:46:24.0014 7240 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    06:46:24.0024 7240 AxInstSV - ok
    06:46:24.0074 7240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    06:46:24.0082 7240 b06bdrv - ok
    06:46:24.0117 7240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    06:46:24.0122 7240 b57nd60a - ok
    06:46:24.0169 7240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    06:46:24.0172 7240 BDESVC - ok
    06:46:24.0202 7240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    06:46:24.0206 7240 Beep - ok
    06:46:24.0268 7240 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    06:46:24.0277 7240 BFE - ok
    06:46:24.0365 7240 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
    06:46:24.0380 7240 BITS - ok
    06:46:24.0424 7240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    06:46:24.0426 7240 blbdrive - ok
    06:46:24.0521 7240 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    06:46:24.0528 7240 Bonjour Service - ok
    06:46:24.0573 7240 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    06:46:24.0575 7240 bowser - ok
    06:46:24.0592 7240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    06:46:24.0594 7240 BrFiltLo - ok
    06:46:24.0608 7240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    06:46:24.0620 7240 BrFiltUp - ok
    06:46:24.0664 7240 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    06:46:24.0667 7240 Browser - ok
    06:46:24.0703 7240 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    06:46:24.0709 7240 Brserid - ok
    06:46:24.0719 7240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    06:46:24.0723 7240 BrSerWdm - ok
    06:46:24.0733 7240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    06:46:24.0738 7240 BrUsbMdm - ok
    06:46:24.0749 7240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    06:46:24.0765 7240 BrUsbSer - ok
    06:46:24.0781 7240 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    06:46:24.0783 7240 BTHMODEM - ok
    06:46:24.0835 7240 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    06:46:24.0838 7240 bthserv - ok
    06:46:24.0861 7240 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    06:46:24.0867 7240 cdfs - ok
    06:46:24.0903 7240 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    06:46:24.0906 7240 cdrom - ok
    06:46:24.0957 7240 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    06:46:24.0961 7240 CertPropSvc - ok
    06:46:25.0000 7240 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    06:46:25.0004 7240 circlass - ok
    06:46:25.0056 7240 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    06:46:25.0062 7240 CLFS - ok
    06:46:25.0150 7240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    06:46:25.0153 7240 clr_optimization_v2.0.50727_32 - ok
    06:46:25.0218 7240 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    06:46:25.0220 7240 clr_optimization_v2.0.50727_64 - ok
    06:46:25.0308 7240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    06:46:25.0311 7240 clr_optimization_v4.0.30319_32 - ok
    06:46:25.0402 7240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    06:46:25.0405 7240 clr_optimization_v4.0.30319_64 - ok
    06:46:25.0439 7240 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    06:46:25.0441 7240 CmBatt - ok
    06:46:25.0464 7240 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    06:46:25.0485 7240 cmdide - ok
    06:46:25.0539 7240 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    06:46:25.0545 7240 CNG - ok
    06:46:25.0611 7240 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    06:46:25.0613 7240 Compbatt - ok
    06:46:25.0640 7240 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    06:46:25.0642 7240 CompositeBus - ok
    06:46:25.0661 7240 COMSysApp - ok
    06:46:25.0695 7240 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    06:46:25.0700 7240 crcdisk - ok
    06:46:25.0742 7240 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
    06:46:25.0745 7240 CryptSvc - ok
    06:46:25.0799 7240 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    06:46:25.0808 7240 DcomLaunch - ok
    06:46:25.0861 7240 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    06:46:25.0866 7240 defragsvc - ok
    06:46:25.0914 7240 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    06:46:25.0916 7240 DfsC - ok
    06:46:25.0941 7240 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    06:46:25.0946 7240 Dhcp - ok
    06:46:25.0998 7240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    06:46:25.0999 7240 discache - ok
    06:46:26.0029 7240 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    06:46:26.0031 7240 Disk - ok
    06:46:26.0087 7240 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    06:46:26.0091 7240 Dnscache - ok
    06:46:26.0143 7240 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    06:46:26.0148 7240 dot3svc - ok
    06:46:26.0166 7240 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    06:46:26.0169 7240 DPS - ok
    06:46:26.0205 7240 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    06:46:26.0209 7240 drmkaud - ok
    06:46:26.0252 7240 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    06:46:26.0269 7240 DXGKrnl - ok
    06:46:26.0309 7240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    06:46:26.0312 7240 EapHost - ok
    06:46:26.0411 7240 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    06:46:26.0510 7240 ebdrv - ok
    06:46:26.0651 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    06:46:26.0656 7240 EFS - ok
    06:46:26.0763 7240 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    06:46:26.0773 7240 ehRecvr - ok
    06:46:26.0813 7240 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    06:46:26.0816 7240 ehSched - ok
    06:46:26.0913 7240 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    06:46:26.0936 7240 elxstor - ok
    06:46:26.0992 7240 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    06:46:26.0995 7240 ErrDev - ok
    06:46:27.0088 7240 [ B73181411523D264AD7BEC35B84716AB ] ETD C:\Windows\system32\DRIVERS\ETD.sys
    06:46:27.0094 7240 ETD - ok
    06:46:27.0151 7240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    06:46:27.0158 7240 EventSystem - ok
    06:46:27.0206 7240 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    06:46:27.0211 7240 exfat - ok
    06:46:27.0250 7240 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    06:46:27.0256 7240 fastfat - ok
    06:46:27.0298 7240 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    06:46:27.0308 7240 Fax - ok
    06:46:27.0321 7240 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    06:46:27.0327 7240 fdc - ok
    06:46:27.0373 7240 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    06:46:27.0375 7240 fdPHost - ok
    06:46:27.0393 7240 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    06:46:27.0395 7240 FDResPub - ok
    06:46:27.0423 7240 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    06:46:27.0426 7240 FileInfo - ok
    06:46:27.0445 7240 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    06:46:27.0446 7240 Filetrace - ok
    06:46:27.0530 7240 [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    06:46:27.0560 7240 FLEXnet Licensing Service - ok
    06:46:27.0573 7240 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    06:46:27.0575 7240 flpydisk - ok
    06:46:27.0620 7240 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    06:46:27.0625 7240 FltMgr - ok
    06:46:27.0693 7240 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    06:46:27.0728 7240 FontCache - ok
    06:46:27.0789 7240 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    06:46:27.0790 7240 FontCache3.0.0.0 - ok
    06:46:27.0813 7240 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    06:46:27.0815 7240 FsDepends - ok
    06:46:27.0874 7240 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    06:46:27.0895 7240 fssfltr - ok
    06:46:27.0983 7240 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    06:46:27.0994 7240 fsssvc - ok
    06:46:28.0029 7240 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    06:46:28.0032 7240 Fs_Rec - ok
    06:46:28.0092 7240 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    06:46:28.0096 7240 fvevol - ok
    06:46:28.0131 7240 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    06:46:28.0133 7240 gagp30kx - ok
    06:46:28.0189 7240 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
    06:46:28.0193 7240 GameConsoleService - ok
    06:46:28.0229 7240 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    06:46:28.0231 7240 GEARAspiWDM - ok
    06:46:28.0277 7240 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    06:46:28.0305 7240 gpsvc - ok
    06:46:28.0404 7240 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    06:46:28.0410 7240 gupdate - ok
    06:46:28.0443 7240 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    06:46:28.0445 7240 gupdatem - ok
    06:46:28.0505 7240 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    06:46:28.0511 7240 hcw85cir - ok
    06:46:28.0548 7240 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    06:46:28.0558 7240 HdAudAddService - ok
    06:46:28.0594 7240 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    06:46:28.0597 7240 HDAudBus - ok
    06:46:28.0615 7240 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    06:46:28.0623 7240 HidBatt - ok
    06:46:28.0667 7240 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    06:46:28.0671 7240 HidBth - ok
    06:46:28.0685 7240 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    06:46:28.0688 7240 HidIr - ok
    06:46:28.0736 7240 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    06:46:28.0741 7240 hidserv - ok
    06:46:28.0798 7240 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    06:46:28.0801 7240 HidUsb - ok
    06:46:28.0855 7240 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    06:46:28.0860 7240 hkmsvc - ok
    06:46:28.0904 7240 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    06:46:28.0911 7240 HomeGroupListener - ok
    06:46:28.0962 7240 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    06:46:28.0967 7240 HomeGroupProvider - ok
    06:46:28.0991 7240 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    06:46:28.0996 7240 HpSAMD - ok
    06:46:29.0044 7240 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    06:46:29.0063 7240 HTTP - ok
    06:46:29.0107 7240 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    06:46:29.0108 7240 hwpolicy - ok
    06:46:29.0138 7240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    06:46:29.0141 7240 i8042prt - ok
    06:46:29.0217 7240 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    06:46:29.0221 7240 iaStor - ok
    06:46:29.0267 7240 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    06:46:29.0279 7240 iaStorV - ok
    06:46:29.0341 7240 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    06:46:29.0355 7240 idsvc - ok
    06:46:29.0567 7240 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    06:46:29.0726 7240 igfx - ok
    06:46:29.0760 7240 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    06:46:29.0763 7240 iirsp - ok
    06:46:29.0803 7240 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    06:46:29.0818 7240 IKEEXT - ok
    06:46:29.0927 7240 [ BBDA43F02A2C642A2DF191FA8C0B0052 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    06:46:29.0998 7240 IntcAzAudAddService - ok
    06:46:30.0026 7240 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    06:46:30.0029 7240 intelide - ok
    06:46:30.0066 7240 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    06:46:30.0068 7240 intelppm - ok
    06:46:30.0135 7240 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    06:46:30.0145 7240 IPBusEnum - ok
    06:46:30.0180 7240 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    06:46:30.0182 7240 IpFilterDriver - ok
    06:46:30.0216 7240 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    06:46:30.0224 7240 iphlpsvc - ok
    06:46:30.0290 7240 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    06:46:30.0294 7240 IPMIDRV - ok
    06:46:30.0320 7240 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    06:46:30.0328 7240 IPNAT - ok
    06:46:30.0466 7240 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    06:46:30.0496 7240 iPod Service - ok
    06:46:30.0539 7240 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    06:46:30.0540 7240 IRENUM - ok
    06:46:30.0561 7240 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    06:46:30.0567 7240 isapnp - ok
    06:46:30.0596 7240 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    06:46:30.0608 7240 iScsiPrt - ok
    06:46:30.0646 7240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    06:46:30.0648 7240 kbdclass - ok
    06:46:30.0673 7240 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    06:46:30.0675 7240 kbdhid - ok
    06:46:30.0701 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    06:46:30.0703 7240 KeyIso - ok
    06:46:30.0737 7240 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    06:46:30.0739 7240 KSecDD - ok
    06:46:30.0755 7240 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    06:46:30.0759 7240 KSecPkg - ok
    06:46:30.0795 7240 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    06:46:30.0796 7240 ksthunk - ok
    06:46:30.0835 7240 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    06:46:30.0845 7240 KtmRm - ok
    06:46:30.0921 7240 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
    06:46:30.0927 7240 LanmanServer - ok
    06:46:30.0973 7240 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    06:46:30.0978 7240 LanmanWorkstation - ok
    06:46:31.0069 7240 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
    06:46:31.0070 7240 LicCtrlService - ok
    06:46:31.0122 7240 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    06:46:31.0124 7240 lltdio - ok
    06:46:31.0166 7240 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    06:46:31.0172 7240 lltdsvc - ok
    06:46:31.0197 7240 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    06:46:31.0199 7240 lmhosts - ok
    06:46:31.0251 7240 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    06:46:31.0254 7240 LSI_FC - ok
    06:46:31.0271 7240 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    06:46:31.0277 7240 LSI_SAS - ok
    06:46:31.0302 7240 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    06:46:31.0305 7240 LSI_SAS2 - ok
    06:46:31.0323 7240 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    06:46:31.0327 7240 LSI_SCSI - ok
    06:46:31.0348 7240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    06:46:31.0351 7240 luafv - ok
    06:46:31.0382 7240 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    06:46:31.0389 7240 Mcx2Svc - ok
    06:46:31.0413 7240 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    06:46:31.0416 7240 megasas - ok
    06:46:31.0448 7240 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    06:46:31.0454 7240 MegaSR - ok
    06:46:31.0558 7240 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    06:46:31.0561 7240 Microsoft Office Groove Audit Service - ok
    06:46:31.0622 7240 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    06:46:31.0629 7240 MMCSS - ok
    06:46:31.0659 7240 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    06:46:31.0666 7240 Modem - ok
    06:46:31.0718 7240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    06:46:31.0720 7240 monitor - ok
    06:46:31.0760 7240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    06:46:31.0762 7240 mouclass - ok
    06:46:31.0786 7240 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    06:46:31.0788 7240 mouhid - ok
    06:46:31.0813 7240 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    06:46:31.0815 7240 mountmgr - ok
    06:46:31.0926 7240 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    06:46:31.0931 7240 MozillaMaintenance - ok
    06:46:31.0984 7240 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    06:46:31.0993 7240 mpio - ok
    06:46:32.0028 7240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    06:46:32.0031 7240 mpsdrv - ok
    06:46:32.0075 7240 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    06:46:32.0089 7240 MpsSvc - ok
    06:46:32.0120 7240 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    06:46:32.0123 7240 MRxDAV - ok
    06:46:32.0168 7240 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    06:46:32.0171 7240 mrxsmb - ok
    06:46:32.0193 7240 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    06:46:32.0198 7240 mrxsmb10 - ok
    06:46:32.0219 7240 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    06:46:32.0222 7240 mrxsmb20 - ok
    06:46:32.0250 7240 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    06:46:32.0252 7240 msahci - ok
    06:46:32.0273 7240 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    06:46:32.0278 7240 msdsm - ok
    06:46:32.0319 7240 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    06:46:32.0323 7240 MSDTC - ok
    06:46:32.0357 7240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    06:46:32.0359 7240 Msfs - ok
    06:46:32.0411 7240 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    06:46:32.0419 7240 mshidkmdf - ok
    06:46:32.0460 7240 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    06:46:32.0462 7240 msisadrv - ok
    06:46:32.0527 7240 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    06:46:32.0532 7240 MSiSCSI - ok
    06:46:32.0552 7240 msiserver - ok
    06:46:32.0619 7240 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    06:46:32.0628 7240 MSKSSRV - ok
    06:46:32.0687 7240 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    06:46:32.0689 7240 MSPCLOCK - ok
    06:46:32.0706 7240 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    06:46:32.0708 7240 MSPQM - ok
    06:46:32.0741 7240 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    06:46:32.0747 7240 MsRPC - ok
    06:46:32.0782 7240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    06:46:32.0784 7240 mssmbios - ok
    06:46:32.0821 7240 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    06:46:32.0846 7240 MSTEE - ok
    06:46:32.0870 7240 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    06:46:32.0872 7240 MTConfig - ok
    06:46:32.0903 7240 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    06:46:32.0905 7240 Mup - ok
    06:46:32.0959 7240 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    06:46:32.0968 7240 napagent - ok
    06:46:33.0020 7240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    06:46:33.0025 7240 NativeWifiP - ok
    06:46:33.0075 7240 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    06:46:33.0089 7240 NDIS - ok
    06:46:33.0118 7240 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    06:46:33.0120 7240 NdisCap - ok
    06:46:33.0156 7240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    06:46:33.0158 7240 NdisTapi - ok
    06:46:33.0193 7240 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    06:46:33.0195 7240 Ndisuio - ok
    06:46:33.0218 7240 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    06:46:33.0221 7240 NdisWan - ok
    06:46:33.0241 7240 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    06:46:33.0242 7240 NDProxy - ok
    06:46:33.0283 7240 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    06:46:33.0285 7240 NetBIOS - ok
    06:46:33.0348 7240 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    06:46:33.0352 7240 NetBT - ok
    06:46:33.0379 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    06:46:33.0380 7240 Netlogon - ok
    06:46:33.0446 7240 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    06:46:33.0454 7240 Netman - ok
    06:46:33.0496 7240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    06:46:33.0504 7240 netprofm - ok
    06:46:33.0555 7240 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    06:46:33.0560 7240 NetTcpPortSharing - ok
    06:46:33.0606 7240 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    06:46:33.0611 7240 nfrd960 - ok
    06:46:33.0676 7240 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    06:46:33.0689 7240 NlaSvc - ok
    06:46:33.0733 7240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    06:46:33.0734 7240 Npfs - ok
    06:46:33.0755 7240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    06:46:33.0758 7240 nsi - ok
    06:46:33.0779 7240 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    06:46:33.0780 7240 nsiproxy - ok
    06:46:33.0859 7240 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    06:46:33.0910 7240 Ntfs - ok
    06:46:33.0949 7240 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    06:46:33.0951 7240 Null - ok
    06:46:33.0997 7240 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    06:46:34.0005 7240 nvraid - ok
    06:46:34.0064 7240 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    06:46:34.0068 7240 nvstor - ok
    06:46:34.0092 7240 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    06:46:34.0094 7240 nv_agp - ok
    06:46:34.0204 7240 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    06:46:34.0211 7240 odserv - ok
    06:46:34.0223 7240 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    06:46:34.0228 7240 ohci1394 - ok
    06:46:34.0293 7240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    06:46:34.0297 7240 ose - ok
    06:46:34.0398 7240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    06:46:34.0407 7240 p2pimsvc - ok
    06:46:34.0441 7240 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    06:46:34.0449 7240 p2psvc - ok
    06:46:34.0514 7240 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    06:46:34.0524 7240 Parport - ok
    06:46:34.0590 7240 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    06:46:34.0594 7240 partmgr - ok
    06:46:34.0623 7240 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    06:46:34.0627 7240 PcaSvc - ok
    06:46:34.0646 7240 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    06:46:34.0650 7240 pci - ok
    06:46:34.0669 7240 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    06:46:34.0672 7240 pciide - ok
    06:46:34.0694 7240 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    06:46:34.0699 7240 pcmcia - ok
    06:46:34.0723 7240 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    06:46:34.0753 7240 pcw - ok
    06:46:34.0788 7240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    06:46:34.0796 7240 PEAUTH - ok
    06:46:34.0903 7240 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    06:46:34.0905 7240 PerfHost - ok
    06:46:34.0998 7240 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    06:46:35.0041 7240 pla - ok
    06:46:35.0082 7240 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    06:46:35.0090 7240 PlugPlay - ok
    06:46:35.0109 7240 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    06:46:35.0113 7240 PNRPAutoReg - ok
    06:46:35.0142 7240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    06:46:35.0147 7240 PNRPsvc - ok
    06:46:35.0191 7240 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    06:46:35.0209 7240 PolicyAgent - ok
    06:46:35.0247 7240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    06:46:35.0251 7240 Power - ok
    06:46:35.0292 7240 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    06:46:35.0295 7240 PptpMiniport - ok
    06:46:35.0319 7240 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    06:46:35.0325 7240 Processor - ok
    06:46:35.0380 7240 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    06:46:35.0390 7240 ProfSvc - ok
    06:46:35.0434 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    06:46:35.0439 7240 ProtectedStorage - ok
    06:46:35.0463 7240 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    06:46:35.0466 7240 Psched - ok
    06:46:35.0538 7240 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    06:46:35.0590 7240 ql2300 - ok
    06:46:35.0612 7240 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    06:46:35.0616 7240 ql40xx - ok
    06:46:35.0651 7240 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    06:46:35.0658 7240 QWAVE - ok
    06:46:35.0682 7240 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    06:46:35.0685 7240 QWAVEdrv - ok
    06:46:35.0693 7240 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    06:46:35.0700 7240 RasAcd - ok
    06:46:35.0745 7240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    06:46:35.0747 7240 RasAgileVpn - ok
    06:46:35.0777 7240 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    06:46:35.0782 7240 RasAuto - ok
    06:46:35.0803 7240 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    06:46:35.0806 7240 Rasl2tp - ok
    06:46:35.0853 7240 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    06:46:35.0886 7240 RasMan - ok
    06:46:35.0926 7240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    06:46:35.0928 7240 RasPppoe - ok
    06:46:35.0958 7240 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    06:46:35.0960 7240 RasSstp - ok
    06:46:35.0999 7240 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    06:46:36.0004 7240 rdbss - ok
    06:46:36.0032 7240 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    06:46:36.0034 7240 rdpbus - ok
    06:46:36.0053 7240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    06:46:36.0054 7240 RDPCDD - ok
    06:46:36.0122 7240 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    06:46:36.0124 7240 RDPENCDD - ok
    06:46:36.0170 7240 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    06:46:36.0171 7240 RDPREFMP - ok
    06:46:36.0217 7240 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    06:46:36.0221 7240 RDPWD - ok
    06:46:36.0272 7240 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    06:46:36.0276 7240 rdyboost - ok
    06:46:36.0304 7240 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    06:46:36.0310 7240 RemoteAccess - ok
    06:46:36.0350 7240 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    06:46:36.0357 7240 RemoteRegistry - ok
    06:46:36.0435 7240 [ 82FC38FE6B5AE9223EF28C02A123D1DF ] Response Hardware C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
    06:46:36.0437 7240 Response Hardware - ok
    06:46:36.0488 7240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    06:46:36.0491 7240 RpcEptMapper - ok
    06:46:36.0545 7240 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    06:46:36.0550 7240 RpcLocator - ok
    06:46:36.0590 7240 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    06:46:36.0595 7240 RpcSs - ok
    06:46:36.0641 7240 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    06:46:36.0644 7240 rspndr - ok
    06:46:36.0669 7240 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    06:46:36.0673 7240 RTL8167 - ok
    06:46:36.0710 7240 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
    06:46:36.0712 7240 SABI - ok
    06:46:36.0734 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    06:46:36.0736 7240 SamSs - ok
    06:46:36.0771 7240 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
    06:46:36.0776 7240 Samsung UPD Service - ok
    06:46:36.0796 7240 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    06:46:36.0799 7240 sbp2port - ok
    06:46:36.0880 7240 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    06:46:36.0912 7240 SBSDWSCService - ok
    06:46:36.0963 7240 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    06:46:36.0970 7240 SCardSvr - ok
    06:46:36.0990 7240 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    06:46:36.0994 7240 scfilter - ok
    06:46:37.0049 7240 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    06:46:37.0085 7240 Schedule - ok
    06:46:37.0136 7240 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    06:46:37.0137 7240 SCPolicySvc - ok
    06:46:37.0162 7240 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    06:46:37.0176 7240 SDRSVC - ok
    06:46:37.0220 7240 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    06:46:37.0221 7240 secdrv - ok
    06:46:37.0275 7240 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    06:46:37.0295 7240 seclogon - ok
    06:46:37.0356 7240 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    06:46:37.0362 7240 SENS - ok
    06:46:37.0393 7240 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    06:46:37.0397 7240 SensrSvc - ok
    06:46:37.0445 7240 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    06:46:37.0447 7240 Serenum - ok
    06:46:37.0476 7240 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    06:46:37.0480 7240 Serial - ok
    06:46:37.0496 7240 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    06:46:37.0498 7240 sermouse - ok
    06:46:37.0566 7240 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    06:46:37.0571 7240 SessionEnv - ok
    06:46:37.0605 7240 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    06:46:37.0609 7240 sffdisk - ok
    06:46:37.0618 7240 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    06:46:37.0622 7240 sffp_mmc - ok
    06:46:37.0629 7240 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    06:46:37.0637 7240 sffp_sd - ok
    06:46:37.0660 7240 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    06:46:37.0667 7240 sfloppy - ok
    06:46:37.0711 7240 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    06:46:37.0719 7240 SharedAccess - ok
    06:46:37.0755 7240 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    06:46:37.0762 7240 ShellHWDetection - ok
    06:46:37.0785 7240 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    06:46:37.0787 7240 SiSRaid2 - ok
    06:46:37.0822 7240 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    06:46:37.0828 7240 SiSRaid4 - ok
    06:46:37.0887 7240 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    06:46:37.0891 7240 SkypeUpdate - ok
    06:46:37.0929 7240 [ 59306BC2D442B28416E466411F506641 ] SMARTHelperService C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
    06:46:37.0935 7240 SMARTHelperService - ok
    06:46:37.0976 7240 [ 2F1EE31050D12D1064F305CC6E413C81 ] SMARTMouseFilterx64 C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
    06:46:37.0977 7240 SMARTMouseFilterx64 - ok
    06:46:38.0025 7240 [ C3B071E62C72DCB6E0D332F44F39DE0E ] SMARTVHidMiniVistaAmd64 C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
    06:46:38.0027 7240 SMARTVHidMiniVistaAmd64 - ok
    06:46:38.0069 7240 [ 5D15E5751F9C324E2D44723F65692D03 ] SMARTVTabletPCx64 C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
    06:46:38.0070 7240 SMARTVTabletPCx64 - ok
    06:46:38.0110 7240 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    06:46:38.0112 7240 Smb - ok
    06:46:38.0160 7240 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    06:46:38.0164 7240 SNMPTRAP - ok
    06:46:38.0185 7240 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    06:46:38.0186 7240 spldr - ok
    06:46:38.0233 7240 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    06:46:38.0242 7240 Spooler - ok
    06:46:38.0361 7240 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    06:46:38.0453 7240 sppsvc - ok
    06:46:38.0480 7240 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    06:46:38.0483 7240 sppuinotify - ok
    06:46:38.0539 7240 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    06:46:38.0546 7240 srv - ok
    06:46:38.0591 7240 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    06:46:38.0598 7240 srv2 - ok
    06:46:38.0644 7240 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    06:46:38.0647 7240 srvnet - ok
    06:46:38.0690 7240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    06:46:38.0695 7240 SSDPSRV - ok
    06:46:38.0740 7240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    06:46:38.0751 7240 SstpSvc - ok
    06:46:38.0795 7240 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    06:46:38.0798 7240 stexstor - ok
    06:46:38.0858 7240 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    06:46:38.0867 7240 stisvc - ok
    06:46:38.0902 7240 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    06:46:38.0903 7240 swenum - ok
    06:46:38.0934 7240 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    06:46:38.0947 7240 swprv - ok
    06:46:39.0023 7240 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    06:46:39.0069 7240 SysMain - ok
    06:46:39.0097 7240 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    06:46:39.0100 7240 TabletInputService - ok
    06:46:39.0133 7240 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    06:46:39.0199 7240 TapiSrv - ok
    06:46:39.0239 7240 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    06:46:39.0242 7240 TBS - ok
    06:46:39.0318 7240 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    06:46:39.0377 7240 Tcpip - ok
    06:46:39.0440 7240 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    06:46:39.0452 7240 TCPIP6 - ok
    06:46:39.0486 7240 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    06:46:39.0489 7240 tcpipreg - ok
    06:46:39.0515 7240 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    06:46:39.0518 7240 TDPIPE - ok
    06:46:39.0544 7240 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    06:46:39.0548 7240 TDTCP - ok
    06:46:39.0584 7240 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    06:46:39.0588 7240 tdx - ok
    06:46:39.0599 7240 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    06:46:39.0603 7240 TermDD - ok
    06:46:39.0643 7240 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    06:46:39.0659 7240 TermService - ok
    06:46:39.0694 7240 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    06:46:39.0699 7240 Themes - ok
    06:46:39.0712 7240 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    06:46:39.0714 7240 THREADORDER - ok
    06:46:39.0741 7240 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    06:46:39.0745 7240 TrkWks - ok
    06:46:39.0818 7240 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    06:46:39.0822 7240 TrustedInstaller - ok
    06:46:39.0844 7240 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    06:46:39.0849 7240 tssecsrv - ok
    06:46:39.0886 7240 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    06:46:39.0889 7240 tunnel - ok
    06:46:39.0903 7240 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    06:46:39.0906 7240 uagp35 - ok
    06:46:39.0938 7240 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    06:46:39.0945 7240 udfs - ok
    06:46:39.0990 7240 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    06:46:39.0994 7240 UI0Detect - ok
    06:46:40.0013 7240 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    06:46:40.0015 7240 uliagpkx - ok
    06:46:40.0056 7240 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    06:46:40.0058 7240 umbus - ok
    06:46:40.0066 7240 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    06:46:40.0068 7240 UmPass - ok
    06:46:40.0122 7240 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    06:46:40.0128 7240 upnphost - ok
    06:46:40.0169 7240 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    06:46:40.0171 7240 USBAAPL64 - ok
    06:46:40.0201 7240 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    06:46:40.0204 7240 usbccgp - ok
    06:46:40.0241 7240 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    06:46:40.0243 7240 usbcir - ok
    06:46:40.0278 7240 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    06:46:40.0279 7240 usbehci - ok
    06:46:40.0327 7240 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    06:46:40.0332 7240 usbhub - ok
    06:46:40.0380 7240 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    06:46:40.0382 7240 usbohci - ok
    06:46:40.0404 7240 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    06:46:40.0406 7240 usbprint - ok
    06:46:40.0434 7240 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    06:46:40.0437 7240 USBSTOR - ok
    06:46:40.0472 7240 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    06:46:40.0474 7240 usbuhci - ok
    06:46:40.0533 7240 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    06:46:40.0536 7240 usbvideo - ok
    06:46:40.0563 7240 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    06:46:40.0567 7240 UxSms - ok
    06:46:40.0624 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    06:46:40.0625 7240 VaultSvc - ok
    06:46:40.0674 7240 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    06:46:40.0676 7240 vdrvroot - ok
    06:46:40.0700 7240 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    06:46:40.0708 7240 vds - ok
    06:46:40.0728 7240 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    06:46:40.0730 7240 vga - ok
    06:46:40.0755 7240 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    06:46:40.0757 7240 VgaSave - ok
    06:46:40.0780 7240 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    06:46:40.0789 7240 vhdmp - ok
    06:46:40.0802 7240 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    06:46:40.0805 7240 viaide - ok
    06:46:40.0825 7240 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    06:46:40.0827 7240 volmgr - ok
    06:46:40.0851 7240 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    06:46:40.0859 7240 volmgrx - ok
    06:46:40.0906 7240 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    06:46:40.0911 7240 volsnap - ok
    06:46:40.0966 7240 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    06:46:40.0970 7240 vsmraid - ok
    06:46:41.0032 7240 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    06:46:41.0067 7240 VSS - ok
    06:46:41.0201 7240 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    06:46:41.0210 7240 vToolbarUpdater13.2.0 - ok
    06:46:41.0223 7240 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    06:46:41.0237 7240 vwifibus - ok
    06:46:41.0266 7240 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    06:46:41.0268 7240 vwififlt - ok
    06:46:41.0304 7240 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    06:46:41.0310 7240 W32Time - ok
    06:46:41.0330 7240 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    06:46:41.0332 7240 WacomPen - ok
    06:46:41.0371 7240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    06:46:41.0375 7240 WANARP - ok
    06:46:41.0385 7240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    06:46:41.0386 7240 Wanarpv6 - ok
    06:46:41.0488 7240 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    06:46:41.0533 7240 WatAdminSvc - ok
    06:46:41.0587 7240 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    06:46:41.0624 7240 wbengine - ok
    06:46:41.0654 7240 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    06:46:41.0659 7240 WbioSrvc - ok
    06:46:41.0704 7240 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    06:46:41.0711 7240 wcncsvc - ok
    06:46:41.0745 7240 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    06:46:41.0750 7240 WcsPlugInService - ok
    06:46:41.0785 7240 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    06:46:41.0787 7240 Wd - ok
    06:46:41.0839 7240 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    06:46:41.0850 7240 Wdf01000 - ok
    06:46:41.0881 7240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    06:46:41.0884 7240 WdiServiceHost - ok
    06:46:41.0890 7240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    06:46:41.0893 7240 WdiSystemHost - ok
    06:46:41.0944 7240 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    06:46:41.0950 7240 WebClient - ok
    06:46:41.0987 7240 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    06:46:41.0993 7240 Wecsvc - ok
    06:46:42.0023 7240 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    06:46:42.0027 7240 wercplsupport - ok
    06:46:42.0058 7240 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    06:46:42.0062 7240 WerSvc - ok
    06:46:42.0100 7240 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    06:46:42.0102 7240 WfpLwf - ok
    06:46:42.0123 7240 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    06:46:42.0125 7240 WIMMount - ok
    06:46:42.0148 7240 WinDefend - ok
    06:46:42.0163 7240 WinHttpAutoProxySvc - ok
    06:46:42.0224 7240 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    06:46:42.0228 7240 Winmgmt - ok
    06:46:42.0300 7240 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    06:46:42.0361 7240 WinRM - ok
    06:46:42.0445 7240 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    06:46:42.0448 7240 WinUsb - ok
    06:46:42.0497 7240 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    06:46:42.0537 7240 Wlansvc - ok
    06:46:42.0673 7240 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    06:46:42.0721 7240 wlidsvc - ok
    06:46:42.0754 7240 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    06:46:42.0755 7240 WmiAcpi - ok
    06:46:42.0797 7240 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    06:46:42.0801 7240 wmiApSrv - ok
    06:46:42.0837 7240 WMPNetworkSvc - ok
    06:46:42.0868 7240 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    06:46:42.0873 7240 WPCSvc - ok
    06:46:42.0907 7240 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    06:46:42.0915 7240 WPDBusEnum - ok
    06:46:42.0951 7240 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    06:46:42.0952 7240 ws2ifsl - ok
    06:46:42.0978 7240 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
    06:46:42.0982 7240 wscsvc - ok
    06:46:42.0990 7240 WSearch - ok
    06:46:43.0083 7240 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    06:46:43.0139 7240 wuauserv - ok
    06:46:43.0179 7240 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    06:46:43.0180 7240 WudfPf - ok
    06:46:43.0216 7240 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    06:46:43.0220 7240 WUDFRd - ok
    06:46:43.0256 7240 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    06:46:43.0259 7240 wudfsvc - ok
    06:46:43.0285 7240 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    06:46:43.0293 7240 WwanSvc - ok
    06:46:43.0349 7240 [ 4647FDA6E21B18824D6073801177F4F7 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    06:46:43.0355 7240 yukonw7 - ok
    06:46:43.0373 7240 ================ Scan global ===============================
    06:46:43.0406 7240 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    06:46:43.0435 7240 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
    06:46:43.0445 7240 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
    06:46:43.0473 7240 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    06:46:43.0508 7240 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    06:46:43.0514 7240 [Global] - ok
    06:46:43.0515 7240 ================ Scan MBR ==================================
    06:46:43.0530 7240 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
    06:46:43.0951 7240 \Device\Harddisk0\DR0 - ok
    06:46:43.0955 7240 ================ Scan VBR ==================================
    06:46:43.0962 7240 [ AC6EC3A8D5AF6684BE59BE4017ECB7DA ] \Device\Harddisk0\DR0\Partition1
    06:46:43.0970 7240 \Device\Harddisk0\DR0\Partition1 - ok
    06:46:43.0990 7240 [ D1586B3A651D870FD1876A0FF5447088 ] \Device\Harddisk0\DR0\Partition2
    06:46:43.0991 7240 \Device\Harddisk0\DR0\Partition2 - ok
    06:46:44.0020 7240 [ 2EC4D98D723D1052B102C861DA93E8E9 ] \Device\Harddisk0\DR0\Partition3
    06:46:44.0022 7240 \Device\Harddisk0\DR0\Partition3 - ok
    06:46:44.0023 7240 ============================================================
    06:46:44.0023 7240 Scan finished
    06:46:44.0023 7240 ============================================================
    06:46:44.0049 1932 Detected object count: 0
    06:46:44.0049 1932 Actual detected object count: 0
    06:47:22.0857 7448 ============================================================
    06:47:22.0857 7448 Scan started
    06:47:22.0857 7448 Mode: Manual;
    06:47:22.0857 7448 ============================================================
    06:47:23.0162 7448 ================ Scan system memory ========================
    06:47:23.0163 7448 System memory - ok
    06:47:23.0170 7448 ================ Scan services =============================
    06:47:23.0338 7448 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    06:47:23.0341 7448 1394ohci - ok
    06:47:23.0370 7448 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    06:47:23.0374 7448 ACPI - ok
    06:47:23.0384 7448 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    06:47:23.0387 7448 AcpiPmi - ok
    06:47:23.0483 7448 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    06:47:23.0485 7448 AdobeARMservice - ok
    06:47:23.0616 7448 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    06:47:23.0620 7448 AdobeFlashPlayerUpdateSvc - ok
    06:47:23.0666 7448 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    06:47:23.0673 7448 adp94xx - ok
    06:47:23.0705 7448 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    06:47:23.0710 7448 adpahci - ok
    06:47:23.0748 7448 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    06:47:23.0751 7448 adpu320 - ok
    06:47:23.0799 7448 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    06:47:23.0801 7448 AeLookupSvc - ok
    06:47:23.0843 7448 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    06:47:23.0854 7448 AFD - ok
    06:47:23.0894 7448 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    06:47:23.0896 7448 agp440 - ok
    06:47:23.0943 7448 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    06:47:23.0944 7448 ALG - ok
    06:47:23.0979 7448 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    06:47:23.0986 7448 aliide - ok
    06:47:24.0000 7448 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    06:47:24.0001 7448 amdide - ok
    06:47:24.0018 7448 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    06:47:24.0020 7448 AmdK8 - ok
    06:47:24.0040 7448 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    06:47:24.0042 7448 AmdPPM - ok
    06:47:24.0081 7448 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    06:47:24.0083 7448 amdsata - ok
    06:47:24.0108 7448 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    06:47:24.0112 7448 amdsbs - ok
    06:47:24.0160 7448 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    06:47:24.0161 7448 amdxata - ok
    06:47:24.0187 7448 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    06:47:24.0189 7448 AppID - ok
    06:47:24.0244 7448 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    06:47:24.0247 7448 AppIDSvc - ok
    06:47:24.0297 7448 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    06:47:24.0299 7448 Appinfo - ok
    06:47:24.0376 7448 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    06:47:24.0378 7448 Apple Mobile Device - ok
    06:47:24.0409 7448 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    06:47:24.0411 7448 arc - ok
    06:47:24.0455 7448 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    06:47:24.0457 7448 arcsas - ok
    06:47:24.0498 7448 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    06:47:24.0499 7448 AsyncMac - ok
    06:47:24.0556 7448 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    06:47:24.0558 7448 atapi - ok
    06:47:24.0637 7448 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\Windows\system32\DRIVERS\athrx.sys
    06:47:24.0656 7448 athr - ok
    06:47:24.0716 7448 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    06:47:24.0724 7448 AudioEndpointBuilder - ok
    06:47:24.0771 7448 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    06:47:24.0779 7448 AudioSrv - ok
    06:47:24.0990 7448 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    06:47:25.0057 7448 AVGIDSAgent - ok
    06:47:25.0108 7448 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    06:47:25.0111 7448 AVGIDSDriver - ok
    06:47:25.0147 7448 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    06:47:25.0149 7448 AVGIDSHA - ok
    06:47:25.0188 7448 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    06:47:25.0191 7448 Avgldx64 - ok
    06:47:25.0244 7448 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    06:47:25.0247 7448 Avgloga - ok
    06:47:25.0284 7448 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    06:47:25.0288 7448 Avgmfx64 - ok
    06:47:25.0326 7448 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    06:47:25.0328 7448 Avgrkx64 - ok
    06:47:25.0381 7448 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    06:47:25.0384 7448 Avgtdia - ok
    06:47:25.0432 7448 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    06:47:25.0434 7448 avgtp - ok
    06:47:25.0493 7448 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    06:47:25.0496 7448 avgwd - ok
    06:47:25.0526 7448 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    06:47:25.0528 7448 AxInstSV - ok
    06:47:25.0566 7448 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    06:47:25.0570 7448 b06bdrv - ok
    06:47:25.0617 7448 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    06:47:25.0620 7448 b57nd60a - ok
    06:47:25.0653 7448 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    06:47:25.0655 7448 BDESVC - ok
    06:47:25.0681 7448 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    06:47:25.0682 7448 Beep - ok
    06:47:25.0714 7448 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    06:47:25.0722 7448 BFE - ok
    06:47:25.0789 7448 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
    06:47:25.0800 7448 BITS - ok
    06:47:25.0826 7448 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    06:47:25.0827 7448 blbdrive - ok
    06:47:25.0922 7448 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    06:47:25.0933 7448 Bonjour Service - ok
    06:47:25.0974 7448 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    06:47:25.0976 7448 bowser - ok
    06:47:25.0995 7448 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    06:47:25.0996 7448 BrFiltLo - ok
    06:47:26.0005 7448 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    06:47:26.0006 7448 BrFiltUp - ok
    06:47:26.0042 7448 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    06:47:26.0045 7448 Browser - ok
    06:47:26.0057 7448 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    06:47:26.0061 7448 Brserid - ok
    06:47:26.0074 7448 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    06:47:26.0075 7448 BrSerWdm - ok
    06:47:26.0086 7448 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    06:47:26.0088 7448 BrUsbMdm - ok
    06:47:26.0102 7448 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    06:47:26.0103 7448 BrUsbSer - ok
    06:47:26.0128 7448 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    06:47:26.0130 7448 BTHMODEM - ok
    06:47:26.0180 7448 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    06:47:26.0182 7448 bthserv - ok
    06:47:26.0206 7448 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    06:47:26.0208 7448 cdfs - ok
    06:47:26.0248 7448 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    06:47:26.0251 7448 cdrom - ok
    06:47:26.0280 7448 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    06:47:26.0282 7448 CertPropSvc - ok
    06:47:26.0337 7448 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    06:47:26.0338 7448 circlass - ok
    06:47:26.0369 7448 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    06:47:26.0373 7448 CLFS - ok
    06:47:26.0451 7448 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    06:47:26.0452 7448 clr_optimization_v2.0.50727_32 - ok
    06:47:26.0540 7448 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    06:47:26.0542 7448 clr_optimization_v2.0.50727_64 - ok
    06:47:26.0597 7448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    06:47:26.0600 7448 clr_optimization_v4.0.30319_32 - ok
    06:47:26.0636 7448 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    06:47:26.0639 7448 clr_optimization_v4.0.30319_64 - ok
    06:47:26.0673 7448 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    06:47:26.0674 7448 CmBatt - ok
    06:47:26.0701 7448 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    06:47:26.0702 7448 cmdide - ok
    06:47:26.0774 7448 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    06:47:26.0778 7448 CNG - ok
    06:47:26.0801 7448 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    06:47:26.0802 7448 Compbatt - ok
    06:47:26.0820 7448 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    06:47:26.0821 7448 CompositeBus - ok
    06:47:26.0836 7448 COMSysApp - ok
    06:47:26.0851 7448 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    06:47:26.0853 7448 crcdisk - ok
    06:47:26.0899 7448 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
    06:47:26.0902 7448 CryptSvc - ok
    06:47:26.0946 7448 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    06:47:26.0953 7448 DcomLaunch - ok
    06:47:26.0995 7448 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    06:47:26.0999 7448 defragsvc - ok
    06:47:27.0037 7448 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    06:47:27.0039 7448 DfsC - ok
    06:47:27.0065 7448 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    06:47:27.0069 7448 Dhcp - ok
    06:47:27.0100 7448 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    06:47:27.0101 7448 discache - ok
    06:47:27.0121 7448 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    06:47:27.0124 7448 Disk - ok
    06:47:27.0174 7448 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    06:47:27.0177 7448 Dnscache - ok
    06:47:27.0211 7448 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    06:47:27.0218 7448 dot3svc - ok
    06:47:27.0244 7448 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    06:47:27.0251 7448 DPS - ok
    06:47:27.0283 7448 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    06:47:27.0285 7448 drmkaud - ok
    06:47:27.0344 7448 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    06:47:27.0354 7448 DXGKrnl - ok
    06:47:27.0376 7448 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    06:47:27.0379 7448 EapHost - ok
    06:47:27.0474 7448 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    06:47:27.0498 7448 ebdrv - ok
    06:47:27.0536 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    06:47:27.0537 7448 EFS - ok
    06:47:27.0628 7448 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    06:47:27.0633 7448 ehRecvr - ok
    06:47:27.0658 7448 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    06:47:27.0660 7448 ehSched - ok
    06:47:27.0702 7448 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    06:47:27.0707 7448 elxstor - ok
    06:47:27.0725 7448 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    06:47:27.0726 7448 ErrDev - ok
    06:47:27.0766 7448 [ B73181411523D264AD7BEC35B84716AB ] ETD C:\Windows\system32\DRIVERS\ETD.sys
    06:47:27.0770 7448 ETD - ok
    06:47:27.0829 7448 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    06:47:27.0833 7448 EventSystem - ok
    06:47:27.0849 7448 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    06:47:27.0853 7448 exfat - ok
    06:47:27.0893 7448 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    06:47:27.0896 7448 fastfat - ok
    06:47:27.0931 7448 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    06:47:27.0940 7448 Fax - ok
    06:47:27.0965 7448 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    06:47:27.0966 7448 fdc - ok
    06:47:27.0996 7448 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    06:47:27.0997 7448 fdPHost - ok
    06:47:28.0015 7448 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    06:47:28.0017 7448 FDResPub - ok
    06:47:28.0046 7448 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    06:47:28.0047 7448 FileInfo - ok
    06:47:28.0058 7448 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    06:47:28.0060 7448 Filetrace - ok
    06:47:28.0137 7448 [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    06:47:28.0144 7448 FLEXnet Licensing Service - ok
    06:47:28.0152 7448 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    06:47:28.0153 7448 flpydisk - ok
    06:47:28.0186 7448 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    06:47:28.0189 7448 FltMgr - ok
    06:47:28.0237 7448 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    06:47:28.0246 7448 FontCache - ok
    06:47:28.0300 7448 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    06:47:28.0301 7448 FontCache3.0.0.0 - ok
    06:47:28.0324 7448 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    06:47:28.0326 7448 FsDepends - ok
    06:47:28.0361 7448 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    06:47:28.0362 7448 fssfltr - ok
    06:47:28.0449 7448 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    06:47:28.0456 7448 fsssvc - ok
    06:47:28.0485 7448 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    06:47:28.0486 7448 Fs_Rec - ok
    06:47:28.0525 7448 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    06:47:28.0527 7448 fvevol - ok
    06:47:28.0553 7448 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    06:47:28.0555 7448 gagp30kx - ok
    06:47:28.0599 7448 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
    06:47:28.0602 7448 GameConsoleService - ok
    06:47:28.0641 7448 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    06:47:28.0641 7448 GEARAspiWDM - ok
    06:47:28.0687 7448 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    06:47:28.0692 7448 gpsvc - ok
    06:47:28.0748 7448 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    06:47:28.0749 7448 gupdate - ok
    06:47:28.0755 7448 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    06:47:28.0757 7448 gupdatem - ok
    06:47:28.0790 7448 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    06:47:28.0791 7448 hcw85cir - ok
    06:47:28.0828 7448 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    06:47:28.0832 7448 HdAudAddService - ok
    06:47:28.0850 7448 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    06:47:28.0851 7448 HDAudBus - ok
    06:47:28.0861 7448 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    06:47:28.0862 7448 HidBatt - ok
    06:47:28.0905 7448 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    06:47:28.0906 7448 HidBth - ok
    06:47:28.0914 7448 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    06:47:28.0917 7448 HidIr - ok
    06:47:28.0970 7448 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    06:47:28.0971 7448 hidserv - ok
    06:47:28.0994 7448 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    06:47:28.0995 7448 HidUsb - ok
    06:47:29.0022 7448 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    06:47:29.0024 7448 hkmsvc - ok
    06:47:29.0049 7448 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    06:47:29.0051 7448 HomeGroupListener - ok
    06:47:29.0084 7448 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    06:47:29.0087 7448 HomeGroupProvider - ok
    06:47:29.0112 7448 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    06:47:29.0113 7448 HpSAMD - ok
    06:47:29.0140 7448 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    06:47:29.0146 7448 HTTP - ok
    06:47:29.0174 7448 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    06:47:29.0175 7448 hwpolicy - ok
    06:47:29.0194 7448 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    06:47:29.0196 7448 i8042prt - ok
    06:47:29.0260 7448 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    06:47:29.0263 7448 iaStor - ok
    06:47:29.0289 7448 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    06:47:29.0293 7448 iaStorV - ok
    06:47:29.0341 7448 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    06:47:29.0348 7448 idsvc - ok
    06:47:29.0514 7448 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    06:47:29.0565 7448 igfx - ok
    06:47:29.0598 7448 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    06:47:29.0599 7448 iirsp - ok
    06:47:29.0649 7448 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    06:47:29.0656 7448 IKEEXT - ok
    06:47:29.0749 7448 [ BBDA43F02A2C642A2DF191FA8C0B0052 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    06:47:29.0765 7448 IntcAzAudAddService - ok
    06:47:29.0783 7448 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    06:47:29.0784 7448 intelide - ok
    06:47:29.0809 7448 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    06:47:29.0810 7448 intelppm - ok
    06:47:29.0843 7448 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    06:47:29.0844 7448 IPBusEnum - ok
    06:47:29.0870 7448 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    06:47:29.0871 7448 IpFilterDriver - ok
    06:47:29.0907 7448 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    06:47:29.0911 7448 iphlpsvc - ok
    06:47:29.0925 7448 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    06:47:29.0927 7448 IPMIDRV - ok
    06:47:29.0955 7448 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    06:47:29.0957 7448 IPNAT - ok
    06:47:30.0042 7448 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    06:47:30.0050 7448 iPod Service - ok
    06:47:30.0085 7448 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    06:47:30.0086 7448 IRENUM - ok
    06:47:30.0107 7448 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    06:47:30.0108 7448 isapnp - ok
    06:47:30.0130 7448 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    06:47:30.0133 7448 iScsiPrt - ok
    06:47:30.0159 7448 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    06:47:30.0160 7448 kbdclass - ok
    06:47:30.0186 7448 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    06:47:30.0187 7448 kbdhid - ok
    06:47:30.0202 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    06:47:30.0204 7448 KeyIso - ok
    06:47:30.0239 7448 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    06:47:30.0240 7448 KSecDD - ok
    06:47:30.0257 7448 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    06:47:30.0259 7448 KSecPkg - ok
    06:47:30.0285 7448 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    06:47:30.0286 7448 ksthunk - ok
    06:47:30.0327 7448 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    06:47:30.0332 7448 KtmRm - ok
    06:47:30.0402 7448 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
    06:47:30.0405 7448 LanmanServer - ok
    06:47:30.0463 7448 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    06:47:30.0473 7448 LanmanWorkstation - ok
    06:47:30.0526 7448 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
    06:47:30.0527 7448 LicCtrlService - ok
    06:47:30.0545 7448 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    06:47:30.0548 7448 lltdio - ok
    06:47:30.0591 7448 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    06:47:30.0595 7448 lltdsvc - ok
    06:47:30.0619 7448 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    06:47:30.0621 7448 lmhosts - ok
    06:47:30.0675 7448 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    06:47:30.0676 7448 LSI_FC - ok
    06:47:30.0689 7448 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    06:47:30.0691 7448 LSI_SAS - ok
    06:47:30.0715 7448 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    06:47:30.0716 7448 LSI_SAS2 - ok
    06:47:30.0732 7448 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    06:47:30.0737 7448 LSI_SCSI - ok
    06:47:30.0761 7448 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    06:47:30.0763 7448 luafv - ok
    06:47:30.0794 7448 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    06:47:30.0797 7448 Mcx2Svc - ok
    06:47:30.0814 7448 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    06:47:30.0815 7448 megasas - ok
    06:47:30.0858 7448 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    06:47:30.0862 7448 MegaSR - ok
    06:47:30.0959 7448 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    06:47:30.0961 7448 Microsoft Office Groove Audit Service - ok
    06:47:31.0004 7448 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    06:47:31.0007 7448 MMCSS - ok
    06:47:31.0025 7448 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    06:47:31.0027 7448 Modem - ok
    06:47:31.0051 7448 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    06:47:31.0054 7448 monitor - ok
    06:47:31.0073 7448 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    06:47:31.0074 7448 mouclass - ok
    06:47:31.0099 7448 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    06:47:31.0100 7448 mouhid - ok
    06:47:31.0127 7448 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    06:47:31.0128 7448 mountmgr - ok
    06:47:31.0179 7448 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    06:47:31.0181 7448 MozillaMaintenance - ok
    06:47:31.0212 7448 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    06:47:31.0214 7448 mpio - ok
    06:47:31.0241 7448 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    06:47:31.0243 7448 mpsdrv - ok
    06:47:31.0296 7448 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    06:47:31.0304 7448 MpsSvc - ok
    06:47:31.0333 7448 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    06:47:31.0335 7448 MRxDAV - ok
    06:47:31.0381 7448 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    06:47:31.0383 7448 mrxsmb - ok
    06:47:31.0404 7448 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    06:47:31.0407 7448 mrxsmb10 - ok
    06:47:31.0421 7448 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    06:47:31.0423 7448 mrxsmb20 - ok
    06:47:31.0441 7448 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    06:47:31.0442 7448 msahci - ok
    06:47:31.0463 7448 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    06:47:31.0465 7448 msdsm - ok
    06:47:31.0487 7448 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    06:47:31.0490 7448 MSDTC - ok
    06:47:31.0514 7448 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    06:47:31.0515 7448 Msfs - ok
    06:47:31.0535 7448 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    06:47:31.0537 7448 mshidkmdf - ok
    06:47:31.0564 7448 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    06:47:31.0565 7448 msisadrv - ok
    06:47:31.0607 7448 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    06:47:31.0609 7448 MSiSCSI - ok
    06:47:31.0615 7448 msiserver - ok
    06:47:31.0643 7448 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    06:47:31.0644 7448 MSKSSRV - ok
    06:47:31.0678 7448 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    06:47:31.0679 7448 MSPCLOCK - ok
    06:47:31.0696 7448 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    06:47:31.0697 7448 MSPQM - ok
    06:47:31.0720 7448 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    06:47:31.0724 7448 MsRPC - ok
    06:47:31.0750 7448 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    06:47:31.0751 7448 mssmbios - ok
    06:47:31.0778 7448 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    06:47:31.0779 7448 MSTEE - ok
    06:47:31.0794 7448 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    06:47:31.0795 7448 MTConfig - ok
    06:47:31.0838 7448 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    06:47:31.0839 7448 Mup - ok
    06:47:31.0882 7448 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    06:47:31.0887 7448 napagent - ok
    06:47:31.0910 7448 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    06:47:31.0913 7448 NativeWifiP - ok
    06:47:31.0943 7448 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    06:47:31.0951 7448 NDIS - ok
    06:47:31.0996 7448 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    06:47:31.0998 7448 NdisCap - ok
    06:47:32.0013 7448 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    06:47:32.0015 7448 NdisTapi - ok
    06:47:32.0028 7448 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    06:47:32.0029 7448 Ndisuio - ok
    06:47:32.0051 7448 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    06:47:32.0053 7448 NdisWan - ok
    06:47:32.0076 7448 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    06:47:32.0077 7448 NDProxy - ok
    06:47:32.0095 7448 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    06:47:32.0097 7448 NetBIOS - ok
    06:47:32.0116 7448 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    06:47:32.0119 7448 NetBT - ok
    06:47:32.0136 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    06:47:32.0138 7448 Netlogon - ok
    06:47:32.0170 7448 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    06:47:32.0174 7448 Netman - ok
    06:47:32.0198 7448 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    06:47:32.0206 7448 netprofm - ok
    06:47:32.0256 7448 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    06:47:32.0258 7448 NetTcpPortSharing - ok
    06:47:32.0285 7448 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    06:47:32.0287 7448 nfrd960 - ok
    06:47:32.0344 7448 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    06:47:32.0348 7448 NlaSvc - ok
    06:47:32.0395 7448 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    06:47:32.0396 7448 Npfs - ok
    06:47:32.0412 7448 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    06:47:32.0416 7448 nsi - ok
    06:47:32.0436 7448 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    06:47:32.0437 7448 nsiproxy - ok
    06:47:32.0506 7448 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    06:47:32.0518 7448 Ntfs - ok
    06:47:32.0551 7448 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    06:47:32.0552 7448 Null - ok
    06:47:32.0588 7448 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    06:47:32.0589 7448 nvraid - ok
    06:47:32.0633 7448 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    06:47:32.0634 7448 nvstor - ok
    06:47:32.0661 7448 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    06:47:32.0663 7448 nv_agp - ok
    06:47:32.0762 7448 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    06:47:32.0769 7448 odserv - ok
    06:47:32.0781 7448 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    06:47:32.0783 7448 ohci1394 - ok
    06:47:32.0832 7448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    06:47:32.0835 7448 ose - ok
    06:47:32.0890 7448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    06:47:32.0897 7448 p2pimsvc - ok
    06:47:32.0944 7448 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    06:47:32.0953 7448 p2psvc - ok
    06:47:33.0004 7448 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    06:47:33.0008 7448 Parport - ok
    06:47:33.0059 7448 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    06:47:33.0061 7448 partmgr - ok
    06:47:33.0103 7448 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    06:47:33.0107 7448 PcaSvc - ok
    06:47:33.0125 7448 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    06:47:33.0128 7448 pci - ok
    06:47:33.0160 7448 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    06:47:33.0161 7448 pciide - ok
    06:47:33.0196 7448 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    06:47:33.0200 7448 pcmcia - ok
    06:47:33.0225 7448 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    06:47:33.0228 7448 pcw - ok
    06:47:33.0280 7448 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    06:47:33.0287 7448 PEAUTH - ok
    06:47:33.0393 7448 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    06:47:33.0395 7448 PerfHost - ok
    06:47:33.0480 7448 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    06:47:33.0494 7448 pla - ok
    06:47:33.0529 7448 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    06:47:33.0541 7448 PlugPlay - ok
    06:47:33.0569 7448 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    06:47:33.0572 7448 PNRPAutoReg - ok
    06:47:33.0600 7448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    06:47:33.0605 7448 PNRPsvc - ok
    06:47:33.0649 7448 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    06:47:33.0654 7448 PolicyAgent - ok
    06:47:33.0693 7448 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    06:47:33.0697 7448 Power - ok
    06:47:33.0727 7448 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    06:47:33.0729 7448 PptpMiniport - ok
    06:47:33.0754 7448 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    06:47:33.0756 7448 Processor - ok
    06:47:33.0782 7448 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    06:47:33.0786 7448 ProfSvc - ok
    06:47:33.0802 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    06:47:33.0805 7448 ProtectedStorage - ok
    06:47:33.0820 7448 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    06:47:33.0823 7448 Psched - ok
    06:47:33.0872 7448 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    06:47:33.0888 7448 ql2300 - ok
    06:47:33.0907 7448 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    06:47:33.0909 7448 ql40xx - ok
    06:47:33.0941 7448 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    06:47:33.0945 7448 QWAVE - ok
    06:47:33.0975 7448 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    06:47:33.0977 7448 QWAVEdrv - ok
    06:47:33.0993 7448 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    06:47:33.0994 7448 RasAcd - ok
    06:47:34.0040 7448 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    06:47:34.0041 7448 RasAgileVpn - ok
    06:47:34.0078 7448 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    06:47:34.0081 7448 RasAuto - ok
    06:47:34.0116 7448 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    06:47:34.0118 7448 Rasl2tp - ok
    06:47:34.0167 7448 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    06:47:34.0174 7448 RasMan - ok
    06:47:34.0194 7448 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    06:47:34.0195 7448 RasPppoe - ok
    06:47:34.0216 7448 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    06:47:34.0217 7448 RasSstp - ok
    06:47:34.0245 7448 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    06:47:34.0249 7448 rdbss - ok
    06:47:34.0266 7448 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    06:47:34.0267 7448 rdpbus - ok
    06:47:34.0287 7448 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    06:47:34.0288 7448 RDPCDD - ok
    06:47:34.0302 7448 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    06:47:34.0306 7448 RDPENCDD - ok
    06:47:34.0325 7448 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    06:47:34.0326 7448 RDPREFMP - ok
    06:47:34.0362 7448 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    06:47:34.0365 7448 RDPWD - ok
    06:47:34.0396 7448 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    06:47:34.0399 7448 rdyboost - ok
    06:47:34.0427 7448 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    06:47:34.0429 7448 RemoteAccess - ok
    06:47:34.0462 7448 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    06:47:34.0465 7448 RemoteRegistry - ok
    06:47:34.0559 7448 [ 82FC38FE6B5AE9223EF28C02A123D1DF ] Response Hardware C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
    06:47:34.0560 7448 Response Hardware - ok
    06:47:34.0578 7448 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    06:47:34.0580 7448 RpcEptMapper - ok
    06:47:34.0613 7448 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    06:47:34.0615 7448 RpcLocator - ok
    06:47:34.0645 7448 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    06:47:34.0650 7448 RpcSs - ok
    06:47:34.0676 7448 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    06:47:34.0678 7448 rspndr - ok
    06:47:34.0693 7448 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    06:47:34.0695 7448 RTL8167 - ok
    06:47:34.0723 7448 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
    06:47:34.0724 7448 SABI - ok
    06:47:34.0736 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    06:47:34.0737 7448 SamSs - ok
    06:47:34.0772 7448 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
    06:47:34.0775 7448 Samsung UPD Service - ok
    06:47:34.0798 7448 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    06:47:34.0799 7448 sbp2port - ok
    06:47:34.0870 7448 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    06:47:34.0882 7448 SBSDWSCService - ok
    06:47:34.0944 7448 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    06:47:34.0949 7448 SCardSvr - ok
    06:47:34.0969 7448 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    06:47:34.0970 7448 scfilter - ok
    06:47:35.0038 7448 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    06:47:35.0048 7448 Schedule - ok
    06:47:35.0102 7448 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    06:47:35.0103 7448 SCPolicySvc - ok
    06:47:35.0129 7448 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    06:47:35.0132 7448 SDRSVC - ok
    06:47:35.0165 7448 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    06:47:35.0167 7448 secdrv - ok
    06:47:35.0231 7448 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    06:47:35.0234 7448 seclogon - ok
    06:47:35.0257 7448 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    06:47:35.0262 7448 SENS - ok
    06:47:35.0316 7448 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    06:47:35.0321 7448 SensrSvc - ok
    06:47:35.0401 7448 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    06:47:35.0402 7448 Serenum - ok
    06:47:35.0432 7448 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    06:47:35.0433 7448 Serial - ok
    06:47:35.0488 7448 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    06:47:35.0489 7448 sermouse - ok
    06:47:35.0578 7448 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    06:47:35.0581 7448 SessionEnv - ok
    06:47:35.0629 7448 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    06:47:35.0630 7448 sffdisk - ok
    06:47:35.0656 7448 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    06:47:35.0657 7448 sffp_mmc - ok
    06:47:35.0669 7448 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    06:47:35.0670 7448 sffp_sd - ok
    06:47:35.0705 7448 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    06:47:35.0706 7448 sfloppy - ok
    06:47:35.0756 7448 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    06:47:35.0763 7448 SharedAccess - ok
    06:47:35.0801 7448 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    06:47:35.0807 7448 ShellHWDetection - ok
    06:47:35.0852 7448 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    06:47:35.0853 7448 SiSRaid2 - ok
    06:47:35.0888 7448 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    06:47:35.0889 7448 SiSRaid4 - ok
    06:47:35.0921 7448 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    06:47:35.0923 7448 SkypeUpdate - ok
    06:47:35.0973 7448 [ 59306BC2D442B28416E466411F506641 ] SMARTHelperService C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
    06:47:35.0979 7448 SMARTHelperService - ok
    06:47:36.0010 7448 [ 2F1EE31050D12D1064F305CC6E413C81 ] SMARTMouseFilterx64 C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
    06:47:36.0011 7448 SMARTMouseFilterx64 - ok
    06:47:36.0059 7448 [ C3B071E62C72DCB6E0D332F44F39DE0E ] SMARTVHidMiniVistaAmd64 C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
    06:47:36.0060 7448 SMARTVHidMiniVistaAmd64 - ok
    06:47:36.0125 7448 [ 5D15E5751F9C324E2D44723F65692D03 ] SMARTVTabletPCx64 C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
    06:47:36.0126 7448 SMARTVTabletPCx64 - ok
    06:47:36.0167 7448 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    06:47:36.0168 7448 Smb - ok
    06:47:36.0216 7448 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    06:47:36.0219 7448 SNMPTRAP - ok
    06:47:36.0265 7448 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    06:47:36.0267 7448 spldr - ok
    06:47:36.0311 7448 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    06:47:36.0322 7448 Spooler - ok
    06:47:36.0450 7448 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    06:47:36.0481 7448 sppsvc - ok
    06:47:36.0502 7448 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    06:47:36.0505 7448 sppuinotify - ok
    06:47:36.0565 7448 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    06:47:36.0570 7448 srv - ok
    06:47:36.0614 7448 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    06:47:36.0618 7448 srv2 - ok
    06:47:36.0656 7448 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    06:47:36.0657 7448 srvnet - ok
    06:47:36.0691 7448 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    06:47:36.0694 7448 SSDPSRV - ok
    06:47:36.0740 7448 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    06:47:36.0742 7448 SstpSvc - ok
    06:47:36.0785 7448 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    06:47:36.0786 7448 stexstor - ok
    06:47:36.0831 7448 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    06:47:36.0841 7448 stisvc - ok
    06:47:36.0851 7448 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    06:47:36.0851 7448 swenum - ok
    06:47:36.0911 7448 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    06:47:36.0921 7448 swprv - ok
    06:47:37.0052 7448 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    06:47:37.0074 7448 SysMain - ok
    06:47:37.0110 7448 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    06:47:37.0114 7448 TabletInputService - ok
    06:47:37.0173 7448 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    06:47:37.0183 7448 TapiSrv - ok
    06:47:37.0203 7448 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    06:47:37.0203 7448 TBS - ok
    06:47:37.0303 7448 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    06:47:37.0323 7448 Tcpip - ok
    06:47:37.0415 7448 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    06:47:37.0453 7448 TCPIP6 - ok
    06:47:37.0500 7448 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    06:47:37.0502 7448 tcpipreg - ok
    06:47:37.0549 7448 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    06:47:37.0551 7448 TDPIPE - ok
    06:47:37.0578 7448 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    06:47:37.0580 7448 TDTCP - ok
    06:47:37.0625 7448 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    06:47:37.0625 7448 tdx - ok
    06:47:37.0655 7448 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    06:47:37.0655 7448 TermDD - ok
    06:47:37.0717 7448 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    06:47:37.0727 7448 TermService - ok
    06:47:37.0774 7448 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    06:47:37.0778 7448 Themes - ok
    06:47:37.0813 7448 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    06:47:37.0815 7448 THREADORDER - ok
    06:47:37.0859 7448 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    06:47:37.0863 7448 TrkWks - ok
    06:47:37.0952 7448 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    06:47:37.0954 7448 TrustedInstaller - ok
    06:47:38.0012 7448 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    06:47:38.0014 7448 tssecsrv - ok
    06:47:38.0098 7448 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    06:47:38.0099 7448 tunnel - ok
    06:47:38.0121 7448 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    06:47:38.0121 7448 uagp35 - ok
    06:47:38.0171 7448 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    06:47:38.0171 7448 udfs - ok
    06:47:38.0224 7448 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    06:47:38.0227 7448 UI0Detect - ok
    06:47:38.0263 7448 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    06:47:38.0263 7448 uliagpkx - ok
    06:47:38.0293 7448 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    06:47:38.0294 7448 umbus - ok
    06:47:38.0330 7448 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    06:47:38.0332 7448 UmPass - ok
    06:47:38.0367 7448 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    06:47:38.0372 7448 upnphost - ok
    06:47:38.0439 7448 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    06:47:38.0440 7448 USBAAPL64 - ok
    06:47:38.0475 7448 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    06:47:38.0475 7448 usbccgp - ok
    06:47:38.0505 7448 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    06:47:38.0505 7448 usbcir - ok
    06:47:38.0556 7448 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    06:47:38.0557 7448 usbehci - ok
    06:47:38.0600 7448 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    06:47:38.0603 7448 usbhub - ok
    06:47:38.0659 7448 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    06:47:38.0660 7448 usbohci - ok
    06:47:38.0697 7448 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    06:47:38.0707 7448 usbprint - ok
    06:47:38.0747 7448 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    06:47:38.0747 7448 USBSTOR - ok
    06:47:38.0806 7448 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    06:47:38.0807 7448 usbuhci - ok
    06:47:38.0839 7448 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    06:47:38.0850 7448 usbvideo - ok
    06:47:38.0871 7448 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    06:47:38.0873 7448 UxSms - ok
    06:47:38.0891 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    06:47:38.0892 7448 VaultSvc - ok
    06:47:38.0918 7448 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    06:47:38.0920 7448 vdrvroot - ok
    06:47:38.0969 7448 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    06:47:38.0971 7448 vds - ok
    06:47:39.0018 7448 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    06:47:39.0019 7448 vga - ok
    06:47:39.0043 7448 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    06:47:39.0043 7448 VgaSave - ok
    06:47:39.0073 7448 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    06:47:39.0073 7448 vhdmp - ok
    06:47:39.0115 7448 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    06:47:39.0117 7448 viaide - ok
    06:47:39.0149 7448 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    06:47:39.0150 7448 volmgr - ok
    06:47:39.0186 7448 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    06:47:39.0189 7448 volmgrx - ok
    06:47:39.0235 7448 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    06:47:39.0235 7448 volsnap - ok
    06:47:39.0265 7448 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    06:47:39.0265 7448 vsmraid - ok
    06:47:39.0405 7448 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    06:47:39.0425 7448 VSS - ok
    06:47:39.0546 7448 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    06:47:39.0551 7448 vToolbarUpdater13.2.0 - ok
    06:47:39.0568 7448 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    06:47:39.0570 7448 vwifibus - ok
    06:47:39.0609 7448 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    06:47:39.0609 7448 vwififlt - ok
    06:47:39.0652 7448 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    06:47:39.0657 7448 W32Time - ok
    06:47:39.0686 7448 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    06:47:39.0687 7448 WacomPen - ok
    06:47:39.0727 7448 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    06:47:39.0729 7448 WANARP - ok
    06:47:39.0740 7448 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    06:47:39.0742 7448 Wanarpv6 - ok
    06:47:39.0821 7448 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    06:47:39.0831 7448 WatAdminSvc - ok
    06:47:39.0903 7448 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    06:47:39.0913 7448 wbengine - ok
    06:47:39.0985 7448 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    06:47:39.0985 7448 WbioSrvc - ok
    06:47:40.0050 7448 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    06:47:40.0055 7448 wcncsvc - ok
    06:47:40.0103 7448 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    06:47:40.0106 7448 WcsPlugInService - ok
    06:47:40.0152 7448 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    06:47:40.0154 7448 Wd - ok
    06:47:40.0234 7448 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    06:47:40.0242 7448 Wdf01000 - ok
    06:47:40.0272 7448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    06:47:40.0275 7448 WdiServiceHost - ok
    06:47:40.0291 7448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    06:47:40.0291 7448 WdiSystemHost - ok
    06:47:40.0345 7448 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    06:47:40.0349 7448 WebClient - ok
    06:47:40.0378 7448 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    06:47:40.0381 7448 Wecsvc - ok
    06:47:40.0423 7448 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    06:47:40.0423 7448 wercplsupport - ok
    06:47:40.0443 7448 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    06:47:40.0443 7448 WerSvc - ok
    06:47:40.0473 7448 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    06:47:40.0473 7448 WfpLwf - ok
    06:47:40.0524 7448 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    06:47:40.0526 7448 WIMMount - ok
    06:47:40.0549 7448 WinDefend - ok
    06:47:40.0560 7448 WinHttpAutoProxySvc - ok
    06:47:40.0635 7448 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    06:47:40.0635 7448 Winmgmt - ok
    06:47:40.0726 7448 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    06:47:40.0737 7448 WinRM - ok
    06:47:40.0824 7448 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    06:47:40.0825 7448 WinUsb - ok
    06:47:40.0879 7448 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    06:47:40.0889 7448 Wlansvc - ok
    06:47:41.0081 7448 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    06:47:41.0091 7448 wlidsvc - ok
    06:47:41.0169 7448 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    06:47:41.0170 7448 WmiAcpi - ok
    06:47:41.0220 7448 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    06:47:41.0222 7448 wmiApSrv - ok
    06:47:41.0260 7448 WMPNetworkSvc - ok
    06:47:41.0302 7448 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    06:47:41.0304 7448 WPCSvc - ok
    06:47:41.0341 7448 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    06:47:41.0347 7448 WPDBusEnum - ok
    06:47:41.0397 7448 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    06:47:41.0399 7448 ws2ifsl - ok
    06:47:41.0446 7448 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
    06:47:41.0449 7448 wscsvc - ok
    06:47:41.0468 7448 WSearch - ok
    06:47:41.0565 7448 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    06:47:41.0586 7448 wuauserv - ok
    06:47:41.0647 7448 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    06:47:41.0649 7448 WudfPf - ok
    06:47:41.0673 7448 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    06:47:41.0673 7448 WUDFRd - ok
    06:47:41.0723 7448 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    06:47:41.0725 7448 wudfsvc - ok
    06:47:41.0755 7448 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    06:47:41.0765 7448 WwanSvc - ok
    06:47:41.0827 7448 [ 4647FDA6E21B18824D6073801177F4F7 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    06:47:41.0827 7448 yukonw7 - ok
    06:47:41.0847 7448 ================ Scan global ===============================
    06:47:41.0887 7448 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    06:47:41.0929 7448 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
    06:47:41.0949 7448 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
    06:47:41.0979 7448 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    06:47:42.0009 7448 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    06:47:42.0009 7448 [Global] - ok
    06:47:42.0029 7448 ================ Scan MBR ==================================
    06:47:42.0053 7448 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
    06:47:42.0403 7448 \Device\Harddisk0\DR0 - ok
    06:47:42.0413 7448 ================ Scan VBR ==================================
    06:47:42.0413 7448 [ AC6EC3A8D5AF6684BE59BE4017ECB7DA ] \Device\Harddisk0\DR0\Partition1
    06:47:42.0413 7448 \Device\Harddisk0\DR0\Partition1 - ok
    06:47:42.0433 7448 [ D1586B3A651D870FD1876A0FF5447088 ] \Device\Harddisk0\DR0\Partition2
    06:47:42.0433 7448 \Device\Harddisk0\DR0\Partition2 - ok
    06:47:42.0463 7448 [ 2EC4D98D723D1052B102C861DA93E8E9 ] \Device\Harddisk0\DR0\Partition3
    06:47:42.0463 7448 \Device\Harddisk0\DR0\Partition3 - ok
    06:47:42.0463 7448 ============================================================
    06:47:42.0463 7448 Scan finished
    06:47:42.0463 7448 ============================================================
    06:47:42.0483 6428 Detected object count: 0
    06:47:42.0483 6428 Actual detected object count: 0
    06:49:49.0723 7300 Deinitialize success



    Combfixlog

    ComboFix 12-03-31.03 - Dannnnnnnn 31/03/2012 16:15:22.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4029.2665 [GMT -7:00]
    Running from: F:\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~pV6TA5bL3suGKr
    c:\programdata\~pV6TA5bL3suGKrr
    c:\programdata\pV6TA5bL3suGKr
    c:\users\Dannnnnnnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Dannnnnnnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Dannnnnnnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\windows\system\msvbvm60.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-31 23:28 . 2012-03-31 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-31 20:44 . 2012-03-31 20:44 -------- d-----w- c:\programdata\Panda Security
    2012-03-31 20:44 . 2012-03-31 20:44 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
    2012-03-31 20:43 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5564AF7D-19B9-4197-BBCF-37B26B68DE9D}\mpengine.dll
    2012-03-30 05:12 . 2012-03-30 05:12 -------- d-----w- c:\windows\SysWow64\wbem\fr-FR
    2012-03-30 05:11 . 2012-03-30 05:11 -------- d-----w- c:\windows\system32\wbem\fr-FR
    2012-03-29 17:19 . 2012-03-29 17:19 -------- d-----w- c:\users\Dannnnnnnn\AppData\Roaming\Malwarebytes
    2012-03-29 17:18 . 2012-03-29 17:18 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-29 17:18 . 2012-03-29 17:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-29 17:18 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-29 16:26 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-29 16:26 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-29 16:26 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-29 16:26 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-29 16:26 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-29 16:26 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-29 16:26 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-29 16:26 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-29 16:26 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-29 16:26 . 2012-03-29 16:26 -------- d-----w- c:\programdata\AVAST Software
    2012-03-29 16:26 . 2012-03-29 16:26 -------- d-----w- c:\program files\AVAST Software
    2012-03-18 16:08 . 2012-03-18 16:08 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-18 16:08 . 2012-03-18 16:08 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-18 01:59 . 2012-03-18 01:59 -------- d-----w- c:\program files\iTunes
    2012-03-18 01:59 . 2012-03-18 01:59 -------- d-----w- c:\program files (x86)\iTunes
    2012-03-18 01:59 . 2012-03-18 01:59 -------- d-----w- c:\program files\iPod
    2012-03-17 14:28 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-17 14:28 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-17 14:28 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 01:12 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 01:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 01:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 01:10 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 01:10 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 01:10 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 01:10 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 01:10 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 01:10 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 01:10 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 16:18 . 2011-01-16 12:34 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-19 17:18 . 2011-05-24 23:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-01-04 10:44 . 2012-02-16 00:23 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 08:58 . 2012-02-16 00:23 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 135664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSvia64.sys [2011-08-18 488568]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 14:16]
    .
    2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 14:16]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://samsung.msn.com
    mStart Page = hxxp://samsung.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    FF - ProfilePath - c:\users\Dannnnnnnn\AppData\Roaming\Mozilla\Firefox\Profiles\a2cchyej.default\
    FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4271745193-2774163658-938709683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-4271745193-2774163658-938709683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-31 16:52:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-31 23:52
    .
    Pre-Run: 141,151,989,760 bytes free
    Post-Run: 141,507,268,608 bytes free
    .
    - - End Of File - - 9EB1D853E906E1EA0D6BD3821FBD218E
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Why is Combofix running from F:\ drive and not the Desktop? Do the following:

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those two logs..
     
  9. dcarson108

    dcarson108 Thread Starter

    Joined:
    Jan 5, 2013
    Messages:
    39
    ESET Online Scanner Log:

    C:\Program Files (x86)\MocaFlix\sprotector.dll Win32/SProtector application
    C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application
    C:\ProgramData\OptimizerPro1\OptimizerPro1.exe Win32/GenUpdater application
    C:\ProgramData\OptimizerPro1\runtime.dll Win32/GenUpdater application
    C:\ProgramData\OptimizerPro1\runtime_AVG_RESTORED.dll Win32/GenUpdater application
    C:\ProgramData\OptimizerPro1\runtime_AVG_RESTORED_1.dll Win32/GenUpdater application
    C:\ProgramData\OptimizerPro1\runtime_AVG_RESTORED_2.dll Win32/GenUpdater application
    C:\ProgramData\OptimizerPro1\runtime_AVG_RESTORED_3.dll Win32/GenUpdater application
    C:\ProgramData\SaveAs\509f29e091586.ocx Win32/Adware.MultiPlug.D application
    C:\ProgramData\SaveAs\509f29e0915be.html Win32/Adware.MultiPlug.H application
    C:\ProgramData\SaveAs\509f2a99e4a83.ocx Win32/Adware.MultiPlug.D application
    C:\ProgramData\SaveAs\509f2a99e4abb.html Win32/Adware.MultiPlug.H application
    C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar145.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar250.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar26.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar36.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar9.zip Win32/Bagle.gen.zip worm
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\All Users\OptimizerPro1\OptimizerPro1.exe Win32/GenUpdater application
    C:\Users\All Users\OptimizerPro1\runtime.dll Win32/GenUpdater application
    C:\Users\All Users\OptimizerPro1\runtime_AVG_RESTORED.dll Win32/GenUpdater application
    C:\Users\All Users\OptimizerPro1\runtime_AVG_RESTORED_1.dll Win32/GenUpdater application
    C:\Users\All Users\OptimizerPro1\runtime_AVG_RESTORED_2.dll Win32/GenUpdater application
    C:\Users\All Users\OptimizerPro1\runtime_AVG_RESTORED_3.dll Win32/GenUpdater application
    C:\Users\All Users\SaveAs\509f29e091586.ocx Win32/Adware.MultiPlug.D application
    C:\Users\All Users\SaveAs\509f29e0915be.html Win32/Adware.MultiPlug.H application
    C:\Users\All Users\SaveAs\509f2a99e4a83.ocx Win32/Adware.MultiPlug.D application
    C:\Users\All Users\SaveAs\509f2a99e4abb.html Win32/Adware.MultiPlug.H application
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar145.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar250.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar26.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar36.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar9.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\Dannnn\Downloads\DownloadSetup.exe Win32/InstallMate application
    C:\Users\Dannnn\Downloads\DTLite4454-0316.exe Win32/OpenCandy application
    C:\Users\Dannnn\Downloads\SaveAs(1).exe Win32/InstalleRex.C.Gen application
    C:\Users\Dannnn\Downloads\SaveAs.exe Win32/InstalleRex.C.Gen application
    C:\Users\Dannnn\Downloads\Shinedown_Amaryllis_2012-All-Albums-(Special-Edition).exe multiple threats
    Operating memory multiple threats


    Security Check log.

    Results of screen317's Security Check version 0.99.56
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Adobe Flash Player 11.5.502.135
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Mozilla Firefox (17.0.1)
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run the following:

    Download OTM from either of the following links and save to your Desktop:

    http://oldtimer.geekstogo.com/OTM.exe.
    http://www.itxassociates.com/OT-Tools/OTM.com
    http://www.itxassociates.com/OT-Tools/OTM.exe

    Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      C:\Program Files (x86)\MocaFlix\sprotector.dll
      C:\Program Files (x86)\Optimizer Pro
      C:\ProgramData\OptimizerPro1
      C:\ProgramData\SaveAs
      C:\ProgramData\Tarma Installer
      C:\Users\All Users\OptimizerPro1
      C:\Users\All Users\SaveAs
      C:\Users\All Users\Tarma Installer
      C:\Users\Dannnn\Downloads\DownloadSetup.exe
      C:\Users\Dannnn\Downloads\DTLite4454-0316.exe
      C:\Users\Dannnn\Downloads\SaveAs(1).exe
      C:\Users\Dannnn\Downloads\SaveAs.exe
      C:\Users\Dannnn\Downloads\Shinedown_Amaryllis_2012-All-Albums-(Special-Edition).exe
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Next,

    Run the MGA Diagnostic Tool and post back the report it creates:

    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  11. dcarson108

    dcarson108 Thread Starter

    Joined:
    Jan 5, 2013
    Messages:
    39
    I'm having the internet connection problem again. I should be able to fix that when I'm home (I'm on a campus computer now) but I have to restore older settings so some of the programs I downloaded may be removed. The logs should stay saved though. Will that be a problem at all? Can I just restore old settings and do the step you posted?
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Yep, should be ok...
     
  13. dcarson108

    dcarson108 Thread Starter

    Joined:
    Jan 5, 2013
    Messages:
    39
    Hmm, didn't seem to work this time. I still can't access internet (limited connection only).
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Can you run FSS, you will need another system to d/l to USB and transfer over..

    download Farbar Service Scanner and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  15. dcarson108

    dcarson108 Thread Starter

    Joined:
    Jan 5, 2013
    Messages:
    39
    Farbar Service Scanner Version: 05-01-2013
    Ran by Dannnn (administrator) on 09-01-2013 at 21:28:24
    Running from "F:\"
    Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    afd Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
    Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.


    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error.
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error.
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-04-16 09:24] - [2013-01-04 16:39] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

    ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083926

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice