Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with Trojan Virus

Mom & Dads PC

  • Please log in to reply

#1
anseladams

anseladams

    Member

  • Member
  • PipPip
  • 11 posts

Help please.  Elderly parents have a trojan virus on their PC that I need to assist with.  Ran AVG (free version) and Malwarebytes to no avail.  OTL log & extras are below.  Any assistance you can provide would be greatly appreciated.

 

Thank you!! :wave:

 

OTL logfile created on: 2/4/2015 7:27:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 78.43% Memory free
7.50 Gb Paging File | 6.72 Gb Available in Paging File | 89.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.08 Gb Total Space | 374.86 Gb Free Space | 83.66% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.70 Gb Free Space | 99.31% Space Free | Partition Type: FAT32
 
Computer Name: THACKERS-PC | User Name: Thackers | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/04 18:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.com
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/10 18:01:06 | 000,206,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 18:01:04 | 000,626,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2015/02/04 16:50:39 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/12 10:00:48 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/19 21:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/03 13:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/26 19:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/04 00:33:14 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/08/12 10:00:48 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/03/30 06:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/30 04:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={597162E8-1F5F-42EE-BB41-5BAD7F257C0D}&mid=83c377d0028747d18b4b294607c40ae5-a3834a4881403bc714854ecdddc9fe69a0ad2753&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 22:58:56&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Thackers\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\revtrax.com/RevTraxPrintMyCoupon: C:\Users\Thackers\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2014/11/20 15:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2015/02/03 14:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/02 14:02:39 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Thackers\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 83c377d0028747d18b4b294607c40ae5-a3834a4881403bc714854ecdddc9fe69a0ad2753 --CMPID 0913a File not found
O4 - HKCU..\Run: [Global Registration] "C:\Program Files (x86)\eMachines\Registration\GREG.exe" /boot File not found
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Thackers\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 83c377d0028747d18b4b294607c40ae5-a3834a4881403bc714854ecdddc9fe69a0ad2753 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/04 14:51:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thackers\Desktop\OTL.exe
[2015/02/03 22:54:51 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/03 22:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/03 22:53:07 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/03 22:53:07 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/03 22:53:06 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/03 22:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/03 22:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/02/03 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Local\Programs
[2015/02/03 15:20:04 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Roaming\TuneUp Software
[2015/01/24 15:52:56 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Roaming\FrameworkUpdate
[2015/01/24 15:52:11 | 000,000,000 | -H-D | C] -- C:\a8157522
[2015/01/24 15:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2015/01/24 15:51:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
[2015/01/10 14:37:21 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Roaming\RevTrax
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/04 19:08:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/04 19:08:29 | 3019,399,168 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/04 19:06:07 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/04 19:06:07 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/04 19:00:25 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\eMachines Registration - Reminder Recall task.job
[2015/02/04 18:53:58 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/04 18:53:58 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/04 18:53:58 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/04 18:47:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/04 17:28:12 | 165,541,227 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2015/02/04 14:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thackers\Desktop\OTL.exe
[2015/02/04 12:06:38 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/03 22:53:45 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/03 15:02:32 | 000,045,774 | ---- | M] () -- C:\Users\Thackers\Documents\HELP_DECRYPT.PNG
[2015/02/03 15:02:32 | 000,008,554 | ---- | M] () -- C:\Users\Thackers\Documents\HELP_DECRYPT.HTML
[2015/02/03 15:02:32 | 000,000,276 | ---- | M] () -- C:\Users\Thackers\Documents\HELP_DECRYPT.URL
[2015/02/03 14:51:50 | 000,045,774 | ---- | M] () -- C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.PNG
[2015/02/03 14:51:50 | 000,008,554 | ---- | M] () -- C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML
[2015/02/03 14:51:50 | 000,000,276 | ---- | M] () -- C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL
[2015/02/03 14:40:25 | 000,045,774 | ---- | M] () -- C:\Users\Thackers\AppData\Local\HELP_DECRYPT.PNG
[2015/02/03 14:40:25 | 000,008,554 | ---- | M] () -- C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML
[2015/02/03 14:40:25 | 000,000,276 | ---- | M] () -- C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL
[2015/02/03 14:40:06 | 000,045,774 | ---- | M] () -- C:\ProgramData\HELP_DECRYPT.PNG
[2015/02/03 14:40:06 | 000,008,554 | ---- | M] () -- C:\ProgramData\HELP_DECRYPT.HTML
[2015/02/03 14:40:06 | 000,000,276 | ---- | M] () -- C:\ProgramData\HELP_DECRYPT.URL
[2015/01/24 15:54:04 | 000,000,416 | -H-- | M] () -- C:\ProgramData\@system3.att
[2015/01/24 15:53:48 | 000,000,680 | ---- | M] () -- C:\ProgramData\@system.temp
[2015/01/11 18:51:58 | 000,161,502 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
 
========== Files Created - No Company Name ==========
 
[2015/02/03 22:53:45 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/03 15:02:32 | 000,045,774 | ---- | C] () -- C:\Users\Thackers\Documents\HELP_DECRYPT.PNG
[2015/02/03 15:02:32 | 000,008,554 | ---- | C] () -- C:\Users\Thackers\Documents\HELP_DECRYPT.HTML
[2015/02/03 15:02:32 | 000,000,276 | ---- | C] () -- C:\Users\Thackers\Documents\HELP_DECRYPT.URL
[2015/02/03 14:51:50 | 000,045,774 | ---- | C] () -- C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.PNG
[2015/02/03 14:51:50 | 000,008,554 | ---- | C] () -- C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML
[2015/02/03 14:51:50 | 000,000,276 | ---- | C] () -- C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL
[2015/02/03 14:40:25 | 000,045,774 | ---- | C] () -- C:\Users\Thackers\AppData\Local\HELP_DECRYPT.PNG
[2015/02/03 14:40:25 | 000,008,554 | ---- | C] () -- C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML
[2015/02/03 14:40:25 | 000,000,276 | ---- | C] () -- C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL
[2015/02/03 14:40:06 | 000,045,774 | ---- | C] () -- C:\ProgramData\HELP_DECRYPT.PNG
[2015/02/03 14:40:06 | 000,008,554 | ---- | C] () -- C:\ProgramData\HELP_DECRYPT.HTML
[2015/02/03 14:40:06 | 000,000,276 | ---- | C] () -- C:\ProgramData\HELP_DECRYPT.URL
[2015/01/24 15:54:04 | 000,000,416 | -H-- | C] () -- C:\ProgramData\@system3.att
[2015/01/24 15:53:48 | 000,000,680 | ---- | C] () -- C:\ProgramData\@system.temp
[2014/02/24 23:18:13 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/11 10:46:57 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\AVG2012
[2013/05/22 19:55:21 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\Catalina – Print Savings
[2015/02/03 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2015/02/03 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\FrameworkUpdate
[2011/11/11 10:17:29 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\OEM
[2015/01/10 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\RevTrax
[2015/02/03 15:20:04 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\TuneUp Software
[2012/02/20 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2015/01/24 15:53:23 | 000,000,480 | -H-- | M] ()(C:\Users\Thackers\AppData\Roaming\????) -- C:\Users\Thackers\AppData\Roaming\麽鎒駓覜
[2015/01/24 15:53:23 | 000,000,480 | -H-- | C] ()(C:\Users\Thackers\AppData\Roaming\????) -- C:\Users\Thackers\AppData\Roaming\麽鎒駓覜

< End of report >
 

OTL Extras logfile created on: 2/4/2015 7:27:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 78.43% Memory free
7.50 Gb Paging File | 6.72 Gb Available in Paging File | 89.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.08 Gb Total Space | 374.86 Gb Free Space | 83.66% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.70 Gb Free Space | 99.31% Space Free | Partition Type: FAT32
 
Computer Name: THACKERS-PC | User Name: Thackers | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0508FC73-10FC-452F-9DCE-A86886FEE32B}" = rport=138 | protocol=17 | dir=out | app=system |
"{06838D7D-BA4A-41FE-A3BF-B8A2E4C82857}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CFCCBF6-A235-4846-8A58-5A2C99E4ACCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2A790D7B-B3CD-4DBF-8974-EEB47738EB70}" = rport=445 | protocol=6 | dir=out | app=system |
"{2BD1D71B-143C-4548-AA1F-230623454139}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37128523-37EB-480B-8ECC-7134D03F4930}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BE0DC11-8B54-4E78-820E-A1753611CDBB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{43B57D41-9897-4676-8E04-DB462FA46F94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{67B54E65-7662-449F-8FC8-1F0A633F6FB1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84046247-E8E4-4132-8ACD-1A41DCE0A2E7}" = lport=137 | protocol=17 | dir=in | app=system |
"{871A6F97-911B-427B-86AC-8C6CD15EF081}" = lport=445 | protocol=6 | dir=in | app=system |
"{950D55F4-9573-49DE-83EA-B93D5A78204B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97B71FF7-3279-45D4-82FB-7D0D3066FB08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A056DE2D-ABAB-4C7C-BB2F-ADC7951F6377}" = rport=139 | protocol=6 | dir=out | app=system |
"{A1B72B45-4AEC-4B43-8E4D-D37DA43AA338}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A535DCEB-7196-4BCD-B5E3-36450240659F}" = rport=137 | protocol=17 | dir=out | app=system |
"{ACF27CDA-4E26-4EE8-B9FA-2913B6731C5B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B19EA05F-962E-4AFE-9BC9-4C09E0856AFC}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA24308D-29DB-411A-9B0C-0E273B57AB04}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C43FF54F-3223-4165-BC1E-C5A4180ED7A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD7052D8-DA9D-4F0E-8C65-769ABCDBBBF8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE9E79D5-9569-45BF-9865-33B1CB867F89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB0DA45D-C806-4FA5-A3E0-92959CF6FC9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B978862-0D3F-4054-BAEC-F42ACAC7D2EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10933BCD-E23A-4AD7-A1A2-116E9247B67C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A2B019F-59E2-4770-92B9-A4E4ED6821CF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{2F63BCB0-FE31-46BF-8592-DD2E089A99ED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{319C4BAD-AEF7-4467-AA60-4DF99E9287BC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3DA0A713-1C9D-47F0-90B0-059E02E70B92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EC652AB-92F7-4731-A68A-C0286A7ED59E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF94365-2DE9-45FD-84FA-89E7CE4CAB43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45ACF342-B809-4E2C-AF36-D46EBA12115A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{45C55F85-8665-4E38-B730-532A97044D87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CF00132-7578-4F21-AED9-0AF95D581D31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54568AA5-7502-4D45-99C0-DC5D8F9DF48D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5457686E-35E9-48A9-A6F8-6E9E4740DC5C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{5A6EBFF7-FD0E-458C-9B9D-00C858132C07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6945F9A2-54F1-4172-B35B-D62ADB9ED0BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{756DDE3E-0613-42BE-8A3C-C7ED5CBE09F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{77F08C1A-8674-430B-ABB2-78F1C15C5F1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78520077-01F9-4662-B5A2-48A61B7DEA30}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{78F4F8D4-4B34-42D6-96AA-2CCC551F813E}" = protocol=6 | dir=out | app=system |
"{832D1C62-A0F9-47C5-9369-F67CA63CB3DD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{868DA173-8EB0-4E7D-82C1-6C8665E3D4D2}" = protocol=58 | dir=out | [email protected],-28546 |
"{9D316B13-2D8B-4D07-83D3-AB6658027A59}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9FA75C1C-89EC-4369-AF66-E4E9FDDC1776}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1A19AF3-AFDB-44AF-9133-059F79D9622A}" = protocol=58 | dir=in | [email protected],-28545 |
"{A553CBDA-7222-4E73-BAE9-18DA428B19E1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{AE1DD4D1-0BC5-445E-A2E0-9F748BCB9114}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BBE5EA12-7979-49B2-9F11-CC128FB5DBFF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{BC2F1F11-57C2-46DD-98AA-9412F5126080}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0554274-5454-422D-9B70-F7FAB26CF8E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2F98717-9041-4725-9A16-3E8606FA78C9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C56EE882-CD93-4D10-AB8F-7AC698AFF64C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{D344F954-B6C3-43FA-86E3-446F9DB777F6}" = protocol=1 | dir=in | [email protected],-28543 |
"{E03A3BC4-20C9-4A33-9365-AA37DF21F8FE}" = protocol=1 | dir=out | [email protected],-28544 |
"{E8A08EA2-6C65-49CB-9314-715F8126410C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28474575-CEFE-4867-BF5A-8DAD3EBD6463}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CF23AC94-B01E-4EB0-A48F-7F2602E2287A}" = AVG 2012
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"AVG" = AVG 2012
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E8EBBF-55F3-41FB-AC8E-373BA0436939}" = RevTraxPrintMyCoupon
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4D4FF650-A07A-48B4-9A3B-7496758D2B1A}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"eMachines Screensaver" = eMachines ScreenSaver
"Hotkey Utility" = Hotkey Utility
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/16/2014 12:02:25 PM | Computer Name = Thackers-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/16/2014 10:50:26 PM | Computer Name = Thackers-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/17/2014 5:47:38 PM | Computer Name = Thackers-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/17/2014 6:02:22 PM | Computer Name = Thackers-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 16ec    Start
 Time: 01cfea5503ff4ee8    Termination Time: 3822    Application Path: C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE    Report Id:   
 
Error - 10/18/2014 5:21:55 PM | Computer Name = Thackers-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/19/2014 8:24:50 PM | Computer Name = Thackers-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/20/2014 7:54:11 PM | Computer Name = Thackers-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/20/2014 8:59:02 PM | Computer Name = Thackers-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 47c    Start
 Time: 01cfecc0fe44bf60    Termination Time: 219    Application Path: C:\Windows\Explorer.EXE

Report
 Id: 6fd57991-58bd-11e4-b8c7-f80f4120e316  
 
Error - 10/21/2014 2:16:02 PM | Computer Name = Thackers-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/23/2014 3:03:25 PM | Computer Name = Thackers-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 2/4/2015 8:09:13 PM | Computer Name = Thackers-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/4/2015 8:09:13 PM | Computer Name = Thackers-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/4/2015 8:09:13 PM | Computer Name = Thackers-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/4/2015 8:09:13 PM | Computer Name = Thackers-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/4/2015 8:09:13 PM | Computer Name = Thackers-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/4/2015 8:10:11 PM | Computer Name = Thackers-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/4/2015 8:10:45 PM | Computer Name = Thackers-PC | Source = DCOM | ID = 10010
Description =
 
Error - 2/4/2015 8:25:58 PM | Computer Name = Thackers-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2/4/2015 8:25:58 PM | Computer Name = Thackers-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2/4/2015 8:25:58 PM | Computer Name = Thackers-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
 
< End of report >
 


Edited by anseladams, 08 February 2015 - 11:12 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP

Looks like it's one of the encryption ransomware viruses like cryptowall.  If so all of their files have been encrypted and are lost.  I don't see an active virus at the moment but let's run a few scans and see if anything comes up.

 

Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
:!: Turn off your screen saver so you can see what is going on
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Rightclick on ComboFix and select Run As Administrator to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.
 
Download TDSSKiller:
Save it to your desktop then run it by right clicking and Run As Admin.  The .exe download seems to be a little odd.  If you click on the I accept button the green Download button goes out.  Uncheck it and it comes back on and works.
 
 
If TDSSKiller alerts you that the system needs to reboot, please consent.
 
Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
 

 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    anseladams

    anseladams

      Member

    • Topic Starter
    • Member
    • PipPip
    • 11 posts

    RKinner, appreciate the help & quick reply - -

     

    aswMBR ran for very long time, scan stopped.  I did a reboot>safe mode.  Once again, aswMBR seemed to stall (ran 5 hours); scan stopped.  ComboFix, TDSSKiller, FRST were all done in safe mode.  Logs are as follows: 

     

    *******

    aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
    Run date: 2015-02-07 20:30:11
    -----------------------------
    20:30:11.471    OS Version: Windows x64 6.1.7601 Service Pack 1
    20:30:11.471    Number of processors: 2 586 0x603
    20:30:11.471    ComputerName: THACKERS-PC  UserName: Thackers
    20:31:03.232    Initialize success
    20:31:47.630    AVAST engine defs: 15020700
    20:32:08.970    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
    20:32:08.986    Disk 0 Vendor: ST350041 JC45 Size: 476940MB BusType: 3
    20:32:09.360    Disk 0 MBR read successfully
    20:32:09.360    Disk 0 MBR scan
    20:32:09.392    Disk 0 unknown MBR code
    20:32:15.101    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18000 MB offset 2048
    20:32:15.117    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 36866048
    20:32:15.148    Disk 0 default boot code
    20:32:15.179    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       458838 MB offset 37070848
    20:32:15.538    Disk 0 scanning C:\Windows\system32\drivers
    20:32:59.967    Service scanning
    20:33:38.124    Modules scanning
    20:33:40.605    AVAST engine scan C:\Windows
    20:33:43.616    AVAST engine scan C:\Windows\system32
    20:36:23.999    AVAST engine scan C:\Windows\system32\drivers
    20:36:32.096    AVAST engine scan C:\Users\Thackers
    01:07:29.292    Disk 0 statistics 6636025/0/0 @ 0.23 MB/s
    01:07:29.292    Scan stopped
    01:08:31.661    Disk 0 MBR has been saved successfully to "C:\Users\Thackers\Desktop\MBR.dat"
    01:08:31.677    The log file has been saved successfully to "C:\Users\Thackers\Desktop\aswMBR2.txt"

     

    ComboFix 15-02-02.01 - Thackers 02/08/2015   1:31.1.2 - x64 MINIMAL
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1898 [GMT -5:00]
    Running from: c:\users\Thackers\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\@system3.att
    .
    .
    CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
    You should verify if current CLSID data is correct:
    .
    HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
        (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
        AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    .
    HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
        (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
        ThreadingModel    REG_SZ    Apartment
    .
    HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
    .
    HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\
    .
    (((((((((((((((((((((((((   Files Created from 2015-01-08 to 2015-02-08  )))))))))))))))))))))))))))))))
    .
    .
    2015-02-08 07:17 . 2015-02-08 07:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2015-02-08 07:17 . 2015-02-08 07:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-02-07 22:48 . 2015-02-07 22:48 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2015-02-04 03:54 . 2015-02-04 17:06 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-04 03:53 . 2014-11-21 11:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-02-04 03:53 . 2014-11-21 11:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-04 03:53 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-02-04 03:52 . 2015-02-04 03:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-02-04 03:52 . 2015-02-04 03:52 -------- d-----w- c:\programdata\Malwarebytes
    2015-02-04 03:41 . 2015-02-04 03:41 -------- d-----w- c:\users\Thackers\AppData\Local\Programs
    2015-02-03 20:20 . 2015-02-03 20:20 -------- d-----w- c:\users\Thackers\AppData\Roaming\TuneUp Software
    2015-01-24 20:52 . 2015-02-03 19:37 -------- d-----w- c:\users\Thackers\AppData\Roaming\FrameworkUpdate
    2015-01-24 20:52 . 2015-02-03 20:08 -------- d-----w- C:\a8157522
    2015-01-24 20:51 . 2015-02-03 20:07 -------- d--h--w- c:\programdata\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
    2015-01-23 14:29 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-01-23 14:29 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
    2015-01-23 14:29 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
    2015-01-23 14:29 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
    2015-01-23 14:29 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2015-01-23 14:29 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2015-01-23 14:29 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2015-01-22 18:28 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2015-01-20 17:17 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
    2015-01-20 17:17 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
    2015-01-20 17:17 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
    2015-01-20 17:17 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2015-01-20 17:16 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2015-01-10 19:37 . 2015-01-10 19:37 -------- d-----w- c:\users\Thackers\AppData\Roaming\RevTrax
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-04 21:50 . 2012-12-29 01:42 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-04 21:50 . 2012-01-21 03:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-01-20 17:22 . 2012-11-23 20:31 113365784 ----a-w- c:\windows\system32\MRT.exe
    2014-12-13 05:09 . 2014-12-20 16:48 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-13 03:33 . 2014-12-20 16:48 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-04 02:50 . 2014-12-09 23:32 413184 ----a-w- c:\windows\system32\generaltel.dll
    2014-12-04 02:50 . 2014-12-09 23:32 741376 ----a-w- c:\windows\system32\invagent.dll
    2014-12-04 02:50 . 2014-12-09 23:32 396800 ----a-w- c:\windows\system32\devinv.dll
    2014-12-04 02:50 . 2014-12-09 23:32 830976 ----a-w- c:\windows\system32\appraiser.dll
    2014-12-04 02:50 . 2014-12-09 23:32 192000 ----a-w- c:\windows\system32\aepic.dll
    2014-12-04 02:50 . 2014-12-09 23:32 227328 ----a-w- c:\windows\system32\aepdu.dll
    2014-12-04 02:44 . 2014-12-09 23:32 1083392 ----a-w- c:\windows\system32\aeinv.dll
    2014-12-01 23:28 . 2014-12-09 23:32 1232040 ----a-w- c:\windows\system32\aitstatic.exe
    2014-11-27 01:43 . 2014-12-09 23:30 389296 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-11-22 03:13 . 2014-12-09 23:30 25059840 ----a-w- c:\windows\system32\mshtml.dll
    2014-11-22 03:06 . 2014-12-09 23:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-22 03:06 . 2014-12-09 23:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-22 02:50 . 2014-12-09 23:30 66560 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-22 02:50 . 2014-12-09 23:30 580096 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-22 02:49 . 2014-12-09 23:30 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-22 02:49 . 2014-12-09 23:30 2885120 ----a-w- c:\windows\system32\iertutil.dll
    2014-11-22 02:48 . 2014-12-09 23:30 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-22 02:41 . 2014-12-09 23:30 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2014-11-22 02:40 . 2014-12-09 23:30 34304 ----a-w- c:\windows\system32\iernonce.dll
    2014-11-22 02:37 . 2014-12-09 23:30 633856 ----a-w- c:\windows\system32\ieui.dll
    2014-11-22 02:35 . 2014-12-09 23:30 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-22 02:34 . 2014-12-09 23:30 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-22 02:34 . 2014-12-09 23:30 6039552 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-22 02:26 . 2014-12-09 23:30 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-22 02:22 . 2014-12-09 23:30 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-11-22 02:20 . 2014-12-09 23:30 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-11-22 02:14 . 2014-12-09 23:30 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 02:09 . 2014-12-09 23:30 199680 ----a-w- c:\windows\system32\msrating.dll
    2014-11-22 02:08 . 2014-12-09 23:30 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2014-11-22 02:07 . 2014-12-09 23:30 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-11-22 02:07 . 2014-12-09 23:30 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-11-22 02:06 . 2014-12-09 23:30 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05 . 2014-12-09 23:30 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-11-22 02:05 . 2014-12-09 23:30 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2014-11-22 01:54 . 2014-12-09 23:30 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-11-22 01:49 . 2014-12-09 23:30 718848 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-11-22 01:49 . 2014-12-09 23:30 800768 ----a-w- c:\windows\system32\msfeeds.dll
    2014-11-22 01:47 . 2014-12-09 23:30 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-22 01:46 . 2014-12-09 23:30 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-22 01:43 . 2014-12-09 23:30 14412800 ----a-w- c:\windows\system32\ieframe.dll
    2014-11-22 01:40 . 2014-12-09 23:30 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29 . 2014-12-09 23:30 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-11-22 01:28 . 2014-12-09 23:30 2358272 ----a-w- c:\windows\system32\wininet.dll
    2014-11-22 01:22 . 2014-12-09 23:30 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21 . 2014-12-09 23:30 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:15 . 2014-12-09 23:30 1548288 ----a-w- c:\windows\system32\urlmon.dll
    2014-11-22 01:03 . 2014-12-09 23:30 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-11-22 01:00 . 2014-12-09 23:30 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-11-19 09:31 . 2014-11-19 09:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
    2014-11-11 03:09 . 2014-12-09 23:31 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-11-11 03:08 . 2014-11-20 20:53 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-20 20:53 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-12-09 23:31 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44 . 2014-11-20 20:53 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-20 20:53 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-11 01:46 . 2014-12-09 23:30 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2014-08-29 21:00 3627032 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll" [2014-08-29 3627032]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
    "Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-11-08 898952]
    "vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-08-29 2640408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
    R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
    R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 21:50]
    .
    2013-01-25 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-Global Registration - c:\program files (x86)\eMachines\Registration\GREG.exe
    Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Thackers\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
    Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\Thackers\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1853160511-3213668173-3947774843-1000_Classes\clsid]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-1853160511-3213668173-3947774843-1000_Classes\clsid\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-02-08  02:22:28
    ComboFix-quarantined-files.txt  2015-02-08 07:22
    .
    Pre-Run: 401,440,579,584 bytes free
    Post-Run: 415,991,635,968 bytes free
    .
    - - End Of File - - 30D0A8DACB42F0923D35A4B074A97179
    70E629B51C16B3C007730C6AE57144C9

     

    03:12:18.0774 0x06fc  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
    03:13:05.0450 0x06fc  ============================================================
    03:13:05.0450 0x06fc  Current date / time: 2015/02/08 03:13:05.0450
    03:13:05.0450 0x06fc  SystemInfo:
    03:13:05.0450 0x06fc 
    03:13:05.0450 0x06fc  OS Version: 6.1.7601 ServicePack: 1.0
    03:13:05.0450 0x06fc  Product type: Workstation
    03:13:05.0465 0x06fc  ComputerName: THACKERS-PC
    03:13:05.0465 0x06fc  UserName: Thackers
    03:13:05.0465 0x06fc  Windows directory: C:\Windows
    03:13:05.0465 0x06fc  System windows directory: C:\Windows
    03:13:05.0465 0x06fc  Running under WOW64
    03:13:05.0465 0x06fc  Processor architecture: Intel x64
    03:13:05.0465 0x06fc  Number of processors: 2
    03:13:05.0465 0x06fc  Page size: 0x1000
    03:13:05.0465 0x06fc  Boot type: Safe boot
    03:13:05.0465 0x06fc  ============================================================
    03:13:06.0729 0x06fc  KLMD registered as C:\Windows\system32\drivers\74563543.sys
    03:13:06.0947 0x06fc  System UUID: {0C62F5A0-D990-71BD-65CB-D9D73F87900C}
    03:13:07.0384 0x06fc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:13:07.0384 0x06fc  ============================================================
    03:13:07.0384 0x06fc  \Device\Harddisk0\DR0:
    03:13:07.0384 0x06fc  MBR partitions:
    03:13:07.0384 0x06fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
    03:13:07.0384 0x06fc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x3802B030
    03:13:07.0384 0x06fc  ============================================================
    03:13:07.0415 0x06fc  C: <-> \Device\Harddisk0\DR0\Partition2
    03:13:07.0415 0x06fc  ============================================================
    03:13:07.0415 0x06fc  Initialize success
    03:13:07.0415 0x06fc  ============================================================
    03:15:36.0957 0x0350  ============================================================
    03:15:36.0957 0x0350  Scan started
    03:15:36.0957 0x0350  Mode: Manual;
    03:15:36.0957 0x0350  ============================================================
    03:15:36.0957 0x0350  KSN ping started
    03:15:37.0004 0x0350  KSN ping finished: false
    03:15:37.0581 0x0350  ================ Scan system memory ========================
    03:15:37.0581 0x0350  Scan was interrupted by user!
    03:15:37.0628 0x0350  AV detected via SS2: AVG Anti-Virus Free Edition 2012, C:\Program Files (x86)\AVG\AVG2012\avgwsc.exe ( 12.0.0.2222 ), 0x40000 ( disabled : updated )
    03:15:37.0659 0x0350  Win FW state via NFP2: enabled
    03:15:37.0674 0x0350  ============================================================
    03:15:37.0674 0x0350  Scan finished
    03:15:37.0674 0x0350  ============================================================
    03:15:37.0674 0x03f8  Detected object count: 0
    03:15:37.0674 0x03f8  Actual detected object count: 0
    03:15:51.0028 0x075c  ============================================================
    03:15:51.0028 0x075c  Scan started
    03:15:51.0028 0x075c  Mode: Manual;
    03:15:51.0028 0x075c  ============================================================
    03:15:51.0028 0x075c  KSN ping started
    03:15:51.0028 0x075c  KSN ping finished: false
    03:15:51.0340 0x075c  ================ Scan system memory ========================
    03:15:51.0340 0x075c  System memory - ok
    03:15:51.0340 0x075c  ================ Scan services =============================
    03:15:51.0449 0x075c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
    03:15:51.0449 0x075c  1394ohci - ok
    03:15:51.0465 0x075c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
    03:15:51.0480 0x075c  ACPI - ok
    03:15:51.0480 0x075c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
    03:15:51.0480 0x075c  AcpiPmi - ok
    03:15:51.0558 0x075c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    03:15:51.0558 0x075c  AdobeFlashPlayerUpdateSvc - ok
    03:15:51.0605 0x075c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
    03:15:51.0605 0x075c  adp94xx - ok
    03:15:51.0636 0x075c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
    03:15:51.0636 0x075c  adpahci - ok
    03:15:51.0652 0x075c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
    03:15:51.0652 0x075c  adpu320 - ok
    03:15:51.0668 0x075c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
    03:15:51.0668 0x075c  AeLookupSvc - ok
    03:15:51.0730 0x075c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
    03:15:51.0730 0x075c  AFD - ok
    03:15:51.0746 0x075c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
    03:15:51.0746 0x075c  agp440 - ok
    03:15:51.0761 0x075c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
    03:15:51.0761 0x075c  ALG - ok
    03:15:51.0808 0x075c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
    03:15:51.0808 0x075c  aliide - ok
    03:15:51.0824 0x075c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
    03:15:51.0824 0x075c  amdide - ok
    03:15:51.0839 0x075c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
    03:15:51.0839 0x075c  AmdK8 - ok
    03:15:51.0855 0x075c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
    03:15:51.0855 0x075c  AmdPPM - ok
    03:15:51.0870 0x075c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
    03:15:51.0886 0x075c  amdsata - ok
    03:15:51.0886 0x075c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
    03:15:51.0886 0x075c  amdsbs - ok
    03:15:51.0902 0x075c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
    03:15:51.0902 0x075c  amdxata - ok
    03:15:51.0933 0x075c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
    03:15:51.0933 0x075c  AppID - ok
    03:15:51.0948 0x075c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
    03:15:51.0948 0x075c  AppIDSvc - ok
    03:15:51.0995 0x075c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
    03:15:51.0995 0x075c  Appinfo - ok
    03:15:52.0042 0x075c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
    03:15:52.0042 0x075c  arc - ok
    03:15:52.0042 0x075c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
    03:15:52.0058 0x075c  arcsas - ok
    03:15:52.0338 0x075c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    03:15:52.0338 0x075c  aspnet_state - ok
    03:15:52.0385 0x075c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
    03:15:52.0385 0x075c  AsyncMac - ok
    03:15:52.0416 0x075c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
    03:15:52.0416 0x075c  atapi - ok
    03:15:52.0463 0x075c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    03:15:52.0479 0x075c  AudioEndpointBuilder - ok
    03:15:52.0494 0x075c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
    03:15:52.0510 0x075c  AudioSrv - ok
    03:15:52.0791 0x075c  [ AB673BA95E8FA446E9C00AA7A34B96DA, 6CDFAEAD9BB8396D6F4BE2A409470760CBF4391CE1AFB3FF8DFA3277BBA7D957 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    03:15:52.0869 0x075c  AVGIDSAgent - ok
    03:15:52.0931 0x075c  [ 633360E94804E7BAFE642017817C9413, 95408683E311E7B24B16F0F8BC8E96D52844E739A9A8EC0BF97BBB73B9DA3932 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    03:15:52.0931 0x075c  AVGIDSDriver - ok
    03:15:52.0962 0x075c  [ 0F293406F64B48D5D2F0D3A1117F3A83, 5399AF098CA95231797EB1A37594919D1271E37FC363D3641EC07627E4711CA5 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    03:15:52.0962 0x075c  AVGIDSFilter - ok
    03:15:52.0978 0x075c  [ CFFC3A4A638F462E0561CB368B9A7A3A, A9258122D54D6B2DF71E9682A30FA9F74035CE1C60C350FB9012F4AAB2D89C63 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
    03:15:52.0978 0x075c  AVGIDSHA - ok
    03:15:53.0009 0x075c  [ BE8BC5D10ABA05D7F6E79D8296906C86, 2A39CD0887F50DF223D36FDD9C202277D84DF998E7D9AEE31A374507C510A687 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
    03:15:53.0025 0x075c  Avgldx64 - ok
    03:15:53.0056 0x075c  [ A6AEC362AAE5E2DDA7445E7690CB0F33, 64FCE35E71AC1105720B845D2C87FF8FC94353A69AD43DAF7F81A543DDA6462C ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
    03:15:53.0056 0x075c  Avgmfx64 - ok
    03:15:53.0103 0x075c  [ 645C7F0A0E39758A0024A9B1748273C0, 9EDC8D2C40EF49BA2C2A6BEED0D1EDE348D58EF57F27894D6E2021BCA864D940 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
    03:15:53.0103 0x075c  Avgrkx64 - ok
    03:15:53.0150 0x075c  [ CAFCAF8A8870B607AD7C20BA4C1EB23D, 0DE0D4F3547CB109C7CFD68AAD23A4ADE0B936CED504EF3AC38BFDBEDCA9E83C ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
    03:15:53.0150 0x075c  Avgtdia - ok
    03:15:53.0212 0x075c  [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
    03:15:53.0212 0x075c  avgtp - ok
    03:15:53.0243 0x075c  [ EA1145DEBCD508FD25BD1E95C4346929, E6D9C84C61DBD69726E4B5BB081B53330E9F7662374D539CF25D8EE3539B9885 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    03:15:53.0243 0x075c  avgwd - ok
    03:15:53.0290 0x075c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
    03:15:53.0290 0x075c  AxInstSV - ok
    03:15:53.0321 0x075c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
    03:15:53.0337 0x075c  b06bdrv - ok
    03:15:53.0352 0x075c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
    03:15:53.0352 0x075c  b57nd60a - ok
    03:15:53.0352 0x075c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
    03:15:53.0368 0x075c  BDESVC - ok
    03:15:53.0368 0x075c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
    03:15:53.0368 0x075c  Beep - ok
    03:15:53.0399 0x075c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
    03:15:53.0415 0x075c  BFE - ok
    03:15:53.0446 0x075c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
    03:15:53.0462 0x075c  BITS - ok
    03:15:53.0493 0x075c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
    03:15:53.0493 0x075c  blbdrive - ok
    03:15:53.0524 0x075c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
    03:15:53.0524 0x075c  bowser - ok
    03:15:53.0540 0x075c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
    03:15:53.0540 0x075c  BrFiltLo - ok
    03:15:53.0540 0x075c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
    03:15:53.0540 0x075c  BrFiltUp - ok
    03:15:53.0571 0x075c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
    03:15:53.0571 0x075c  BridgeMP - ok
    03:15:53.0586 0x075c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
    03:15:53.0602 0x075c  Browser - ok
    03:15:53.0602 0x075c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
    03:15:53.0618 0x075c  Brserid - ok
    03:15:53.0618 0x075c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
    03:15:53.0618 0x075c  BrSerWdm - ok
    03:15:53.0618 0x075c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
    03:15:53.0618 0x075c  BrUsbMdm - ok
    03:15:53.0618 0x075c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
    03:15:53.0618 0x075c  BrUsbSer - ok
    03:15:53.0633 0x075c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
    03:15:53.0633 0x075c  BTHMODEM - ok
    03:15:53.0680 0x075c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
    03:15:53.0680 0x075c  bthserv - ok
    03:15:53.0680 0x075c  catchme - ok
    03:15:53.0696 0x075c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
    03:15:53.0711 0x075c  cdfs - ok
    03:15:53.0727 0x075c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
    03:15:53.0727 0x075c  cdrom - ok
    03:15:53.0742 0x075c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
    03:15:53.0742 0x075c  CertPropSvc - ok
    03:15:53.0742 0x075c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
    03:15:53.0742 0x075c  circlass - ok
    03:15:53.0758 0x075c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
    03:15:53.0774 0x075c  CLFS - ok
    03:15:53.0820 0x075c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:15:53.0820 0x075c  clr_optimization_v2.0.50727_32 - ok
    03:15:53.0867 0x075c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    03:15:53.0883 0x075c  clr_optimization_v2.0.50727_64 - ok
    03:15:54.0101 0x075c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:15:54.0101 0x075c  clr_optimization_v4.0.30319_32 - ok
    03:15:54.0101 0x075c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    03:15:54.0117 0x075c  clr_optimization_v4.0.30319_64 - ok
    03:15:54.0148 0x075c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
    03:15:54.0148 0x075c  CmBatt - ok
    03:15:54.0164 0x075c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
    03:15:54.0164 0x075c  cmdide - ok
    03:15:54.0210 0x075c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
    03:15:54.0210 0x075c  CNG - ok
    03:15:54.0226 0x075c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
    03:15:54.0226 0x075c  Compbatt - ok
    03:15:54.0242 0x075c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
    03:15:54.0242 0x075c  CompositeBus - ok
    03:15:54.0257 0x075c  COMSysApp - ok
    03:15:54.0257 0x075c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
    03:15:54.0257 0x075c  crcdisk - ok
    03:15:54.0304 0x075c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
    03:15:54.0320 0x075c  CryptSvc - ok
    03:15:54.0351 0x075c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
    03:15:54.0366 0x075c  DcomLaunch - ok
    03:15:54.0382 0x075c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
    03:15:54.0398 0x075c  defragsvc - ok
    03:15:54.0398 0x075c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
    03:15:54.0398 0x075c  DfsC - ok
    03:15:54.0413 0x075c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
    03:15:54.0413 0x075c  Dhcp - ok
    03:15:54.0429 0x075c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
    03:15:54.0429 0x075c  discache - ok
    03:15:54.0444 0x075c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
    03:15:54.0444 0x075c  Disk - ok
    03:15:54.0476 0x075c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
    03:15:54.0476 0x075c  Dnscache - ok
    03:15:54.0491 0x075c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
    03:15:54.0491 0x075c  dot3svc - ok
    03:15:54.0507 0x075c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
    03:15:54.0507 0x075c  DPS - ok
    03:15:54.0554 0x075c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
    03:15:54.0554 0x075c  drmkaud - ok
    03:15:54.0600 0x075c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
    03:15:54.0616 0x075c  DXGKrnl - ok
    03:15:54.0647 0x075c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
    03:15:54.0647 0x075c  EapHost - ok
    03:15:54.0741 0x075c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
    03:15:54.0788 0x075c  ebdrv - ok
    03:15:54.0834 0x075c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
    03:15:54.0834 0x075c  EFS - ok
    03:15:54.0928 0x075c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
    03:15:54.0944 0x075c  ehRecvr - ok
    03:15:54.0959 0x075c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
    03:15:54.0959 0x075c  ehSched - ok
    03:15:54.0990 0x075c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
    03:15:55.0006 0x075c  elxstor - ok
    03:15:55.0006 0x075c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
    03:15:55.0006 0x075c  ErrDev - ok
    03:15:55.0053 0x075c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
    03:15:55.0068 0x075c  EventSystem - ok
    03:15:55.0084 0x075c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
    03:15:55.0084 0x075c  exfat - ok
    03:15:55.0100 0x075c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
    03:15:55.0100 0x075c  fastfat - ok
    03:15:55.0131 0x075c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
    03:15:55.0146 0x075c  Fax - ok
    03:15:55.0146 0x075c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
    03:15:55.0146 0x075c  fdc - ok
    03:15:55.0162 0x075c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
    03:15:55.0162 0x075c  fdPHost - ok
    03:15:55.0178 0x075c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
    03:15:55.0178 0x075c  FDResPub - ok
    03:15:55.0193 0x075c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
    03:15:55.0193 0x075c  FileInfo - ok
    03:15:55.0193 0x075c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
    03:15:55.0209 0x075c  Filetrace - ok
    03:15:55.0209 0x075c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
    03:15:55.0209 0x075c  flpydisk - ok
    03:15:55.0209 0x075c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
    03:15:55.0224 0x075c  FltMgr - ok
    03:15:55.0271 0x075c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
    03:15:55.0287 0x075c  FontCache - ok
    03:15:55.0318 0x075c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    03:15:55.0318 0x075c  FontCache3.0.0.0 - ok
    03:15:55.0427 0x075c  [ 52B58A46BEEFB238C580B69FD051CB5B, 6C3B92F953DD55619BD6F0876850A441CAF7774EB873196F567F6A1C0D8CF182 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    03:15:55.0443 0x075c  ForceWare Intelligent Application Manager (IAM) - ok
    03:15:55.0458 0x075c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
    03:15:55.0458 0x075c  FsDepends - ok
    03:15:55.0474 0x075c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
    03:15:55.0490 0x075c  Fs_Rec - ok
    03:15:55.0521 0x075c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
    03:15:55.0521 0x075c  fvevol - ok
    03:15:55.0552 0x075c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
    03:15:55.0552 0x075c  gagp30kx - ok
    03:15:55.0583 0x075c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
    03:15:55.0599 0x075c  gpsvc - ok
    03:15:55.0614 0x075c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
    03:15:55.0614 0x075c  hcw85cir - ok
    03:15:55.0646 0x075c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    03:15:55.0646 0x075c  HdAudAddService - ok
    03:15:55.0677 0x075c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
    03:15:55.0677 0x075c  HDAudBus - ok
    03:15:55.0677 0x075c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
    03:15:55.0677 0x075c  HidBatt - ok
    03:15:55.0677 0x075c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
    03:15:55.0677 0x075c  HidBth - ok
    03:15:55.0692 0x075c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
    03:15:55.0692 0x075c  HidIr - ok
    03:15:55.0692 0x075c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
    03:15:55.0692 0x075c  hidserv - ok
    03:15:55.0724 0x075c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
    03:15:55.0724 0x075c  HidUsb - ok
    03:15:55.0739 0x075c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
    03:15:55.0739 0x075c  hkmsvc - ok
    03:15:55.0755 0x075c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    03:15:55.0755 0x075c  HomeGroupListener - ok
    03:15:55.0786 0x075c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    03:15:55.0786 0x075c  HomeGroupProvider - ok
    03:15:55.0817 0x075c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
    03:15:55.0817 0x075c  HpSAMD - ok
    03:15:55.0848 0x075c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
    03:15:55.0864 0x075c  HTTP - ok
    03:15:55.0880 0x075c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
    03:15:55.0880 0x075c  hwpolicy - ok
    03:15:55.0880 0x075c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
    03:15:55.0880 0x075c  i8042prt - ok
    03:15:55.0911 0x075c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
    03:15:55.0911 0x075c  iaStorV - ok
    03:15:55.0958 0x075c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    03:15:55.0973 0x075c  idsvc - ok
    03:15:56.0004 0x075c  IEEtwCollectorService - ok
    03:15:56.0020 0x075c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
    03:15:56.0020 0x075c  iirsp - ok
    03:15:56.0082 0x075c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
    03:15:56.0098 0x075c  IKEEXT - ok
    03:15:56.0192 0x075c  [ 2E3B99E8C23BE2BF32EBE1DB5261F275, F78C556A5152568301E8F8A2B02B154D802448D5402AB916AF8F59A95FDF479D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    03:15:56.0223 0x075c  IntcAzAudAddService - ok
    03:15:56.0254 0x075c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
    03:15:56.0254 0x075c  intelide - ok
    03:15:56.0270 0x075c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
    03:15:56.0270 0x075c  intelppm - ok
    03:15:56.0285 0x075c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
    03:15:56.0285 0x075c  IPBusEnum - ok
    03:15:56.0285 0x075c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:15:56.0301 0x075c  IpFilterDriver - ok
    03:15:56.0348 0x075c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
    03:15:56.0348 0x075c  iphlpsvc - ok
    03:15:56.0363 0x075c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
    03:15:56.0363 0x075c  IPMIDRV - ok
    03:15:56.0379 0x075c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
    03:15:56.0379 0x075c  IPNAT - ok
    03:15:56.0410 0x075c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
    03:15:56.0410 0x075c  IRENUM - ok
    03:15:56.0426 0x075c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
    03:15:56.0426 0x075c  isapnp - ok
    03:15:56.0441 0x075c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
    03:15:56.0457 0x075c  iScsiPrt - ok
    03:15:56.0457 0x075c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
    03:15:56.0457 0x075c  kbdclass - ok
    03:15:56.0457 0x075c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
    03:15:56.0457 0x075c  kbdhid - ok
    03:15:56.0488 0x075c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
    03:15:56.0488 0x075c  KeyIso - ok
    03:15:56.0504 0x075c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
    03:15:56.0504 0x075c  KSecDD - ok
    03:15:56.0566 0x075c  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
    03:15:56.0566 0x075c  KSecPkg - ok
    03:15:56.0566 0x075c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
    03:15:56.0566 0x075c  ksthunk - ok
    03:15:56.0597 0x075c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
    03:15:56.0597 0x075c  KtmRm - ok
    03:15:56.0628 0x075c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
    03:15:56.0644 0x075c  LanmanServer - ok
    03:15:56.0660 0x075c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    03:15:56.0675 0x075c  LanmanWorkstation - ok
    03:15:56.0706 0x075c  [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    03:15:56.0722 0x075c  Live Updater Service - ok
    03:15:56.0738 0x075c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
    03:15:56.0738 0x075c  lltdio - ok
    03:15:56.0769 0x075c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
    03:15:56.0784 0x075c  lltdsvc - ok
    03:15:56.0800 0x075c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
    03:15:56.0800 0x075c  lmhosts - ok
    03:15:56.0816 0x075c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
    03:15:56.0816 0x075c  LSI_FC - ok
    03:15:56.0831 0x075c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
    03:15:56.0831 0x075c  LSI_SAS - ok
    03:15:56.0847 0x075c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
    03:15:56.0847 0x075c  LSI_SAS2 - ok
    03:15:56.0847 0x075c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
    03:15:56.0847 0x075c  LSI_SCSI - ok
    03:15:56.0862 0x075c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
    03:15:56.0862 0x075c  luafv - ok
    03:15:56.0862 0x075c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
    03:15:56.0862 0x075c  Mcx2Svc - ok
    03:15:56.0878 0x075c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
    03:15:56.0878 0x075c  megasas - ok
    03:15:56.0894 0x075c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
    03:15:56.0894 0x075c  MegaSR - ok
    03:15:57.0018 0x075c  Microsoft SharePoint Workspace Audit Service - ok
    03:15:57.0050 0x075c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
    03:15:57.0050 0x075c  MMCSS - ok
    03:15:57.0050 0x075c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
    03:15:57.0050 0x075c  Modem - ok
    03:15:57.0081 0x075c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
    03:15:57.0081 0x075c  monitor - ok
    03:15:57.0081 0x075c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
    03:15:57.0081 0x075c  mouclass - ok
    03:15:57.0096 0x075c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
    03:15:57.0096 0x075c  mouhid - ok
    03:15:57.0096 0x075c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
    03:15:57.0096 0x075c  mountmgr - ok
    03:15:57.0112 0x075c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
    03:15:57.0112 0x075c  mpio - ok
    03:15:57.0128 0x075c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
    03:15:57.0128 0x075c  mpsdrv - ok
    03:15:57.0159 0x075c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
    03:15:57.0174 0x075c  MpsSvc - ok
    03:15:57.0206 0x075c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
    03:15:57.0206 0x075c  MRxDAV - ok
    03:15:57.0221 0x075c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:15:57.0237 0x075c  mrxsmb - ok
    03:15:57.0252 0x075c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:15:57.0252 0x075c  mrxsmb10 - ok
    03:15:57.0268 0x075c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:15:57.0268 0x075c  mrxsmb20 - ok
    03:15:57.0284 0x075c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
    03:15:57.0284 0x075c  msahci - ok
    03:15:57.0299 0x075c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
    03:15:57.0299 0x075c  msdsm - ok
    03:15:57.0330 0x075c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
    03:15:57.0330 0x075c  MSDTC - ok
    03:15:57.0346 0x075c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
    03:15:57.0346 0x075c  Msfs - ok
    03:15:57.0362 0x075c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
    03:15:57.0362 0x075c  mshidkmdf - ok
    03:15:57.0362 0x075c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
    03:15:57.0362 0x075c  msisadrv - ok
    03:15:57.0393 0x075c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
    03:15:57.0393 0x075c  MSiSCSI - ok
    03:15:57.0393 0x075c  msiserver - ok
    03:15:57.0408 0x075c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
    03:15:57.0408 0x075c  MSKSSRV - ok
    03:15:57.0408 0x075c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
    03:15:57.0408 0x075c  MSPCLOCK - ok
    03:15:57.0424 0x075c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
    03:15:57.0424 0x075c  MSPQM - ok
    03:15:57.0424 0x075c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
    03:15:57.0440 0x075c  MsRPC - ok
    03:15:57.0440 0x075c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
    03:15:57.0440 0x075c  mssmbios - ok
    03:15:57.0455 0x075c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
    03:15:57.0455 0x075c  MSTEE - ok
    03:15:57.0455 0x075c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
    03:15:57.0455 0x075c  MTConfig - ok
    03:15:57.0471 0x075c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
    03:15:57.0471 0x075c  Mup - ok
    03:15:57.0486 0x075c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
    03:15:57.0502 0x075c  napagent - ok
    03:15:57.0533 0x075c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
    03:15:57.0549 0x075c  NativeWifiP - ok
    03:15:57.0596 0x075c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
    03:15:57.0611 0x075c  NDIS - ok
    03:15:57.0642 0x075c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
    03:15:57.0642 0x075c  NdisCap - ok
    03:15:57.0658 0x075c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
    03:15:57.0658 0x075c  NdisTapi - ok
    03:15:57.0658 0x075c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
    03:15:57.0658 0x075c  Ndisuio - ok
    03:15:57.0674 0x075c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
    03:15:57.0674 0x075c  NdisWan - ok
    03:15:57.0689 0x075c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
    03:15:57.0689 0x075c  NDProxy - ok
    03:15:57.0705 0x075c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
    03:15:57.0705 0x075c  NetBIOS - ok
    03:15:57.0705 0x075c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
    03:15:57.0720 0x075c  NetBT - ok
    03:15:57.0736 0x075c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
    03:15:57.0736 0x075c  Netlogon - ok
    03:15:57.0783 0x075c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
    03:15:57.0783 0x075c  Netman - ok
    03:15:57.0845 0x075c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    03:15:57.0845 0x075c  NetMsmqActivator - ok
    03:15:57.0876 0x075c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    03:15:57.0876 0x075c  NetPipeActivator - ok
    03:15:57.0892 0x075c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
    03:15:57.0892 0x075c  netprofm - ok
    03:15:57.0923 0x075c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    03:15:57.0923 0x075c  NetTcpActivator - ok
    03:15:57.0923 0x075c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    03:15:57.0923 0x075c  NetTcpPortSharing - ok
    03:15:57.0954 0x075c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
    03:15:57.0954 0x075c  nfrd960 - ok
    03:15:57.0970 0x075c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
    03:15:57.0970 0x075c  NlaSvc - ok
    03:15:57.0986 0x075c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
    03:15:58.0001 0x075c  Npfs - ok
    03:15:58.0017 0x075c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
    03:15:58.0017 0x075c  nsi - ok
    03:15:58.0017 0x075c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
    03:15:58.0017 0x075c  nsiproxy - ok
    03:15:58.0095 0x075c  [ 20E179A7FE78B37A02D30C4D34C870E7, 3E720CD52749E2F86897A89A2B7D3DE4C14255638111DB644C8F2C15174A6A2A ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    03:15:58.0095 0x075c  nSvcIp - ok
    03:15:58.0173 0x075c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
    03:15:58.0220 0x075c  Ntfs - ok
    03:15:58.0235 0x075c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
    03:15:58.0235 0x075c  Null - ok
    03:15:58.0266 0x075c  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
    03:15:58.0282 0x075c  NVENETFD - ok
    03:15:58.0625 0x075c  [ 8E6247F418B4C8AE9EEB0B532CABCC21, 42AD2588CBC8C9478F289955AB1391C65788D0564CCA7E0F9A41B8498A8BA117 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
    03:15:58.0828 0x075c  nvlddmkm - ok
    03:15:58.0890 0x075c  [ 909EEDCBD365BB81027D8E742E6B3416, 6C346C7B0E26A12BB0F56918E5324BC8C1024FEEE5952BFEB02DB2BC47182B61 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
    03:15:58.0890 0x075c  NVNET - ok
    03:15:58.0922 0x075c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
    03:15:58.0922 0x075c  nvraid - ok
    03:15:58.0937 0x075c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
    03:15:58.0937 0x075c  nvstor - ok
    03:15:58.0968 0x075c  [ 1E45F96342429D63DC30E0D9117DA3D8, 3D6DB9514594377CACFD766F0153B8DCF51DDF4172864DAF589CB1EE480D2027 ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
    03:15:58.0968 0x075c  nvstor64 - ok
    03:15:59.0015 0x075c  [ 41B97DCE2B2D113B831EB197F02A7398, 3168C646327E5C72741A326C12AD46A73234DA6A67DC21F66FF1D195A971FBFE ] nvsvc           C:\Windows\system32\nvvsvc.exe
    03:15:59.0031 0x075c  nvsvc - ok
    03:15:59.0156 0x075c  [ A3A25E0509F67473B960DAF214828BE3, F2EC38B82DF46E5765FD8976AA5A7043637AC716F56B17D6DC7524E774602DE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    03:15:59.0171 0x075c  nvUpdatusService - ok
    03:15:59.0218 0x075c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
    03:15:59.0218 0x075c  nv_agp - ok
    03:15:59.0218 0x075c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
    03:15:59.0218 0x075c  ohci1394 - ok
    03:15:59.0280 0x075c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    03:15:59.0280 0x075c  ose - ok
    03:15:59.0452 0x075c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    03:15:59.0530 0x075c  osppsvc - ok
    03:15:59.0561 0x075c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
    03:15:59.0561 0x075c  p2pimsvc - ok
    03:15:59.0577 0x075c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
    03:15:59.0592 0x075c  p2psvc - ok
    03:15:59.0608 0x075c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
    03:15:59.0608 0x075c  Parport - ok
    03:15:59.0639 0x075c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
    03:15:59.0639 0x075c  partmgr - ok
    03:15:59.0655 0x075c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
    03:15:59.0655 0x075c  PcaSvc - ok
    03:15:59.0670 0x075c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
    03:15:59.0670 0x075c  pci - ok
    03:15:59.0686 0x075c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
    03:15:59.0686 0x075c  pciide - ok
    03:15:59.0702 0x075c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
    03:15:59.0702 0x075c  pcmcia - ok
    03:15:59.0717 0x075c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
    03:15:59.0717 0x075c  pcw - ok
    03:15:59.0733 0x075c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
    03:15:59.0748 0x075c  PEAUTH - ok
    03:15:59.0780 0x075c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
    03:15:59.0795 0x075c  PerfHost - ok
    03:15:59.0842 0x075c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
    03:15:59.0873 0x075c  pla - ok
    03:15:59.0889 0x075c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
    03:15:59.0904 0x075c  PlugPlay - ok
    03:15:59.0920 0x075c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
    03:15:59.0920 0x075c  PNRPAutoReg - ok
    03:15:59.0920 0x075c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
    03:15:59.0936 0x075c  PNRPsvc - ok
    03:15:59.0967 0x075c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
    03:15:59.0967 0x075c  PolicyAgent - ok
    03:15:59.0998 0x075c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
    03:15:59.0998 0x075c  Power - ok
    03:16:00.0029 0x075c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
    03:16:00.0029 0x075c  PptpMiniport - ok
    03:16:00.0029 0x075c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
    03:16:00.0045 0x075c  Processor - ok
    03:16:00.0060 0x075c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
    03:16:00.0076 0x075c  ProfSvc - ok
    03:16:00.0092 0x075c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
    03:16:00.0092 0x075c  ProtectedStorage - ok
    03:16:00.0123 0x075c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
    03:16:00.0138 0x075c  Psched - ok
    03:16:00.0185 0x075c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
    03:16:00.0201 0x075c  ql2300 - ok
    03:16:00.0216 0x075c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
    03:16:00.0216 0x075c  ql40xx - ok
    03:16:00.0248 0x075c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
    03:16:00.0248 0x075c  QWAVE - ok
    03:16:00.0263 0x075c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
    03:16:00.0263 0x075c  QWAVEdrv - ok
    03:16:00.0263 0x075c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
    03:16:00.0263 0x075c  RasAcd - ok
    03:16:00.0279 0x075c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
    03:16:00.0294 0x075c  RasAgileVpn - ok
    03:16:00.0294 0x075c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
    03:16:00.0294 0x075c  RasAuto - ok
    03:16:00.0294 0x075c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:16:00.0310 0x075c  Rasl2tp - ok
    03:16:00.0326 0x075c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
    03:16:00.0326 0x075c  RasMan - ok
    03:16:00.0341 0x075c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
    03:16:00.0341 0x075c  RasPppoe - ok
    03:16:00.0341 0x075c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
    03:16:00.0341 0x075c  RasSstp - ok
    03:16:00.0357 0x075c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
    03:16:00.0357 0x075c  rdbss - ok
    03:16:00.0388 0x075c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
    03:16:00.0388 0x075c  rdpbus - ok
    03:16:00.0404 0x075c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:16:00.0404 0x075c  RDPCDD - ok
    03:16:00.0404 0x075c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
    03:16:00.0404 0x075c  RDPENCDD - ok
    03:16:00.0404 0x075c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
    03:16:00.0404 0x075c  RDPREFMP - ok
    03:16:00.0450 0x075c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
    03:16:00.0450 0x075c  RDPWD - ok
    03:16:00.0450 0x075c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
    03:16:00.0466 0x075c  rdyboost - ok
    03:16:00.0497 0x075c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
    03:16:00.0497 0x075c  RemoteAccess - ok
    03:16:00.0528 0x075c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
    03:16:00.0544 0x075c  RemoteRegistry - ok
    03:16:00.0544 0x075c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
    03:16:00.0544 0x075c  RpcEptMapper - ok
    03:16:00.0560 0x075c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
    03:16:00.0560 0x075c  RpcLocator - ok
    03:16:00.0575 0x075c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
    03:16:00.0591 0x075c  RpcSs - ok
    03:16:00.0606 0x075c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
    03:16:00.0606 0x075c  rspndr - ok
    03:16:00.0622 0x075c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
    03:16:00.0622 0x075c  SamSs - ok
    03:16:00.0653 0x075c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
    03:16:00.0653 0x075c  sbp2port - ok
    03:16:00.0669 0x075c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
    03:16:00.0684 0x075c  SCardSvr - ok
    03:16:00.0684 0x075c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
    03:16:00.0684 0x075c  scfilter - ok
    03:16:00.0716 0x075c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
    03:16:00.0747 0x075c  Schedule - ok
    03:16:00.0778 0x075c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
    03:16:00.0778 0x075c  SCPolicySvc - ok
    03:16:00.0794 0x075c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
    03:16:00.0794 0x075c  SDRSVC - ok
    03:16:00.0809 0x075c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
    03:16:00.0809 0x075c  secdrv - ok
    03:16:00.0809 0x075c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
    03:16:00.0825 0x075c  seclogon - ok
    03:16:00.0840 0x075c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
    03:16:00.0840 0x075c  SENS - ok
    03:16:00.0856 0x075c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
    03:16:00.0856 0x075c  SensrSvc - ok
    03:16:00.0856 0x075c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
    03:16:00.0856 0x075c  Serenum - ok
    03:16:00.0872 0x075c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
    03:16:00.0872 0x075c  Serial - ok
    03:16:00.0872 0x075c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
    03:16:00.0872 0x075c  sermouse - ok
    03:16:00.0887 0x075c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
    03:16:00.0887 0x075c  SessionEnv - ok
    03:16:00.0887 0x075c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
    03:16:00.0887 0x075c  sffdisk - ok
    03:16:00.0903 0x075c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
    03:16:00.0903 0x075c  sffp_mmc - ok
    03:16:00.0903 0x075c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
    03:16:00.0903 0x075c  sffp_sd - ok
    03:16:00.0903 0x075c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
    03:16:00.0903 0x075c  sfloppy - ok
    03:16:00.0918 0x075c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
    03:16:00.0934 0x075c  SharedAccess - ok
    03:16:00.0950 0x075c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    03:16:00.0965 0x075c  ShellHWDetection - ok
    03:16:00.0965 0x075c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
    03:16:00.0965 0x075c  SiSRaid2 - ok
    03:16:00.0965 0x075c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
    03:16:00.0981 0x075c  SiSRaid4 - ok
    03:16:00.0981 0x075c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
    03:16:00.0981 0x075c  Smb - ok
    03:16:01.0012 0x075c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
    03:16:01.0012 0x075c  SNMPTRAP - ok
    03:16:01.0059 0x075c  [ 3BB48F7E33C2B76184DDF233000C09CD, D1AAE5B0425047CA0C2D376D3E59324D35A90DF9074CD442DFD0ED6E434D3C84 ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    03:16:01.0059 0x075c  Sony SCSI Helper Service - ok
    03:16:01.0090 0x075c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
    03:16:01.0090 0x075c  spldr - ok
    03:16:01.0137 0x075c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
    03:16:01.0137 0x075c  Spooler - ok
    03:16:01.0246 0x075c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
    03:16:01.0293 0x075c  sppsvc - ok
    03:16:01.0308 0x075c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
    03:16:01.0308 0x075c  sppuinotify - ok
    03:16:01.0340 0x075c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
    03:16:01.0355 0x075c  srv - ok
    03:16:01.0371 0x075c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
    03:16:01.0386 0x075c  srv2 - ok
    03:16:01.0402 0x075c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
    03:16:01.0402 0x075c  srvnet - ok
    03:16:01.0418 0x075c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
    03:16:01.0433 0x075c  SSDPSRV - ok
    03:16:01.0433 0x075c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
    03:16:01.0433 0x075c  SstpSvc - ok
    03:16:01.0480 0x075c  [ A52DDA7F28FF685AD63D77FE0549707E, 2252E86329B9ED113F79DEA80315943314E1F6B73E146AB80A27D9120929E8A7 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    03:16:01.0480 0x075c  Stereo Service - ok
    03:16:01.0511 0x075c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
    03:16:01.0511 0x075c  stexstor - ok
    03:16:01.0542 0x075c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
    03:16:01.0558 0x075c  stisvc - ok
    03:16:01.0574 0x075c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
    03:16:01.0574 0x075c  swenum - ok
    03:16:01.0605 0x075c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
    03:16:01.0620 0x075c  swprv - ok
    03:16:01.0683 0x075c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
    03:16:01.0714 0x075c  SysMain - ok
    03:16:01.0714 0x075c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    03:16:01.0714 0x075c  TabletInputService - ok
    03:16:01.0730 0x075c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
    03:16:01.0730 0x075c  TapiSrv - ok
    03:16:01.0745 0x075c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
    03:16:01.0745 0x075c  TBS - ok
    03:16:01.0823 0x075c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
    03:16:01.0870 0x075c  Tcpip - ok
    03:16:01.0917 0x075c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
    03:16:01.0948 0x075c  TCPIP6 - ok
    03:16:01.0979 0x075c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
    03:16:01.0979 0x075c  tcpipreg - ok
    03:16:02.0010 0x075c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
    03:16:02.0010 0x075c  TDPIPE - ok
    03:16:02.0026 0x075c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
    03:16:02.0026 0x075c  TDTCP - ok
    03:16:02.0073 0x075c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
    03:16:02.0073 0x075c  tdx - ok
    03:16:02.0213 0x075c  [ 01A402D34732CA3DA91786ADCC765069, 863AB0336B092CDF0A5256707D2EAFC0DE3A894C40944AD45A8CD54E725F3FBD ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    03:16:02.0244 0x075c  TeamViewer6 - ok
    03:16:02.0260 0x075c  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
    03:16:02.0260 0x075c  teamviewervpn - ok
    03:16:02.0291 0x075c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
    03:16:02.0291 0x075c  TermDD - ok
    03:16:02.0338 0x075c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
    03:16:02.0354 0x075c  TermService - ok
    03:16:02.0385 0x075c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
    03:16:02.0385 0x075c  Themes - ok
    03:16:02.0400 0x075c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
    03:16:02.0400 0x075c  THREADORDER - ok
    03:16:02.0416 0x075c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
    03:16:02.0416 0x075c  TrkWks - ok
    03:16:02.0447 0x075c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    03:16:02.0463 0x075c  TrustedInstaller - ok
    03:16:02.0494 0x075c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:16:02.0494 0x075c  tssecsrv - ok
    03:16:02.0525 0x075c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
    03:16:02.0541 0x075c  TsUsbFlt - ok
    03:16:02.0541 0x075c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
    03:16:02.0541 0x075c  TsUsbGD - ok
    03:16:02.0556 0x075c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
    03:16:02.0556 0x075c  tunnel - ok
    03:16:02.0572 0x075c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
    03:16:02.0572 0x075c  uagp35 - ok
    03:16:02.0588 0x075c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
    03:16:02.0588 0x075c  udfs - ok
    03:16:02.0619 0x075c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
    03:16:02.0619 0x075c  UI0Detect - ok
    03:16:02.0634 0x075c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
    03:16:02.0634 0x075c  uliagpkx - ok
    03:16:02.0634 0x075c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
    03:16:02.0634 0x075c  umbus - ok
    03:16:02.0650 0x075c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
    03:16:02.0650 0x075c  UmPass - ok
    03:16:02.0666 0x075c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
    03:16:02.0666 0x075c  upnphost - ok
    03:16:02.0712 0x075c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
    03:16:02.0712 0x075c  usbccgp - ok
    03:16:02.0744 0x075c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
    03:16:02.0744 0x075c  usbcir - ok
    03:16:02.0775 0x075c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
    03:16:02.0775 0x075c  usbehci - ok
    03:16:02.0822 0x075c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
    03:16:02.0822 0x075c  usbhub - ok
    03:16:02.0837 0x075c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
    03:16:02.0837 0x075c  usbohci - ok
    03:16:02.0868 0x075c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
    03:16:02.0868 0x075c  usbprint - ok
    03:16:02.0900 0x075c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
    03:16:02.0900 0x075c  usbscan - ok
    03:16:02.0915 0x075c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:16:02.0915 0x075c  USBSTOR - ok
    03:16:02.0946 0x075c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
    03:16:02.0946 0x075c  usbuhci - ok
    03:16:02.0962 0x075c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
    03:16:02.0978 0x075c  UxSms - ok
    03:16:02.0993 0x075c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
    03:16:02.0993 0x075c  VaultSvc - ok
    03:16:03.0009 0x075c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
    03:16:03.0009 0x075c  vdrvroot - ok
    03:16:03.0040 0x075c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
    03:16:03.0056 0x075c  vds - ok
    03:16:03.0071 0x075c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
    03:16:03.0071 0x075c  vga - ok
    03:16:03.0071 0x075c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
    03:16:03.0071 0x075c  VgaSave - ok
    03:16:03.0087 0x075c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
    03:16:03.0087 0x075c  vhdmp - ok
    03:16:03.0118 0x075c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
    03:16:03.0118 0x075c  viaide - ok
    03:16:03.0118 0x075c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
    03:16:03.0118 0x075c  volmgr - ok
    03:16:03.0134 0x075c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
    03:16:03.0149 0x075c  volmgrx - ok
    03:16:03.0165 0x075c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
    03:16:03.0165 0x075c  volsnap - ok
    03:16:03.0180 0x075c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
    03:16:03.0180 0x075c  vsmraid - ok
    03:16:03.0243 0x075c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
    03:16:03.0274 0x075c  VSS - ok
    03:16:03.0430 0x075c  [ C22E26DEDA8CDDCD45B5E0751CD9ABCC, B913266BCB85F1C67AD5A44A53F4DAF4026D46B058EE6174FEC355FF2EA0F338 ] vToolbarUpdater18.1.9 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    03:16:03.0461 0x075c  vToolbarUpdater18.1.9 - ok
    03:16:03.0477 0x075c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
    03:16:03.0477 0x075c  vwifibus - ok
    03:16:03.0492 0x075c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
    03:16:03.0492 0x075c  W32Time - ok
    03:16:03.0508 0x075c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
    03:16:03.0508 0x075c  WacomPen - ok
    03:16:03.0539 0x075c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
    03:16:03.0539 0x075c  WANARP - ok
    03:16:03.0539 0x075c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
    03:16:03.0539 0x075c  Wanarpv6 - ok
    03:16:03.0617 0x075c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
    03:16:03.0633 0x075c  WatAdminSvc - ok
    03:16:03.0695 0x075c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
    03:16:03.0711 0x075c  wbengine - ok
    03:16:03.0726 0x075c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
    03:16:03.0726 0x075c  WbioSrvc - ok
    03:16:03.0742 0x075c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
    03:16:03.0742 0x075c  wcncsvc - ok
    03:16:03.0758 0x075c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    03:16:03.0758 0x075c  WcsPlugInService - ok
    03:16:03.0758 0x075c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
    03:16:03.0758 0x075c  Wd - ok
    03:16:03.0820 0x075c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
    03:16:03.0836 0x075c  Wdf01000 - ok
    03:16:03.0851 0x075c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
    03:16:03.0851 0x075c  WdiServiceHost - ok
    03:16:03.0882 0x075c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
    03:16:03.0882 0x075c  WdiSystemHost - ok
    03:16:03.0929 0x075c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
    03:16:03.0929 0x075c  WebClient - ok
    03:16:03.0960 0x075c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
    03:16:03.0960 0x075c  Wecsvc - ok
    03:16:03.0960 0x075c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
    03:16:03.0976 0x075c  wercplsupport - ok
    03:16:03.0976 0x075c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
    03:16:03.0976 0x075c  WerSvc - ok
    03:16:04.0007 0x075c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
    03:16:04.0007 0x075c  WfpLwf - ok
    03:16:04.0007 0x075c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
    03:16:04.0007 0x075c  WIMMount - ok
    03:16:04.0038 0x075c  WinDefend - ok
    03:16:04.0054 0x075c  WinHttpAutoProxySvc - ok
    03:16:04.0085 0x075c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
    03:16:04.0101 0x075c  Winmgmt - ok
    03:16:04.0179 0x075c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
    03:16:04.0226 0x075c  WinRM - ok
    03:16:04.0288 0x075c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
    03:16:04.0288 0x075c  WinUSB - ok
    03:16:04.0335 0x075c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
    03:16:04.0350 0x075c  Wlansvc - ok
    03:16:04.0382 0x075c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    03:16:04.0382 0x075c  wlcrasvc - ok
    03:16:04.0460 0x075c  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    03:16:04.0506 0x075c  wlidsvc - ok
    03:16:04.0522 0x075c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
    03:16:04.0522 0x075c  WmiAcpi - ok
    03:16:04.0538 0x075c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
    03:16:04.0553 0x075c  wmiApSrv - ok
    03:16:04.0569 0x075c  WMPNetworkSvc - ok
    03:16:04.0600 0x075c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
    03:16:04.0600 0x075c  WPCSvc - ok
    03:16:04.0616 0x075c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
    03:16:04.0616 0x075c  WPDBusEnum - ok
    03:16:04.0631 0x075c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
    03:16:04.0631 0x075c  ws2ifsl - ok
    03:16:04.0631 0x075c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
    03:16:04.0631 0x075c  wscsvc - ok
    03:16:04.0631 0x075c  WSearch - ok
    03:16:04.0740 0x075c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
    03:16:04.0772 0x075c  wuauserv - ok
    03:16:04.0803 0x075c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
    03:16:04.0818 0x075c  WudfPf - ok
    03:16:04.0850 0x075c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:16:04.0850 0x075c  WUDFRd - ok
    03:16:04.0865 0x075c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
    03:16:04.0865 0x075c  wudfsvc - ok
    03:16:04.0896 0x075c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
    03:16:04.0896 0x075c  WwanSvc - ok
    03:16:04.0928 0x075c  ================ Scan global ===============================
    03:16:04.0943 0x075c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    03:16:04.0959 0x075c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    03:16:04.0974 0x075c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    03:16:05.0006 0x075c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    03:16:05.0021 0x075c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    03:16:05.0021 0x075c  [ Global ] - ok
    03:16:05.0021 0x075c  ================ Scan MBR ==================================
    03:16:05.0037 0x075c  [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
    03:16:06.0831 0x075c  \Device\Harddisk0\DR0 - ok
    03:16:06.0831 0x075c  ================ Scan VBR ==================================
    03:16:06.0831 0x075c  [ 4831DB8892BB992461AFFE3A7B8AE636 ] \Device\Harddisk0\DR0\Partition1
    03:16:06.0831 0x075c  \Device\Harddisk0\DR0\Partition1 - ok
    03:16:06.0831 0x075c  [ 8C06189B544798AB8AF4261D2A7247BE ] \Device\Harddisk0\DR0\Partition2
    03:16:06.0831 0x075c  \Device\Harddisk0\DR0\Partition2 - ok
    03:16:06.0831 0x075c  ================ Scan generic autorun ======================
    03:16:07.0096 0x075c  [ 96922E3892E299FED3F2B82FD5DDB99F, 0F01DAC0F6B026653DE220494347212441B50340B7A8068A709BF6953D799B57 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    03:16:07.0330 0x075c  RtHDVCpl - ok
    03:16:07.0377 0x075c  [ 452FA961163EF4AEE4815796A13AB2CF, 14DC422082F96F5C21C41A5E5F6E8445547CC4B02B18F0A86A34669CA2CE18A7 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    03:16:07.0377 0x075c  Adobe Reader Speed Launcher - ok
    03:16:07.0424 0x075c  [ 2EA4B2BC3260CF3D20F6A164B362F6D4, 04E9262329F7B326468B6E57502CBD600B6BFF578E63242404FF612C1DBD08DE ] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    03:16:07.0439 0x075c  Hotkey Utility - ok
    03:16:07.0595 0x075c  [ 371BA71B566260932DCCCF843BF6C7E7, 3F34769DD1EA9C6CBAA3DC099B2512E4D5B888A6B76A568BB79ED08452C7EA17 ] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    03:16:07.0626 0x075c  AVG_TRAY - ok
    03:16:07.0689 0x075c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    03:16:07.0736 0x075c  Sidebar - ok
    03:16:07.0751 0x075c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
    03:16:07.0751 0x075c  mctadmin - ok
    03:16:07.0798 0x075c  [ 6E9DBF6B982AEA2EC6614F0B81AB2846, BEBD1E26E3C2810B19A71446A2CC5B9BD9436E802DD8CD0432DFC35BFF248593 ] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe
    03:16:07.0798 0x075c  ScrSav - ok
    03:16:07.0798 0x075c  AV detected via SS2: AVG Anti-Virus Free Edition 2012, C:\Program Files (x86)\AVG\AVG2012\avgwsc.exe ( 12.0.0.2222 ), 0x40000 ( disabled : updated )
    03:16:07.0798 0x075c  Win FW state via NFP2: enabled
    03:16:07.0798 0x075c  ============================================================
    03:16:07.0798 0x075c  Scan finished
    03:16:07.0798 0x075c  ============================================================
    03:16:07.0814 0x0494  Detected object count: 0
    03:16:07.0814 0x0494  Actual detected object count: 0
    03:16:32.0774 0x04e4  ============================================================
    03:16:32.0774 0x04e4  Scan started
    03:16:32.0774 0x04e4  Mode: Manual;
    03:16:32.0774 0x04e4  ============================================================
    03:16:32.0774 0x04e4  KSN ping started
    03:16:32.0774 0x04e4  KSN ping finished: false
    03:16:33.0070 0x04e4  ================ Scan system memory ========================
    03:16:33.0070 0x04e4  System memory - ok
    03:16:33.0070 0x04e4  ================ Scan services =============================
    03:16:33.0148 0x04e4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
    03:16:33.0148 0x04e4  1394ohci - ok
    03:16:33.0164 0x04e4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
    03:16:33.0179 0x04e4  ACPI - ok
    03:16:33.0179 0x04e4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
    03:16:33.0179 0x04e4  AcpiPmi - ok
    03:16:33.0242 0x04e4  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    03:16:33.0242 0x04e4  AdobeFlashPlayerUpdateSvc - ok
    03:16:33.0273 0x04e4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
    03:16:33.0273 0x04e4  adp94xx - ok
    03:16:33.0288 0x04e4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
    03:16:33.0288 0x04e4  adpahci - ok
    03:16:33.0304 0x04e4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
    03:16:33.0304 0x04e4  adpu320 - ok
    03:16:33.0320 0x04e4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
    03:16:33.0320 0x04e4  AeLookupSvc - ok
    03:16:33.0351 0x04e4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
    03:16:33.0366 0x04e4  AFD - ok
    03:16:33.0382 0x04e4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
    03:16:33.0382 0x04e4  agp440 - ok
    03:16:33.0398 0x04e4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
    03:16:33.0398 0x04e4  ALG - ok
    03:16:33.0413 0x04e4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
    03:16:33.0413 0x04e4  aliide - ok
    03:16:33.0429 0x04e4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
    03:16:33.0429 0x04e4  amdide - ok
    03:16:33.0444 0x04e4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
    03:16:33.0444 0x04e4  AmdK8 - ok
    03:16:33.0460 0x04e4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
    03:16:33.0460 0x04e4  AmdPPM - ok
    03:16:33.0476 0x04e4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
    03:16:33.0476 0x04e4  amdsata - ok
    03:16:33.0491 0x04e4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
    03:16:33.0491 0x04e4  amdsbs - ok
    03:16:33.0507 0x04e4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
    03:16:33.0507 0x04e4  amdxata - ok
    03:16:33.0522 0x04e4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
    03:16:33.0522 0x04e4  AppID - ok
    03:16:33.0522 0x04e4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
    03:16:33.0522 0x04e4  AppIDSvc - ok
    03:16:33.0585 0x04e4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
    03:16:33.0585 0x04e4  Appinfo - ok
    03:16:33.0585 0x04e4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
    03:16:33.0585 0x04e4  arc - ok
    03:16:33.0600 0x04e4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
    03:16:33.0600 0x04e4  arcsas - ok
    03:16:33.0866 0x04e4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    03:16:33.0866 0x04e4  aspnet_state - ok
    03:16:33.0881 0x04e4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
    03:16:33.0881 0x04e4  AsyncMac - ok
    03:16:33.0912 0x04e4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
    03:16:33.0912 0x04e4  atapi - ok
    03:16:33.0959 0x04e4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    03:16:33.0975 0x04e4  AudioEndpointBuilder - ok
    03:16:33.0990 0x04e4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
    03:16:34.0006 0x04e4  AudioSrv - ok
    03:16:34.0287 0x04e4  [ AB673BA95E8FA446E9C00AA7A34B96DA, 6CDFAEAD9BB8396D6F4BE2A409470760CBF4391CE1AFB3FF8DFA3277BBA7D957 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    03:16:34.0365 0x04e4  AVGIDSAgent - ok
    03:16:34.0412 0x04e4  [ 633360E94804E7BAFE642017817C9413, 95408683E311E7B24B16F0F8BC8E96D52844E739A9A8EC0BF97BBB73B9DA3932 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    03:16:34.0412 0x04e4  AVGIDSDriver - ok
    03:16:34.0443 0x04e4  [ 0F293406F64B48D5D2F0D3A1117F3A83, 5399AF098CA95231797EB1A37594919D1271E37FC363D3641EC07627E4711CA5 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    03:16:34.0443 0x04e4  AVGIDSFilter - ok
    03:16:34.0474 0x04e4  [ CFFC3A4A638F462E0561CB368B9A7A3A, A9258122D54D6B2DF71E9682A30FA9F74035CE1C60C350FB9012F4AAB2D89C63 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
    03:16:34.0474 0x04e4  AVGIDSHA - ok
    03:16:34.0505 0x04e4  [ BE8BC5D10ABA05D7F6E79D8296906C86, 2A39CD0887F50DF223D36FDD9C202277D84DF998E7D9AEE31A374507C510A687 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
    03:16:34.0505 0x04e4  Avgldx64 - ok
    03:16:34.0536 0x04e4  [ A6AEC362AAE5E2DDA7445E7690CB0F33, 64FCE35E71AC1105720B845D2C87FF8FC94353A69AD43DAF7F81A543DDA6462C ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
    03:16:34.0536 0x04e4  Avgmfx64 - ok
    03:16:34.0568 0x04e4  [ 645C7F0A0E39758A0024A9B1748273C0, 9EDC8D2C40EF49BA2C2A6BEED0D1EDE348D58EF57F27894D6E2021BCA864D940 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
    03:16:34.0568 0x04e4  Avgrkx64 - ok
    03:16:34.0614 0x04e4  [ CAFCAF8A8870B607AD7C20BA4C1EB23D, 0DE0D4F3547CB109C7CFD68AAD23A4ADE0B936CED504EF3AC38BFDBEDCA9E83C ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
    03:16:34.0630 0x04e4  Avgtdia - ok
    03:16:34.0661 0x04e4  [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
    03:16:34.0661 0x04e4  avgtp - ok
    03:16:34.0692 0x04e4  [ EA1145DEBCD508FD25BD1E95C4346929, E6D9C84C61DBD69726E4B5BB081B53330E9F7662374D539CF25D8EE3539B9885 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    03:16:34.0692 0x04e4  avgwd - ok
    03:16:34.0724 0x04e4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
    03:16:34.0724 0x04e4  AxInstSV - ok
    03:16:34.0755 0x04e4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
    03:16:34.0755 0x04e4  b06bdrv - ok
    03:16:34.0770 0x04e4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
    03:16:34.0770 0x04e4  b57nd60a - ok
    03:16:34.0786 0x04e4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
    03:16:34.0786 0x04e4  BDESVC - ok
    03:16:34.0802 0x04e4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
    03:16:34.0802 0x04e4  Beep - ok
    03:16:34.0817 0x04e4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
    03:16:34.0833 0x04e4  BFE - ok
    03:16:34.0880 0x04e4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
    03:16:34.0895 0x04e4  BITS - ok
    03:16:34.0911 0x04e4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
    03:16:34.0911 0x04e4  blbdrive - ok
    03:16:34.0926 0x04e4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
    03:16:34.0926 0x04e4  bowser - ok
    03:16:34.0926 0x04e4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
    03:16:34.0926 0x04e4  BrFiltLo - ok
    03:16:34.0926 0x04e4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
    03:16:34.0942 0x04e4  BrFiltUp - ok
    03:16:34.0942 0x04e4  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
    03:16:34.0942 0x04e4  BridgeMP - ok
    03:16:34.0973 0x04e4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
    03:16:34.0973 0x04e4  Browser - ok
    03:16:34.0989 0x04e4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
    03:16:34.0989 0x04e4  Brserid - ok
    03:16:34.0989 0x04e4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
    03:16:35.0004 0x04e4  BrSerWdm - ok
    03:16:35.0004 0x04e4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
    03:16:35.0004 0x04e4  BrUsbMdm - ok
    03:16:35.0004 0x04e4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
    03:16:35.0004 0x04e4  BrUsbSer - ok
    03:16:35.0020 0x04e4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
    03:16:35.0020 0x04e4  BTHMODEM - ok
    03:16:35.0036 0x04e4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
    03:16:35.0036 0x04e4  bthserv - ok
    03:16:35.0036 0x04e4  catchme - ok
    03:16:35.0051 0x04e4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
    03:16:35.0051 0x04e4  cdfs - ok
    03:16:35.0067 0x04e4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
    03:16:35.0067 0x04e4  cdrom - ok
    03:16:35.0082 0x04e4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
    03:16:35.0098 0x04e4  CertPropSvc - ok
    03:16:35.0098 0x04e4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
    03:16:35.0098 0x04e4  circlass - ok
    03:16:35.0114 0x04e4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
    03:16:35.0114 0x04e4  CLFS - ok
    03:16:35.0176 0x04e4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:16:35.0176 0x04e4  clr_optimization_v2.0.50727_32 - ok
    03:16:35.0238 0x04e4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    03:16:35.0238 0x04e4  clr_optimization_v2.0.50727_64 - ok
    03:16:35.0426 0x04e4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:16:35.0426 0x04e4  clr_optimization_v4.0.30319_32 - ok
    03:16:35.0441 0x04e4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    03:16:35.0441 0x04e4  clr_optimization_v4.0.30319_64 - ok
    03:16:35.0472 0x04e4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
    03:16:35.0472 0x04e4  CmBatt - ok
    03:16:35.0488 0x04e4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
    03:16:35.0488 0x04e4  cmdide - ok
    03:16:35.0535 0x04e4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
    03:16:35.0535 0x04e4  CNG - ok
    03:16:35.0550 0x04e4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
    03:16:35.0550 0x04e4  Compbatt - ok
    03:16:35.0566 0x04e4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
    03:16:35.0582 0x04e4  CompositeBus - ok
    03:16:35.0582 0x04e4  COMSysApp - ok
    03:16:35.0582 0x04e4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
    03:16:35.0582 0x04e4  crcdisk - ok
    03:16:35.0628 0x04e4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
    03:16:35.0628 0x04e4  CryptSvc - ok
    03:16:35.0675 0x04e4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
    03:16:35.0675 0x04e4  DcomLaunch - ok
    03:16:35.0706 0x04e4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
    03:16:35.0722 0x04e4  defragsvc - ok
    03:16:35.0722 0x04e4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
    03:16:35.0722 0x04e4  DfsC - ok
    03:16:35.0738 0x04e4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
    03:16:35.0738 0x04e4  Dhcp - ok
    03:16:35.0753 0x04e4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
    03:16:35.0753 0x04e4  discache - ok
    03:16:35.0753 0x04e4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
    03:16:35.0753 0x04e4  Disk - ok
    03:16:35.0784 0x04e4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
    03:16:35.0784 0x04e4  Dnscache - ok
    03:16:35.0800 0x04e4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
    03:16:35.0800 0x04e4  dot3svc - ok
    03:16:35.0816 0x04e4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
    03:16:35.0816 0x04e4  DPS - ok
    03:16:35.0847 0x04e4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
    03:16:35.0847 0x04e4  drmkaud - ok
    03:16:35.0894 0x04e4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
    03:16:35.0909 0x04e4  DXGKrnl - ok
    03:16:35.0940 0x04e4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
    03:16:35.0940 0x04e4  EapHost - ok
    03:16:36.0034 0x04e4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
    03:16:36.0096 0x04e4  ebdrv - ok
    03:16:36.0128 0x04e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
    03:16:36.0128 0x04e4  EFS - ok
    03:16:36.0221 0x04e4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
    03:16:36.0237 0x04e4  ehRecvr - ok
    03:16:36.0252 0x04e4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
    03:16:36.0252 0x04e4  ehSched - ok
    03:16:36.0284 0x04e4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
    03:16:36.0284 0x04e4  elxstor - ok
    03:16:36.0299 0x04e4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
    03:16:36.0299 0x04e4  ErrDev - ok
    03:16:36.0330 0x04e4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
    03:16:36.0330 0x04e4  EventSystem - ok
    03:16:36.0346 0x04e4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
    03:16:36.0346 0x04e4  exfat - ok
    03:16:36.0362 0x04e4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
    03:16:36.0362 0x04e4  fastfat - ok
    03:16:36.0393 0x04e4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
    03:16:36.0408 0x04e4  Fax - ok
    03:16:36.0408 0x04e4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
    03:16:36.0408 0x04e4  fdc - ok
    03:16:36.0424 0x04e4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
    03:16:36.0424 0x04e4  fdPHost - ok
    03:16:36.0440 0x04e4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
    03:16:36.0440 0x04e4  FDResPub - ok
    03:16:36.0455 0x04e4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
    03:16:36.0455 0x04e4  FileInfo - ok
    03:16:36.0471 0x04e4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
    03:16:36.0471 0x04e4  Filetrace - ok
    03:16:36.0471 0x04e4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
    03:16:36.0471 0x04e4  flpydisk - ok
    03:16:36.0486 0x04e4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
    03:16:36.0486 0x04e4  FltMgr - ok
    03:16:36.0533 0x04e4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
    03:16:36.0564 0x04e4  FontCache - ok
    03:16:36.0596 0x04e4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    03:16:36.0596 0x04e4  FontCache3.0.0.0 - ok
    03:16:36.0658 0x04e4  [ 52B58A46BEEFB238C580B69FD051CB5B, 6C3B92F953DD55619BD6F0876850A441CAF7774EB873196F567F6A1C0D8CF182 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    03:16:36.0674 0x04e4  ForceWare Intelligent Application Manager (IAM) - ok
    03:16:36.0674 0x04e4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
    03:16:36.0689 0x04e4  FsDepends - ok
    03:16:36.0705 0x04e4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
    03:16:36.0705 0x04e4  Fs_Rec - ok
    03:16:36.0736 0x04e4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
    03:16:36.0736 0x04e4  fvevol - ok
    03:16:36.0752 0x04e4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
    03:16:36.0752 0x04e4  gagp30kx - ok
    03:16:36.0783 0x04e4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
    03:16:36.0798 0x04e4  gpsvc - ok
    03:16:36.0830 0x04e4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
    03:16:36.0830 0x04e4  hcw85cir - ok
    03:16:36.0830 0x04e4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    03:16:36.0845 0x04e4  HdAudAddService - ok
    03:16:36.0845 0x04e4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
    03:16:36.0845 0x04e4  HDAudBus - ok
    03:16:36.0861 0x04e4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
    03:16:36.0861 0x04e4  HidBatt - ok
    03:16:36.0861 0x04e4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
    03:16:36.0861 0x04e4  HidBth - ok
    03:16:36.0861 0x04e4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
    03:16:36.0861 0x04e4  HidIr - ok
    03:16:36.0876 0x04e4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
    03:16:36.0876 0x04e4  hidserv - ok
    03:16:36.0908 0x04e4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
    03:16:36.0908 0x04e4  HidUsb - ok
    03:16:36.0923 0x04e4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
    03:16:36.0923 0x04e4  hkmsvc - ok
    03:16:36.0923 0x04e4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    03:16:36.0939 0x04e4  HomeGroupListener - ok
    03:16:36.0954 0x04e4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    03:16:36.0970 0x04e4  HomeGroupProvider - ok
    03:16:36.0970 0x04e4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
    03:16:36.0970 0x04e4  HpSAMD - ok
    03:16:37.0001 0x04e4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
    03:16:37.0017 0x04e4  HTTP - ok
    03:16:37.0017 0x04e4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
    03:16:37.0017 0x04e4  hwpolicy - ok
    03:16:37.0032 0x04e4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
    03:16:37.0032 0x04e4  i8042prt - ok
    03:16:37.0064 0x04e4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
    03:16:37.0064 0x04e4  iaStorV - ok
    03:16:37.0110 0x04e4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    03:16:37.0126 0x04e4  idsvc - ok
    03:16:37.0126 0x04e4  IEEtwCollectorService - ok
    03:16:37.0142 0x04e4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
    03:16:37.0142 0x04e4  iirsp - ok
    03:16:37.0188 0x04e4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
    03:16:37.0204 0x04e4  IKEEXT - ok
    03:16:37.0282 0x04e4  [ 2E3B99E8C23BE2BF32EBE1DB5261F275, F78C556A5152568301E8F8A2B02B154D802448D5402AB916AF8F59A95FDF479D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    03:16:37.0329 0x04e4  IntcAzAudAddService - ok
    03:16:37.0344 0x04e4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
    03:16:37.0344 0x04e4  intelide - ok
    03:16:37.0344 0x04e4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
    03:16:37.0344 0x04e4  intelppm - ok
    03:16:37.0376 0x04e4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
    03:16:37.0376 0x04e4  IPBusEnum - ok
    03:16:37.0376 0x04e4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:16:37.0391 0x04e4  IpFilterDriver - ok
    03:16:37.0438 0x04e4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
    03:16:37.0438 0x04e4  iphlpsvc - ok
    03:16:37.0454 0x04e4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
    03:16:37.0454 0x04e4  IPMIDRV - ok
    03:16:37.0454 0x04e4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
    03:16:37.0454 0x04e4  IPNAT - ok
    03:16:37.0485 0x04e4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
    03:16:37.0485 0x04e4  IRENUM - ok
    03:16:37.0500 0x04e4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
    03:16:37.0500 0x04e4  isapnp - ok
    03:16:37.0516 0x04e4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
    03:16:37.0532 0x04e4  iScsiPrt - ok
    03:16:37.0532 0x04e4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
    03:16:37.0532 0x04e4  kbdclass - ok
    03:16:37.0532 0x04e4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
    03:16:37.0532 0x04e4  kbdhid - ok
    03:16:37.0563 0x04e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
    03:16:37.0563 0x04e4  KeyIso - ok
    03:16:37.0578 0x04e4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
    03:16:37.0578 0x04e4  KSecDD - ok
    03:16:37.0625 0x04e4  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
    03:16:37.0641 0x04e4  KSecPkg - ok
    03:16:37.0641 0x04e4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
    03:16:37.0641 0x04e4  ksthunk - ok
    03:16:37.0672 0x04e4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
    03:16:37.0672 0x04e4  KtmRm - ok
    03:16:37.0703 0x04e4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
    03:16:37.0703 0x04e4  LanmanServer - ok
    03:16:37.0734 0x04e4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    03:16:37.0734 0x04e4  LanmanWorkstation - ok
    03:16:37.0781 0x04e4  [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    03:16:37.0781 0x04e4  Live Updater Service - ok
    03:16:37.0781 0x04e4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
    03:16:37.0781 0x04e4  lltdio - ok
    03:16:37.0812 0x04e4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
    03:16:37.0828 0x04e4  lltdsvc - ok
    03:16:37.0828 0x04e4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
    03:16:37.0844 0x04e4  lmhosts - ok
    03:16:37.0859 0x04e4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
    03:16:37.0859 0x04e4  LSI_FC - ok
    03:16:37.0875 0x04e4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
    03:16:37.0875 0x04e4  LSI_SAS - ok
    03:16:37.0875 0x04e4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
    03:16:37.0875 0x04e4  LSI_SAS2 - ok
    03:16:37.0890 0x04e4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
    03:16:37.0890 0x04e4  LSI_SCSI - ok
    03:16:37.0890 0x04e4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
    03:16:37.0906 0x04e4  luafv - ok
    03:16:37.0906 0x04e4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
    03:16:37.0906 0x04e4  Mcx2Svc - ok
    03:16:37.0922 0x04e4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
    03:16:37.0922 0x04e4  megasas - ok
    03:16:37.0937 0x04e4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
    03:16:37.0937 0x04e4  MegaSR - ok
    03:16:38.0062 0x04e4  Microsoft SharePoint Workspace Audit Service - ok
    03:16:38.0078 0x04e4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
    03:16:38.0078 0x04e4  MMCSS - ok
    03:16:38.0078 0x04e4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
    03:16:38.0078 0x04e4  Modem - ok
    03:16:38.0093 0x04e4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
    03:16:38.0093 0x04e4  monitor - ok
    03:16:38.0093 0x04e4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
    03:16:38.0093 0x04e4  mouclass - ok
    03:16:38.0093 0x04e4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
    03:16:38.0093 0x04e4  mouhid - ok
    03:16:38.0109 0x04e4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
    03:16:38.0109 0x04e4  mountmgr - ok
    03:16:38.0109 0x04e4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
    03:16:38.0124 0x04e4  mpio - ok
    03:16:38.0124 0x04e4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
    03:16:38.0124 0x04e4  mpsdrv - ok
    03:16:38.0156 0x04e4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
    03:16:38.0171 0x04e4  MpsSvc - ok
    03:16:38.0218 0x04e4  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
    03:16:38.0218 0x04e4  MRxDAV - ok
    03:16:38.0249 0x04e4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:16:38.0249 0x04e4  mrxsmb - ok
    03:16:38.0265 0x04e4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:16:38.0265 0x04e4  mrxsmb10 - ok
    03:16:38.0280 0x04e4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:16:38.0280 0x04e4  mrxsmb20 - ok
    03:16:38.0296 0x04e4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
    03:16:38.0296 0x04e4  msahci - ok
    03:16:38.0312 0x04e4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
    03:16:38.0312 0x04e4  msdsm - ok
    03:16:38.0327 0x04e4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
    03:16:38.0327 0x04e4  MSDTC - ok
    03:16:38.0343 0x04e4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
    03:16:38.0343 0x04e4  Msfs - ok
    03:16:38.0343 0x04e4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
    03:16:38.0358 0x04e4  mshidkmdf - ok
    03:16:38.0358 0x04e4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
    03:16:38.0358 0x04e4  msisadrv - ok
    03:16:38.0374 0x04e4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
    03:16:38.0374 0x04e4  MSiSCSI - ok
    03:16:38.0374 0x04e4  msiserver - ok
    03:16:38.0390 0x04e4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
    03:16:38.0390 0x04e4  MSKSSRV - ok
    03:16:38.0390 0x04e4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
    03:16:38.0390 0x04e4  MSPCLOCK - ok
    03:16:38.0390 0x04e4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
    03:16:38.0390 0x04e4  MSPQM - ok
    03:16:38.0405 0x04e4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
    03:16:38.0421 0x04e4  MsRPC - ok
    03:16:38.0421 0x04e4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
    03:16:38.0421 0x04e4  mssmbios - ok
    03:16:38.0436 0x04e4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
    03:16:38.0436 0x04e4  MSTEE - ok
    03:16:38.0436 0x04e4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
    03:16:38.0436 0x04e4  MTConfig - ok
    03:16:38.0452 0x04e4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
    03:16:38.0452 0x04e4  Mup - ok
    03:16:38.0468 0x04e4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
    03:16:38.0483 0x04e4  napagent - ok
    03:16:38.0499 0x04e4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
    03:16:38.0499 0x04e4  NativeWifiP - ok
    03:16:38.0561 0x04e4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
    03:16:38.0577 0x04e4  NDIS - ok
    03:16:38.0608 0x04e4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
    03:16:38.0608 0x04e4  NdisCap - ok
    03:16:38.0608 0x04e4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
    03:16:38.0608 0x04e4  NdisTapi - ok
    03:16:38.0608 0x04e4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
    03:16:38.0608 0x04e4  Ndisuio - ok
    03:16:38.0624 0x04e4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
    03:16:38.0624 0x04e4  NdisWan - ok
    03:16:38.0655 0x04e4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
    03:16:38.0655 0x04e4  NDProxy - ok
    03:16:38.0655 0x04e4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
    03:16:38.0655 0x04e4  NetBIOS - ok
    03:16:38.0670 0x04e4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
    03:16:38.0670 0x04e4  NetBT - ok
    03:16:38.0702 0x04e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
    03:16:38.0702 0x04e4  Netlogon - ok
    03:16:38.0733 0x04e4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
    03:16:38.0748 0x04e4  Netman - ok
    03:16:38.0780 0x04e4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    03:16:38.0780 0x04e4  NetMsmqActivator - ok
    03:16:38.0780 0x04e4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    03:16:38.0780 0x04e4  NetPipeActivator - ok
    03:16:38.0795 0x04e4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
    03:16:38.0811 0x04e4  netprofm - ok
    03:16:38.0811 0x04e4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    03:16:38.0811 0x04e4  NetTcpActivator - ok
    03:16:38.0826 0x04e4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    03:16:38.0826 0x04e4  NetTcpPortSharing - ok
    03:16:38.0842 0x04e4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
    03:16:38.0842 0x04e4  nfrd960 - ok
    03:16:38.0858 0x04e4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
    03:16:38.0873 0x04e4  NlaSvc - ok
    03:16:38.0873 0x04e4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
    03:16:38.0873 0x04e4  Npfs - ok
    03:16:38.0889 0x04e4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
    03:16:38.0889 0x04e4  nsi - ok
    03:16:38.0889 0x04e4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
    03:16:38.0889 0x04e4  nsiproxy - ok
    03:16:38.0936 0x04e4  [ 20E179A7FE78B37A02D30C4D34C870E7, 3E720CD52749E2F86897A89A2B7D3DE4C14255638111DB644C8F2C15174A6A2A ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    03:16:38.0936 0x04e4  nSvcIp - ok
    03:16:39.0014 0x04e4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
    03:16:39.0029 0x04e4  Ntfs - ok
    03:16:39.0060 0x04e4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
    03:16:39.0060 0x04e4  Null - ok
    03:16:39.0076 0x04e4  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
    03:16:39.0092 0x04e4  NVENETFD - ok
    03:16:39.0450 0x04e4  [ 8E6247F418B4C8AE9EEB0B532CABCC21, 42AD2588CBC8C9478F289955AB1391C65788D0564CCA7E0F9A41B8498A8BA117 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
    03:16:39.0669 0x04e4  nvlddmkm - ok
    03:16:39.0716 0x04e4  [ 909EEDCBD365BB81027D8E742E6B3416, 6C346C7B0E26A12BB0F56918E5324BC8C1024FEEE5952BFEB02DB2BC47182B61 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
    03:16:39.0716 0x04e4  NVNET - ok
    03:16:39.0747 0x04e4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
    03:16:39.0747 0x04e4  nvraid - ok
    03:16:39.0762 0x04e4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
    03:16:39.0762 0x04e4  nvstor - ok
    03:16:39.0794 0x04e4  [ 1E45F96342429D63DC30E0D9117DA3D8, 3D6DB9514594377CACFD766F0153B8DCF51DDF4172864DAF589CB1EE480D2027 ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
    03:16:39.0794 0x04e4  nvstor64 - ok
    03:16:39.0840 0x04e4  [ 41B97DCE2B2D113B831EB197F02A7398, 3168C646327E5C72741A326C12AD46A73234DA6A67DC21F66FF1D195A971FBFE ] nvsvc           C:\Windows\system32\nvvsvc.exe
    03:16:39.0856 0x04e4  nvsvc - ok
    03:16:39.0965 0x04e4  [ A3A25E0509F67473B960DAF214828BE3, F2EC38B82DF46E5765FD8976AA5A7043637AC716F56B17D6DC7524E774602DE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    03:16:39.0996 0x04e4  nvUpdatusService - ok
    03:16:40.0028 0x04e4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
    03:16:40.0028 0x04e4  nv_agp - ok
    03:16:40.0043 0x04e4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
    03:16:40.0043 0x04e4  ohci1394 - ok
    03:16:40.0090 0x04e4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    03:16:40.0090 0x04e4  ose - ok
    03:16:40.0262 0x04e4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    03:16:40.0340 0x04e4  osppsvc - ok
    03:16:40.0386 0x04e4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
    03:16:40.0386 0x04e4  p2pimsvc - ok
    03:16:40.0402 0x04e4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
    03:16:40.0418 0x04e4  p2psvc - ok
    03:16:40.0433 0x04e4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
    03:16:40.0433 0x04e4  Parport - ok
    03:16:40.0464 0x04e4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
    03:16:40.0464 0x04e4  partmgr - ok
    03:16:40.0464 0x04e4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
    03:16:40.0480 0x04e4  PcaSvc - ok
    03:16:40.0496 0x04e4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
    03:16:40.0496 0x04e4  pci - ok
    03:16:40.0511 0x04e4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
    03:16:40.0511 0x04e4  pciide - ok
    03:16:40.0527 0x04e4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
    03:16:40.0527 0x04e4  pcmcia - ok
    03:16:40.0542 0x04e4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
    03:16:40.0542 0x04e4  pcw - ok
    03:16:40.0558 0x04e4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
    03:16:40.0574 0x04e4  PEAUTH - ok
    03:16:40.0605 0x04e4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
    03:16:40.0620 0x04e4  PerfHost - ok
    03:16:40.0667 0x04e4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
    03:16:40.0698 0x04e4  pla - ok
    03:16:40.0714 0x04e4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
    03:16:40.0730 0x04e4  PlugPlay - ok
    03:16:40.0745 0x04e4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
    03:16:40.0745 0x04e4  PNRPAutoReg - ok
    03:16:40.0745 0x04e4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
    03:16:40.0761 0x04e4  PNRPsvc - ok
    03:16:40.0792 0x04e4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
    03:16:40.0792 0x04e4  PolicyAgent - ok
    03:16:40.0823 0x04e4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
    03:16:40.0823 0x04e4  Power - ok
    03:16:40.0854 0x04e4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
    03:16:40.0854 0x04e4  PptpMiniport - ok
    03:16:40.0870 0x04e4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
    03:16:40.0870 0x04e4  Processor - ok
    03:16:40.0901 0x04e4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
    03:16:40.0901 0x04e4  ProfSvc - ok
    03:16:40.0932 0x04e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
    03:16:40.0932 0x04e4  ProtectedStorage - ok
    03:16:40.0948 0x04e4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
    03:16:40.0964 0x04e4  Psched - ok
    03:16:41.0010 0x04e4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
    03:16:41.0026 0x04e4  ql2300 - ok
    03:16:41.0042 0x04e4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
    03:16:41.0042 0x04e4  ql40xx - ok
    03:16:41.0073 0x04e4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
    03:16:41.0073 0x04e4  QWAVE - ok
    03:16:41.0088 0x04e4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
    03:16:41.0088 0x04e4  QWAVEdrv - ok
    03:16:41.0088 0x04e4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
    03:16:41.0088 0x04e4  RasAcd - ok
    03:16:41.0104 0x04e4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
    03:16:41.0104 0x04e4  RasAgileVpn - ok
    03:16:41.0120 0x04e4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
    03:16:41.0120 0x04e4  RasAuto - ok
    03:16:41.0135 0x04e4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:16:41.0135 0x04e4  Rasl2tp - ok
    03:16:41.0151 0x04e4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
    03:16:41.0151 0x04e4  RasMan - ok
    03:16:41.0166 0x04e4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
    03:16:41.0166 0x04e4  RasPppoe - ok
    03:16:41.0166 0x04e4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
    03:16:41.0166 0x04e4  RasSstp - ok
    03:16:41.0182 0x04e4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
    03:16:41.0182 0x04e4  rdbss - ok
    03:16:41.0213 0x04e4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
    03:16:41.0213 0x04e4  rdpbus - ok
    03:16:41.0213 0x04e4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:16:41.0213 0x04e4  RDPCDD - ok
    03:16:41.0229 0x04e4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
    03:16:41.0229 0x04e4  RDPENCDD - ok
    03:16:41.0229 0x04e4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
    03:16:41.0229 0x04e4  RDPREFMP - ok
    03:16:41.0260 0x04e4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
    03:16:41.0260 0x04e4  RDPWD - ok
    03:16:41.0276 0x04e4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
    03:16:41.0276 0x04e4  rdyboost - ok
    03:16:41.0322 0x04e4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
    03:16:41.0322 0x04e4  RemoteAccess - ok
    03:16:41.0322 0x04e4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
    03:16:41.0322 0x04e4  RemoteRegistry - ok
    03:16:41.0354 0x04e4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
    03:16:41.0354 0x04e4  RpcEptMapper - ok
    03:16:41.0385 0x04e4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
    03:16:41.0385 0x04e4  RpcLocator - ok
    03:16:41.0400 0x04e4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
    03:16:41.0416 0x04e4  RpcSs - ok
    03:16:41.0432 0x04e4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
    03:16:41.0432 0x04e4  rspndr - ok
    03:16:41.0447 0x04e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
    03:16:41.0447 0x04e4  SamSs - ok
    03:16:41.0478 0x04e4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
    03:16:41.0478 0x04e4  sbp2port - ok
    03:16:41.0494 0x04e4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
    03:16:41.0510 0x04e4  SCardSvr - ok
    03:16:41.0510 0x04e4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
    03:16:41.0510 0x04e4  scfilter - ok
    03:16:41.0541 0x04e4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
    03:16:41.0556 0x04e4  Schedule - ok
    03:16:41.0588 0x04e4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
    03:16:41.0588 0x04e4  SCPolicySvc - ok
    03:16:41.0603 0x04e4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
    03:16:41.0603 0x04e4  SDRSVC - ok
    03:16:41.0603 0x04e4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
    03:16:41.0603 0x04e4  secdrv - ok
    03:16:41.0619 0x04e4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
    03:16:41.0619 0x04e4  seclogon - ok
    03:16:41.0634 0x04e4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
    03:16:41.0634 0x04e4  SENS - ok
    03:16:41.0634 0x04e4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
    03:16:41.0634 0x04e4  SensrSvc - ok
    03:16:41.0650 0x04e4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
    03:16:41.0650 0x04e4  Serenum - ok
    03:16:41.0666 0x04e4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
    03:16:41.0666 0x04e4  Serial - ok
    03:16:41.0666 0x04e4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
    03:16:41.0666 0x04e4  sermouse - ok
    03:16:41.0681 0x04e4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
    03:16:41.0681 0x04e4  SessionEnv - ok
    03:16:41.0681 0x04e4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
    03:16:41.0681 0x04e4  sffdisk - ok
    03:16:41.0697 0x04e4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
    03:16:41.0697 0x04e4  sffp_mmc - ok
    03:16:41.0697 0x04e4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
    03:16:41.0697 0x04e4  sffp_sd - ok
    03:16:41.0697 0x04e4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
    03:16:41.0697 0x04e4  sfloppy - ok
    03:16:41.0728 0x04e4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
    03:16:41.0728 0x04e4  SharedAccess - ok
    03:16:41.0744 0x04e4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    03:16:41.0759 0x04e4  ShellHWDetection - ok
    03:16:41.0759 0x04e4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
    03:16:41.0759 0x04e4  SiSRaid2 - ok
    03:16:41.0775 0x04e4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
    03:16:41.0775 0x04e4  SiSRaid4 - ok
    03:16:41.0775 0x04e4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
    03:16:41.0775 0x04e4  Smb - ok
    03:16:41.0790 0x04e4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
    03:16:41.0790 0x04e4  SNMPTRAP - ok
    03:16:41.0837 0x04e4  [ 3BB48F7E33C2B76184DDF233000C09CD, D1AAE5B0425047CA0C2D376D3E59324D35A90DF9074CD442DFD0ED6E434D3C84 ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    03:16:41.0837 0x04e4  Sony SCSI Helper Service - ok
    03:16:41.0853 0x04e4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
    03:16:41.0853 0x04e4  spldr - ok
    03:16:41.0900 0x04e4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
    03:16:41.0900 0x04e4  Spooler - ok
    03:16:42.0009 0x04e4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
    03:16:42.0071 0x04e4  sppsvc - ok
    03:16:42.0071 0x04e4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
    03:16:42.0071 0x04e4  sppuinotify - ok
    03:16:42.0102 0x04e4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
    03:16:42.0118 0x04e4  srv - ok
    03:16:42.0149 0x04e4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
    03:16:42.0149 0x04e4  srv2 - ok
    03:16:42.0165 0x04e4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
    03:16:42.0165 0x04e4  srvnet - ok
    03:16:42.0196 0x04e4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
    03:16:42.0196 0x04e4  SSDPSRV - ok
    03:16:42.0212 0x04e4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
    03:16:42.0212 0x04e4  SstpSvc - ok
    03:16:42.0243 0x04e4  [ A52DDA7F28FF685AD63D77FE0549707E, 2252E86329B9ED113F79DEA80315943314E1F6B73E146AB80A27D9120929E8A7 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    03:16:42.0258 0x04e4  Stereo Service - ok
    03:16:42.0274 0x04e4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
    03:16:42.0274 0x04e4  stexstor - ok
    03:16:42.0305 0x04e4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
    03:16:42.0321 0x04e4  stisvc - ok
    03:16:42.0336 0x04e4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
    03:16:42.0336 0x04e4  swenum - ok
    03:16:42.0352 0x04e4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
    03:16:42.0352 0x04e4  swprv - ok
    03:16:42.0414 0x04e4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
    03:16:42.0446 0x04e4  SysMain - ok
    03:16:42.0446 0x04e4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    03:16:42.0446 0x04e4  TabletInputService - ok
    03:16:42.0461 0x04e4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
    03:16:42.0461 0x04e4  TapiSrv - ok
    03:16:42.0477 0x04e4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
    03:16:42.0477 0x04e4  TBS - ok
    03:16:42.0555 0x04e4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
    03:16:42.0586 0x04e4  Tcpip - ok
    03:16:42.0648 0x04e4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
    03:16:42.0680 0x04e4  TCPIP6 - ok
    03:16:42.0711 0x04e4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
    03:16:42.0711 0x04e4  tcpipreg - ok
    03:16:42.0742 0x04e4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
    03:16:42.0742 0x04e4  TDPIPE - ok
    03:16:42.0758 0x04e4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
    03:16:42.0758 0x04e4  TDTCP - ok
    03:16:42.0789 0x04e4  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
    03:16:42.0789 0x04e4  tdx - ok
    03:16:42.0929 0x04e4  [ 01A402D34732CA3DA91786ADCC765069, 863AB0336B092CDF0A5256707D2EAFC0DE3A894C40944AD45A8CD54E725F3FBD ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    03:16:42.0976 0x04e4  TeamViewer6 - ok
    03:16:42.0992 0x04e4  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
    03:16:42.0992 0x04e4  teamviewervpn - ok
    03:16:43.0007 0x04e4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
    03:16:43.0007 0x04e4  TermDD - ok
    03:16:43.0054 0x04e4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
    03:16:43.0070 0x04e4  TermService - ok
    03:16:43.0101 0x04e4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
    03:16:43.0101 0x04e4  Themes - ok
    03:16:43.0116 0x04e4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
    03:16:43.0116 0x04e4  THREADORDER - ok
    03:16:43.0132 0x04e4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
    03:16:43.0132 0x04e4  TrkWks - ok
    03:16:43.0163 0x04e4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    03:16:43.0179 0x04e4  TrustedInstaller - ok
    03:16:43.0210 0x04e4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:16:43.0210 0x04e4  tssecsrv - ok
    03:16:43.0241 0x04e4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
    03:16:43.0241 0x04e4  TsUsbFlt - ok
    03:16:43.0241 0x04e4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
    03:16:43.0241 0x04e4  TsUsbGD - ok
    03:16:43.0257 0x04e4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
    03:16:43.0257 0x04e4  tunnel - ok
    03:16:43.0272 0x04e4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
    03:16:43.0272 0x04e4  uagp35 - ok
    03:16:43.0272 0x04e4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
    03:16:43.0288 0x04e4  udfs - ok
    03:16:43.0304 0x04e4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
    03:16:43.0304 0x04e4  UI0Detect - ok
    03:16:43.0319 0x04e4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
    03:16:43.0319 0x04e4  uliagpkx - ok
    03:16:43.0319 0x04e4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
    03:16:43.0319 0x04e4  umbus - ok
    03:16:43.0319 0x04e4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
    03:16:43.0319 0x04e4  UmPass - ok
    03:16:43.0335 0x04e4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
    03:16:43.0350 0x04e4  upnphost - ok
    03:16:43.0382 0x04e4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
    03:16:43.0382 0x04e4  usbccgp - ok
    03:16:43.0413 0x04e4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
    03:16:43.0413 0x04e4  usbcir - ok
    03:16:43.0444 0x04e4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
    03:16:43.0444 0x04e4  usbehci - ok
    03:16:43.0475 0x04e4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
    03:16:43.0475 0x04e4  usbhub - ok
    03:16:43.0506 0x04e4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
    03:16:43.0506 0x04e4  usbohci - ok
    03:16:43.0522 0x04e4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
    03:16:43.0522 0x04e4  usbprint - ok
    03:16:43.0538 0x04e4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
    03:16:43.0538 0x04e4  usbscan - ok
    03:16:43.0553 0x04e4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:16:43.0553 0x04e4  USBSTOR - ok
    03:16:43.0584 0x04e4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
    03:16:43.0584 0x04e4  usbuhci - ok
    03:16:43.0616 0x04e4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
    03:16:43.0616 0x04e4  UxSms - ok
    03:16:43.0631 0x04e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
    03:16:43.0631 0x04e4  VaultSvc - ok
    03:16:43.0662 0x04e4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
    03:16:43.0662 0x04e4  vdrvroot - ok
    03:16:43.0678 0x04e4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
    03:16:43.0678 0x04e4  vds - ok
    03:16:43.0694 0x04e4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
    03:16:43.0694 0x04e4  vga - ok
    03:16:43.0694 0x04e4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
    03:16:43.0694 0x04e4  VgaSave - ok
    03:16:43.0709 0x04e4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
    03:16:43.0709 0x04e4  vhdmp - ok
    03:16:43.0740 0x04e4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
    03:16:43.0740 0x04e4  viaide - ok
    03:16:43.0740 0x04e4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
    03:16:43.0740 0x04e4  volmgr - ok
    03:16:43.0756 0x04e4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
    03:16:43.0756 0x04e4  volmgrx - ok
    03:16:43.0787 0x04e4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
    03:16:43.0803 0x04e4  volsnap - ok
    03:16:43.0818 0x04e4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
    03:16:43.0818 0x04e4  vsmraid - ok
    03:16:43.0881 0x04e4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
    03:16:43.0896 0x04e4  VSS - ok
    03:16:44.0037 0x04e4  [ C22E26DEDA8CDDCD45B5E0751CD9ABCC, B913266BCB85F1C67AD5A44A53F4DAF4026D46B058EE6174FEC355FF2EA0F338 ] vToolbarUpdater18.1.9 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    03:16:44.0068 0x04e4  vToolbarUpdater18.1.9 - ok
    03:16:44.0084 0x04e4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
    03:16:44.0084 0x04e4  vwifibus - ok
    03:16:44.0084 0x04e4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
    03:16:44.0099 0x04e4  W32Time - ok
    03:16:44.0099 0x04e4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
    03:16:44.0099 0x04e4  WacomPen - ok
    03:16:44.0115 0x04e4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
    03:16:44.0115 0x04e4  WANARP - ok
    03:16:44.0115 0x04e4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
    03:16:44.0115 0x04e4  Wanarpv6 - ok
    03:16:44.0177 0x04e4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
    03:16:44.0193 0x04e4  WatAdminSvc - ok
    03:16:44.0255 0x04e4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
    03:16:44.0271 0x04e4  wbengine - ok
    03:16:44.0286 0x04e4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
    03:16:44.0286 0x04e4  WbioSrvc - ok
    03:16:44.0302 0x04e4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
    03:16:44.0302 0x04e4  wcncsvc - ok
    03:16:44.0318 0x04e4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    03:16:44.0318 0x04e4  WcsPlugInService - ok
    03:16:44.0318 0x04e4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
    03:16:44.0318 0x04e4  Wd - ok
    03:16:44.0380 0x04e4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
    03:16:44.0380 0x04e4  Wdf01000 - ok
    03:16:44.0396 0x04e4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
    03:16:44.0396 0x04e4  WdiServiceHost - ok
    03:16:44.0396 0x04e4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
    03:16:44.0396 0x04e4  WdiSystemHost - ok
    03:16:44.0442 0x04e4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
    03:16:44.0458 0x04e4  WebClient - ok
    03:16:44.0474 0x04e4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
    03:16:44.0489 0x04e4  Wecsvc - ok
    03:16:44.0489 0x04e4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
    03:16:44.0489 0x04e4  wercplsupport - ok
    03:16:44.0505 0x04e4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
    03:16:44.0505 0x04e4  WerSvc - ok
    03:16:44.0505 0x04e4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
    03:16:44.0505 0x04e4  WfpLwf - ok
    03:16:44.0520 0x04e4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
    03:16:44.0520 0x04e4  WIMMount - ok
    03:16:44.0567 0x04e4  WinDefend - ok
    03:16:44.0567 0x04e4  WinHttpAutoProxySvc - ok
    03:16:44.0598 0x04e4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
    03:16:44.0598 0x04e4  Winmgmt - ok
    03:16:44.0692 0x04e4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
    03:16:44.0723 0x04e4  WinRM - ok
    03:16:44.0770 0x04e4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
    03:16:44.0770 0x04e4  WinUSB - ok
    03:16:44.0817 0x04e4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
    03:16:44.0832 0x04e4  Wlansvc - ok
    03:16:44.0864 0x04e4  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    03:16:44.0864 0x04e4  wlcrasvc - ok
    03:16:44.0926 0x04e4  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    03:16:44.0973 0x04e4  wlidsvc - ok
    03:16:44.0988 0x04e4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
    03:16:44.0988 0x04e4  WmiAcpi - ok
    03:16:45.0004 0x04e4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
    03:16:45.0020 0x04e4  wmiApSrv - ok
    03:16:45.0035 0x04e4  WMPNetworkSvc - ok
    03:16:45.0035 0x04e4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
    03:16:45.0035 0x04e4  WPCSvc - ok
    03:16:45.0051 0x04e4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
    03:16:45.0051 0x04e4  WPDBusEnum - ok
    03:16:45.0066 0x04e4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
    03:16:45.0066 0x04e4  ws2ifsl - ok
    03:16:45.0066 0x04e4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
    03:16:45.0082 0x04e4  wscsvc - ok
    03:16:45.0082 0x04e4  WSearch - ok
    03:16:45.0176 0x04e4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
    03:16:45.0222 0x04e4  wuauserv - ok
    03:16:45.0254 0x04e4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
    03:16:45.0254 0x04e4  WudfPf - ok
    03:16:45.0285 0x04e4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:16:45.0285 0x04e4  WUDFRd - ok
    03:16:45.0300 0x04e4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
    03:16:45.0300 0x04e4  wudfsvc - ok
    03:16:45.0332 0x04e4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
    03:16:45.0332 0x04e4  WwanSvc - ok
    03:16:45.0347 0x04e4  ================ Scan global ===============================
    03:16:45.0378 0x04e4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    03:16:45.0394 0x04e4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    03:16:45.0410 0x04e4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    03:16:45.0441 0x04e4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    03:16:45.0456 0x04e4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    03:16:45.0456 0x04e4  [ Global ] - ok
    03:16:45.0456 0x04e4  ================ Scan MBR ==================================
    03:16:45.0472 0x04e4  [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
    03:16:47.0266 0x04e4  \Device\Harddisk0\DR0 - ok
    03:16:47.0266 0x04e4  ================ Scan VBR ==================================
    03:16:47.0282 0x04e4  [ 4831DB8892BB992461AFFE3A7B8AE636 ] \Device\Harddisk0\DR0\Partition1
    03:16:47.0282 0x04e4  \Device\Harddisk0\DR0\Partition1 - ok
    03:16:47.0282 0x04e4  [ 8C06189B544798AB8AF4261D2A7247BE ] \Device\Harddisk0\DR0\Partition2
    03:16:47.0282 0x04e4  \Device\Harddisk0\DR0\Partition2 - ok
    03:16:47.0282 0x04e4  ================ Scan generic autorun ======================
    03:16:47.0547 0x04e4  [ 96922E3892E299FED3F2B82FD5DDB99F, 0F01DAC0F6B026653DE220494347212441B50340B7A8068A709BF6953D799B57 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    03:16:47.0703 0x04e4  RtHDVCpl - ok
    03:16:47.0750 0x04e4  [ 452FA961163EF4AEE4815796A13AB2CF, 14DC422082F96F5C21C41A5E5F6E8445547CC4B02B18F0A86A34669CA2CE18A7 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    03:16:47.0750 0x04e4  Adobe Reader Speed Launcher - ok
    03:16:47.0796 0x04e4  [ 2EA4B2BC3260CF3D20F6A164B362F6D4, 04E9262329F7B326468B6E57502CBD600B6BFF578E63242404FF612C1DBD08DE ] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    03:16:47.0812 0x04e4  Hotkey Utility - ok
    03:16:47.0968 0x04e4  [ 371BA71B566260932DCCCF843BF6C7E7, 3F34769DD1EA9C6CBAA3DC099B2512E4D5B888A6B76A568BB79ED08452C7EA17 ] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    03:16:47.0999 0x04e4  AVG_TRAY - ok
    03:16:48.0062 0x04e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    03:16:48.0077 0x04e4  Sidebar - ok
    03:16:48.0108 0x04e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
    03:16:48.0108 0x04e4  mctadmin - ok
    03:16:48.0140 0x04e4  [ 6E9DBF6B982AEA2EC6614F0B81AB2846, BEBD1E26E3C2810B19A71446A2CC5B9BD9436E802DD8CD0432DFC35BFF248593 ] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe
    03:16:48.0140 0x04e4  ScrSav - ok
    03:16:48.0155 0x04e4  AV detected via SS2: AVG Anti-Virus Free Edition 2012, C:\Program Files (x86)\AVG\AVG2012\avgwsc.exe ( 12.0.0.2222 ), 0x40000 ( disabled : updated )
    03:16:48.0155 0x04e4  Win FW state via NFP2: enabled
    03:16:48.0155 0x04e4  ============================================================
    03:16:48.0155 0x04e4  Scan finished
    03:16:48.0155 0x04e4  ============================================================
    03:16:48.0155 0x0544  Detected object count: 0
    03:16:48.0155 0x0544  Actual detected object count: 0
    03:18:10.0492 0x063c  Deinitialize success

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
    Ran by Thackers (administrator) on THACKERS-PC on 08-02-2015 03:24:56
    Running from C:\Users\Thackers\Desktop
    Loaded Profiles: Thackers (Available profiles: Thackers & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
    HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-29] ()
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
    BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....fr&d=2013-11-04 22:58:56&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
    FF Plugin HKU\S-1-5-21-1853160511-3213668173-3947774843-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Thackers\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
    FF Plugin HKU\S-1-5-21-1853160511-3213668173-3947774843-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Thackers\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
    FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2011-11-11]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
    FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-06]
    FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
    FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-05-15]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
    CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
    S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
    S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-10-23] (Sony Corporation) [File not signed]
    S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
    S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
    S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
    U3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U3 aswMBR; \??\C:\Users\Thackers\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\Thackers\AppData\Local\Temp\aswVmm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 03:24 - 2015-02-08 03:25 - 00012523 _____ () C:\Users\Thackers\Desktop\FRST.txt
    2015-02-08 03:24 - 2015-02-08 03:24 - 00000000 ____D () C:\FRST
    2015-02-08 03:23 - 2015-02-07 12:56 - 02132992 _____ (Farbar) C:\Users\Thackers\Desktop\FRST64.exe
    2015-02-08 03:07 - 2015-02-07 12:53 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Thackers\Desktop\tdsskiller.exe
    2015-02-08 02:22 - 2015-02-08 02:22 - 00021976 _____ () C:\ComboFix.txt
    2015-02-08 01:29 - 2015-02-08 02:22 - 00000000 ____D () C:\Qoobox
    2015-02-08 01:29 - 2015-02-08 02:21 - 00000000 ____D () C:\Windows\erdnt
    2015-02-08 01:29 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-02-08 01:29 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-02-08 01:29 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-02-08 01:26 - 2015-02-07 12:51 - 05611380 ____R (Swearware) C:\Users\Thackers\Desktop\ComboFix.exe
    2015-02-08 01:08 - 2015-02-08 01:08 - 00001616 _____ () C:\Users\Thackers\Desktop\aswMBR2.txt
    2015-02-07 17:17 - 2015-02-07 12:50 - 05200384 _____ (AVAST Software) C:\Users\Thackers\Desktop\aswmbr.exe
    2015-02-03 22:54 - 2015-02-04 12:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-03 22:53 - 2015-02-03 22:53 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-03 22:53 - 2015-02-03 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-03 22:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-03 22:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-03 22:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-03 22:52 - 2015-02-03 22:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-03 22:52 - 2015-02-03 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-03 15:20 - 2015-02-03 15:20 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\TuneUp Software
    2015-02-03 15:02 - 2015-02-03 15:02 - 00008554 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.HTML
    2015-02-03 15:02 - 2015-02-03 15:02 - 00008554 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.HTML
    2015-02-03 15:02 - 2015-02-03 15:02 - 00004220 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.TXT
    2015-02-03 15:02 - 2015-02-03 15:02 - 00004220 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.TXT
    2015-02-03 15:02 - 2015-02-03 15:02 - 00000276 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.URL
    2015-02-03 15:02 - 2015-02-03 15:02 - 00000276 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.URL
    2015-02-03 14:51 - 2015-02-03 14:51 - 00008554 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML
    2015-02-03 14:51 - 2015-02-03 14:51 - 00008554 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.HTML
    2015-02-03 14:51 - 2015-02-03 14:51 - 00004220 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.TXT
    2015-02-03 14:51 - 2015-02-03 14:51 - 00004220 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.TXT
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000276 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000276 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.URL
    2015-02-03 14:40 - 2015-02-03 14:40 - 00008554 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 00008554 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 00004220 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 00004220 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 00000276 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL
    2015-02-03 14:40 - 2015-02-03 14:40 - 00000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
    2015-01-24 15:53 - 2015-01-24 15:53 - 00000680 _____ () C:\ProgramData\@system.temp
    2015-01-24 15:53 - 2015-01-24 15:53 - 00000480 ____H () C:\Users\Thackers\AppData\Roaming\麽鎒駓覜
    2015-01-24 15:52 - 2015-02-03 15:08 - 00000000 ____D () C:\a8157522
    2015-01-24 15:52 - 2015-02-03 14:37 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\FrameworkUpdate
    2015-01-24 15:52 - 2015-01-24 15:53 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2015-01-24 15:51 - 2015-02-03 15:07 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
    2015-01-23 09:29 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-23 09:29 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-23 09:29 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-23 09:29 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-23 09:29 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-23 09:29 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-23 09:29 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-22 13:28 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-20 12:17 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-20 12:17 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-20 12:17 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-20 12:17 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-20 12:16 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-10 14:37 - 2015-01-10 14:37 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\RevTrax

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 03:07 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-08 02:22 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2015-02-08 02:20 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
    2015-02-07 20:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-07 20:25 - 2009-07-13 23:51 - 00083702 _____ () C:\Windows\setupact.log
    2015-02-07 20:25 - 2009-07-07 03:23 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-02-07 20:23 - 2009-07-07 03:24 - 01397871 _____ () C:\Windows\WindowsUpdate.log
    2015-02-07 19:47 - 2012-12-28 20:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-07 19:05 - 2009-07-13 23:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-07 19:05 - 2009-07-13 23:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-07 17:22 - 2011-11-11 10:46 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
    2015-02-04 17:31 - 2011-11-26 19:02 - 00000000 ____D () C:\Users\Thackers\AppData\Local\CrashDumps
    2015-02-04 17:18 - 2010-11-20 22:47 - 00274742 _____ () C:\Windows\PFRO.log
    2015-02-04 16:51 - 2012-12-28 20:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-04 16:50 - 2012-12-28 20:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-04 16:50 - 2012-01-20 22:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-04 11:37 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
    2015-02-03 15:08 - 2011-11-11 10:46 - 00000000 ____D () C:\ProgramData\AVG2012
    2015-02-03 15:02 - 2011-11-20 14:26 - 00000000 ____D () C:\Users\Thackers\Documents\USO
    2015-02-03 14:52 - 2011-11-20 14:26 - 00000000 ____D () C:\Users\Thackers\Documents\Bob
    2015-02-03 14:51 - 2011-11-11 10:31 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    2015-02-03 14:40 - 2013-09-09 21:34 - 00000000 ____D () C:\Users\Thackers\AppData\Local\AVG SafeGuard toolbar
    2015-02-03 14:40 - 2013-01-27 14:31 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Sony Corporation
    2015-02-03 14:40 - 2011-11-11 10:56 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Microsoft Games
    2015-02-03 14:40 - 2011-11-11 10:16 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\Adobe
    2015-02-03 14:40 - 2011-11-11 10:16 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Adobe
    2015-02-03 14:39 - 2013-09-09 21:34 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
    2015-01-24 15:54 - 2012-05-15 19:20 - 00000000 ____D () C:\$AVG
    2015-01-22 14:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-20 12:36 - 2013-08-16 22:16 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-20 12:22 - 2012-11-23 15:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-10 14:19 - 2011-11-11 10:16 - 00089592 _____ () C:\Users\Thackers\AppData\Local\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2015-02-03 14:51 - 2015-02-03 14:51 - 0008554 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML
    2015-02-03 14:51 - 2015-02-03 14:51 - 0045774 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.PNG
    2015-02-03 14:51 - 2015-02-03 14:51 - 0004220 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.TXT
    2015-02-03 14:51 - 2015-02-03 14:51 - 0000276 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL
    2015-01-24 15:53 - 2015-01-24 15:53 - 0000480 ____H () C:\Users\Thackers\AppData\Roaming\麽鎒駓覜
    2015-02-03 14:40 - 2015-02-03 14:40 - 0008554 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 0045774 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.PNG
    2015-02-03 14:40 - 2015-02-03 14:40 - 0004220 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 0000276 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL
    2015-01-24 15:53 - 2015-01-24 15:53 - 0000680 _____ () C:\ProgramData\@system.temp
    2015-02-03 14:40 - 2015-02-03 14:40 - 0008554 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 0045774 _____ () C:\ProgramData\HELP_DECRYPT.PNG
    2015-02-03 14:40 - 2015-02-03 14:40 - 0004220 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 0000276 _____ () C:\ProgramData\HELP_DECRYPT.URL

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2011-03-31 03:59

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
    Ran by Thackers at 2015-02-08 03:25:19
    Running from C:\Users\Thackers\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AS: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2249 - AVG Technologies)
    AVG 2012 (Version: 12.0.4257 - AVG Technologies) Hidden
    AVG 2012 (Version: 12.1.2249 - AVG Technologies) Hidden
    AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
    Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
    eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)
    eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
    NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    Reader for PC (HKLM-x32\...\{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}) (Version: 2.0.01.11080 - Sony Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
    RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.11656 - TeamViewer GmbH)
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
    Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No File Path

    ==================== Restore Points  =========================

    Check "winmgmt" service or repair WMI.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-02-08 02:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0CC30E12-DE7E-4CD8-B035-B2944840A510} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {1CFA157E-EDB3-4B0B-AB78-E2FF2BDDCF91} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1853160511-3213668173-3947774843-1000
    Task: {492E73E7-EE00-4FA3-9E24-16E06D96DF50} - System32\Tasks\eMachines Registration - Reminder Recall task => C:\Program Files (x86)\eMachines\Registration\GREG.exe
    Task: {D0ED809B-7544-4B2B-9438-24CE257EA5FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {E1D13BB9-5632-48F9-B90C-5EDC3C42D73B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

    ==================== Loaded Modules (whitelisted) ==============

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thackers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1853160511-3213668173-3947774843-500 - Administrator - Disabled)
    Guest (S-1-5-21-1853160511-3213668173-3947774843-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1853160511-3213668173-3947774843-1002 - Limited - Enabled)
    Thackers (S-1-5-21-1853160511-3213668173-3947774843-1000 - Administrator - Enabled) => C:\Users\Thackers
    UpdatusUser (S-1-5-21-1853160511-3213668173-3947774843-1003 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/08/2015 03:25:19 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
    .

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 03:25:19 AM) (Source: VSS) (EventID: 18) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 01:29:47 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

    Error: (02/08/2015 01:29:47 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
    .

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 01:29:47 AM) (Source: VSS) (EventID: 18) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]

    Operation:
       Instantiating VSS server

    Error: (02/07/2015 08:30:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 08:27:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 06:56:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 05:13:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    System errors:
    =============
    Error: (02/08/2015 03:24:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:18:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:07:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:04:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:04:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:01:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 02:22:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 02:22:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 02:22:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 02:22:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Microsoft Office Sessions:
    =========================
    Error: (02/08/2015 03:25:19 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 03:25:19 AM) (Source: VSS) (EventID: 18) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 01:29:47 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

    Error: (02/08/2015 01:29:47 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 01:29:47 AM) (Source: VSS) (EventID: 18) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

    Operation:
       Instantiating VSS server

    Error: (02/07/2015 08:30:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 08:27:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 06:56:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 06:47:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 05:13:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    CodeIntegrity Errors:
    ===================================
      Date: 2015-02-08 02:12:00.776
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-02-08 02:12:00.604
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X2 260 Processor
    Percentage of memory in use: 51%
    Total physical RAM: 3839.37 MB
    Available physical RAM: 1848.43 MB
    Total Pagefile: 7676.92 MB
    Available Pagefile: 6374.58 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:448.08 GB) (Free:387.42 GB) NTFS
    Drive f: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 35D5C1F3)
    Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 1.9 GB) (Disk ID: C7C00102)
    Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)

    ==================== End Of Log ============================


     


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP

    This is the first time I have seen a Poweliks infection.  That's also probably the first time aswMBR has ever seen one too which is why it took so long.  

    Follow the guide here and run the ESET Poweliks removal tool.

     

     

    http://www.bleepingc...poweliks-trojan

     

     

    Then run a new FRST fix with the attached Fixlist.txt as before when it is done.  If we remove them first then  ESET's tool might not know to run.  (It still might say it doesn't see the infection since Combofix took out most of it but I want to be sure it's all gone.)   It appears that the infection was actually started here:

     

    2015-01-24 15:53 - 2015-01-24 15:53 - 00000680 _____ () C:\ProgramData\@system.temp
    2015-01-24 15:53 - 2015-01-24 15:53 - 00000480 ____H () C:\Users\Thackers\AppData\Roaming\麽鎒駓覜
    2015-01-24 15:52 - 2015-02-03 15:08 - 00000000 ____D () C:\a8157522
    2015-01-24 15:52 - 2015-02-03 14:37 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\FrameworkUpdate
    2015-01-24 15:52 - 2015-01-24 15:53 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2015-01-24 15:51 - 2015-02-03 15:07 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}

     

    Then it hid and started encrypting files until it alerted the user here:

     

    2015-02-03 15:02 - 2015-02-03 15:02 - 00008554 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.HTML

    2015-02-03 15:02 - 2015-02-03 15:02 - 00008554 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.HTML
    2015-02-03 15:02 - 2015-02-03 15:02 - 00004220 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.TXT
    2015-02-03 15:02 - 2015-02-03 15:02 - 00004220 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.TXT
    2015-02-03 15:02 - 2015-02-03 15:02 - 00000276 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.URL
    2015-02-03 15:02 - 2015-02-03 15:02 - 00000276 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.URL
    2015-02-03 14:51 - 2015-02-03 14:51 - 00008554 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML
    2015-02-03 14:51 - 2015-02-03 14:51 - 00008554 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.HTML
    2015-02-03 14:51 - 2015-02-03 14:51 - 00004220 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.TXT
    2015-02-03 14:51 - 2015-02-03 14:51 - 00004220 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.TXT
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000276 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000276 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.URL
    2015-02-03 14:40 - 2015-02-03 14:40 - 00008554 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 00008554 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 00004220 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 00004220 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 00000276 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL
    2015-02-03 14:40 - 2015-02-03 14:40 - 00000276 _____ () C:\ProgramData\HELP_DECRYPT.URL

     

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     


    • 0

    #5
    anseladams

    anseladams

      Member

    • Topic Starter
    • Member
    • PipPip
    • 11 posts

    Poweliks - Uggggh (a pox on anyone who does sh*t like this!!).

    You are correct.  It appears all files have been encrypted/lost; I will go through & delete them later (pics are OK).  Logs below:

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
    Ran by Thackers at 2015-02-08 11:26:23 Run:1
    Running from C:\Users\Thackers\Desktop
    Loaded Profiles: Thackers & UpdatusUser (Available profiles: Thackers & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
    2015-01-24 15:53 - 2015-01-24 15:53 - 00000680 _____ () C:\ProgramData\@system.temp
    2015-01-24 15:53 - 2015-01-24 15:53 - 00000480 ____H () C:\Users\Thackers\AppData\Roaming\麽鎒駓覜
    2015-01-24 15:52 - 2015-02-03 15:08 - 00000000 ____D () C:\a8157522
    2015-01-24 15:52 - 2015-02-03 14:37 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\FrameworkUpdate
    2015-01-24 15:52 - 2015-01-24 15:53 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2015-01-24 15:51 - 2015-02-03 15:07 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
    2015-02-03 15:02 - 2015-02-03 15:02 - 00008554 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.HTML
    2015-02-03 15:02 - 2015-02-03 15:02 - 00008554 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.HTML
    2015-02-03 15:02 - 2015-02-03 15:02 - 00004220 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.TXT
    2015-02-03 15:02 - 2015-02-03 15:02 - 00004220 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.TXT
    2015-02-03 15:02 - 2015-02-03 15:02 - 00000276 _____ () C:\Users\Thackers\Downloads\HELP_DECRYPT.URL
    2015-02-03 15:02 - 2015-02-03 15:02 - 00000276 _____ () C:\Users\Thackers\Documents\HELP_DECRYPT.URL
    2015-02-03 14:51 - 2015-02-03 14:51 - 00008554 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML
    2015-02-03 14:51 - 2015-02-03 14:51 - 00008554 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.HTML
    2015-02-03 14:51 - 2015-02-03 14:51 - 00004220 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.TXT
    2015-02-03 14:51 - 2015-02-03 14:51 - 00004220 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.TXT
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000276 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000276 _____ () C:\Users\Thackers\AppData\HELP_DECRYPT.URL
    2015-02-03 14:40 - 2015-02-03 14:40 - 00008554 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 00008554 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 00004220 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 00004220 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 00000276 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL
    2015-02-03 14:40 - 2015-02-03 14:40 - 00000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
    2015-02-03 14:51 - 2015-02-03 14:51 - 0008554 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML
    2015-02-03 14:51 - 2015-02-03 14:51 - 0045774 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.PNG
    2015-02-03 14:51 - 2015-02-03 14:51 - 0004220 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.TXT
    2015-02-03 14:51 - 2015-02-03 14:51 - 0000276 _____ () C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL
    2015-01-24 15:53 - 2015-01-24 15:53 - 0000480 ____H () C:\Users\Thackers\AppData\Roaming\麽鎒駓覜
    2015-02-03 14:40 - 2015-02-03 14:40 - 0008554 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 0045774 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.PNG
    2015-02-03 14:40 - 2015-02-03 14:40 - 0004220 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 0000276 _____ () C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL
    2015-01-24 15:53 - 2015-01-24 15:53 - 0000680 _____ () C:\ProgramData\@system.temp
    2015-02-03 14:40 - 2015-02-03 14:40 - 0008554 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-02-03 14:40 - 2015-02-03 14:40 - 0045774 _____ () C:\ProgramData\HELP_DECRYPT.PNG
    2015-02-03 14:40 - 2015-02-03 14:40 - 0004220 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-02-03 14:40 - 2015-02-03 14:40 - 0000276 _____ () C:\ProgramData\HELP_DECRYPT.URL

     

    *****************

    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
    C:\ProgramData\@system.temp => Moved successfully.
    C:\Users\Thackers\AppData\Roaming\麽鎒駓覜 => Moved successfully.
    C:\a8157522 => Moved successfully.
    C:\Users\Thackers\AppData\Roaming\FrameworkUpdate => Moved successfully.
    C:\ProgramData\Windows Genuine Advantage => Moved successfully.
    C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} => Moved successfully.
    C:\Users\Thackers\Downloads\HELP_DECRYPT.HTML => Moved successfully.
    C:\Users\Thackers\Documents\HELP_DECRYPT.HTML => Moved successfully.
    C:\Users\Thackers\Downloads\HELP_DECRYPT.TXT => Moved successfully.
    C:\Users\Thackers\Documents\HELP_DECRYPT.TXT => Moved successfully.
    C:\Users\Thackers\Downloads\HELP_DECRYPT.URL => Moved successfully.
    C:\Users\Thackers\Documents\HELP_DECRYPT.URL => Moved successfully.
    C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
    C:\Users\Thackers\AppData\HELP_DECRYPT.HTML => Moved successfully.
    C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
    C:\Users\Thackers\AppData\HELP_DECRYPT.TXT => Moved successfully.
    C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
    C:\Users\Thackers\AppData\HELP_DECRYPT.URL => Moved successfully.
    C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
    "C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
    C:\Users\Thackers\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
    "C:\ProgramData\HELP_DECRYPT.TXT" => File/Directory not found.
    C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
    C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
    "C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
    C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
    "C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
    "C:\Users\Thackers\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
    "C:\Users\Thackers\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
    "C:\Users\Thackers\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
    C:\Users\Thackers\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
    "C:\Users\Thackers\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
    "C:\Users\Thackers\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
    "C:\ProgramData\@system.temp" => File/Directory not found.
    "C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
    C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
    "C:\ProgramData\HELP_DECRYPT.TXT" => File/Directory not found.
    "C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.

    ==== End of Fixlog 11:26:23 ====

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
    Ran by Thackers (administrator) on THACKERS-PC on 08-02-2015 11:27:33
    Running from C:\Users\Thackers\Desktop
    Loaded Profiles: Thackers & UpdatusUser (Available profiles: Thackers & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    (Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
    () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
    HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-29] ()
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
    BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....fr&d=2013-11-04 22:58:56&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
    FF Plugin HKU\S-1-5-21-1853160511-3213668173-3947774843-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Thackers\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
    FF Plugin HKU\S-1-5-21-1853160511-3213668173-3947774843-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Thackers\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
    FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2011-11-11]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
    FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-06]
    FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
    FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-05-15]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
    CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
    R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
    R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-10-23] (Sony Corporation) [File not signed]
    R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
    R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 11:27 - 2015-02-08 11:28 - 00013767 _____ () C:\Users\Thackers\Desktop\FRST.txt
    2015-02-08 09:52 - 2015-02-08 09:52 - 00000000 ___HD () C:\Windows\AxInstSV
    2015-02-08 09:40 - 2015-02-08 09:44 - 00014596 _____ () C:\Users\Thackers\Desktop\ESETPoweliksCleaner.exe_20150208.094054.3568.log
    2015-02-08 09:39 - 2015-02-08 09:39 - 00190152 _____ (ESET) C:\Users\Thackers\Desktop\ESETPoweliksCleaner.exe
    2015-02-08 03:24 - 2015-02-08 11:27 - 00000000 ____D () C:\FRST
    2015-02-08 03:23 - 2015-02-07 12:56 - 02132992 _____ (Farbar) C:\Users\Thackers\Desktop\FRST64.exe
    2015-02-08 02:22 - 2015-02-08 02:22 - 00021976 _____ () C:\ComboFix.txt
    2015-02-08 01:29 - 2015-02-08 02:22 - 00000000 ____D () C:\Qoobox
    2015-02-08 01:29 - 2015-02-08 02:21 - 00000000 ____D () C:\Windows\erdnt
    2015-02-08 01:29 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-02-08 01:29 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-02-08 01:29 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-02-08 01:29 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-02-03 22:54 - 2015-02-08 05:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-03 22:53 - 2015-02-03 22:53 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-03 22:53 - 2015-02-03 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-03 22:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-03 22:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-03 22:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-03 22:52 - 2015-02-03 22:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-03 22:52 - 2015-02-03 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-03 15:20 - 2015-02-03 15:20 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\TuneUp Software
    2015-01-23 09:29 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-23 09:29 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-23 09:29 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-23 09:29 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-23 09:29 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-23 09:29 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-23 09:29 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-22 13:28 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-20 12:17 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-20 12:17 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-20 12:17 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-20 12:17 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-20 12:16 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-10 14:37 - 2015-01-10 14:37 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\RevTrax

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-08 11:24 - 2009-07-13 23:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-08 11:24 - 2009-07-13 23:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-08 11:21 - 2009-07-07 03:24 - 01439141 _____ () C:\Windows\WindowsUpdate.log
    2015-02-08 11:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-08 11:17 - 2009-07-13 23:51 - 00084666 _____ () C:\Windows\setupact.log
    2015-02-08 11:17 - 2009-07-07 03:23 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-02-08 10:47 - 2012-12-28 20:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-08 10:38 - 2013-09-09 21:34 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
    2015-02-08 10:38 - 2012-05-15 19:20 - 00000000 ____D () C:\$AVG
    2015-02-08 09:49 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-08 03:37 - 2011-11-11 10:46 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
    2015-02-08 03:29 - 2010-11-20 22:47 - 00275282 _____ () C:\Windows\PFRO.log
    2015-02-08 02:22 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2015-02-08 02:20 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
    2015-02-04 17:31 - 2011-11-26 19:02 - 00000000 ____D () C:\Users\Thackers\AppData\Local\CrashDumps
    2015-02-04 16:51 - 2012-12-28 20:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-04 16:50 - 2012-12-28 20:42 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-04 16:50 - 2012-01-20 22:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-04 11:37 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
    2015-02-03 15:08 - 2011-11-11 10:46 - 00000000 ____D () C:\ProgramData\AVG2012
    2015-02-03 15:02 - 2011-11-20 14:26 - 00000000 ____D () C:\Users\Thackers\Documents\USO
    2015-02-03 14:52 - 2011-11-20 14:26 - 00000000 ____D () C:\Users\Thackers\Documents\Bob
    2015-02-03 14:51 - 2011-11-11 10:31 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    2015-02-03 14:40 - 2013-09-09 21:34 - 00000000 ____D () C:\Users\Thackers\AppData\Local\AVG SafeGuard toolbar
    2015-02-03 14:40 - 2013-01-27 14:31 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Sony Corporation
    2015-02-03 14:40 - 2011-11-11 10:56 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Microsoft Games
    2015-02-03 14:40 - 2011-11-11 10:16 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\Adobe
    2015-02-03 14:40 - 2011-11-11 10:16 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Adobe
    2015-01-22 14:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-20 12:36 - 2013-08-16 22:16 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-20 12:22 - 2012-11-23 15:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-10 14:19 - 2011-11-11 10:16 - 00089592 _____ () C:\Users\Thackers\AppData\Local\GDIPFONTCACHEV1.DAT

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2011-03-31 03:59

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
    Ran by Thackers at 2015-02-08 11:28:49
    Running from C:\Users\Thackers\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AS: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2249 - AVG Technologies)
    AVG 2012 (Version: 12.0.4257 - AVG Technologies) Hidden
    AVG 2012 (Version: 12.1.2249 - AVG Technologies) Hidden
    AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
    Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
    eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)
    eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
    NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    Reader for PC (HKLM-x32\...\{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}) (Version: 2.0.01.11080 - Sony Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
    RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.11656 - TeamViewer GmbH)
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
    Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    09-12-2014 18:43:22 Windows Update
    19-12-2014 12:30:35 Windows Update
    20-12-2014 15:25:05 Windows Update
    10-01-2015 14:37:04 Installed RevTraxPrintMyCoupon
    20-01-2015 12:21:20 Windows Update
    23-01-2015 02:21:39 Windows Update
    23-01-2015 12:52:47 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-02-08 02:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0CC30E12-DE7E-4CD8-B035-B2944840A510} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {1CFA157E-EDB3-4B0B-AB78-E2FF2BDDCF91} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1853160511-3213668173-3947774843-1000
    Task: {492E73E7-EE00-4FA3-9E24-16E06D96DF50} - System32\Tasks\eMachines Registration - Reminder Recall task => C:\Program Files (x86)\eMachines\Registration\GREG.exe
    Task: {D0ED809B-7544-4B2B-9438-24CE257EA5FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {E1D13BB9-5632-48F9-B90C-5EDC3C42D73B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-04-12 23:24 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2009-08-10 18:01 - 2009-08-10 18:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    2009-08-10 18:00 - 2009-08-10 18:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
    2009-08-10 18:01 - 2009-08-10 18:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
    2009-08-10 18:01 - 2009-08-10 18:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    2014-08-12 10:01 - 2014-08-12 10:00 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    2011-01-18 20:08 - 2011-01-18 20:08 - 00620136 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    2013-09-09 21:33 - 2014-08-29 16:00 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    2014-08-12 10:01 - 2014-08-12 10:00 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
    2011-01-18 20:08 - 2011-01-18 20:08 - 00151656 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
    2012-11-08 10:54 - 2012-11-08 10:54 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00039816 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00239496 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00026504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
    2012-10-23 21:58 - 2012-10-23 21:58 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00124808 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00015752 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00024456 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00016776 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00014728 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
    2012-11-08 10:56 - 2012-11-08 10:56 - 00034184 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00018312 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00092040 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00149384 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
    2012-11-08 10:56 - 2012-11-08 10:56 - 00178056 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thackers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1853160511-3213668173-3947774843-500 - Administrator - Disabled)
    Guest (S-1-5-21-1853160511-3213668173-3947774843-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1853160511-3213668173-3947774843-1002 - Limited - Enabled)
    Thackers (S-1-5-21-1853160511-3213668173-3947774843-1000 - Administrator - Enabled) => C:\Users\Thackers
    UpdatusUser (S-1-5-21-1853160511-3213668173-3947774843-1003 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/08/2015 11:18:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/08/2015 09:47:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/08/2015 03:30:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/08/2015 03:25:19 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
    .

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 03:25:19 AM) (Source: VSS) (EventID: 18) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 01:29:47 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

    Error: (02/08/2015 01:29:47 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
    .

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 01:29:47 AM) (Source: VSS) (EventID: 18) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]

    Operation:
       Instantiating VSS server

    Error: (02/07/2015 08:30:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 08:27:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    System errors:
    =============
    Error: (02/08/2015 03:30:38 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Error: (02/08/2015 03:24:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:18:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:07:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:04:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:04:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 03:01:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 02:22:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 02:22:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (02/08/2015 02:22:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Microsoft Office Sessions:
    =========================
    Error: (02/08/2015 11:18:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/08/2015 09:47:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/08/2015 03:30:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/08/2015 03:25:19 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 03:25:19 AM) (Source: VSS) (EventID: 18) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 01:29:47 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

    Error: (02/08/2015 01:29:47 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

    Operation:
       Instantiating VSS server

    Error: (02/08/2015 01:29:47 AM) (Source: VSS) (EventID: 18) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

    Operation:
       Instantiating VSS server

    Error: (02/07/2015 08:30:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/07/2015 08:27:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    CodeIntegrity Errors:
    ===================================
      Date: 2015-02-08 02:12:00.776
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-02-08 02:12:00.604
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X2 260 Processor
    Percentage of memory in use: 30%
    Total physical RAM: 3839.37 MB
    Available physical RAM: 2668.89 MB
    Total Pagefile: 7676.92 MB
    Available Pagefile: 6314.64 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:448.08 GB) (Free:387.15 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 35D5C1F3)
    Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #6
    anseladams

    anseladams

      Member

    • Topic Starter
    • Member
    • PipPip
    • 11 posts

    Quick question.  Two (2) files below are on the desktop.  When attempting to delete, a Windows pop-up says if deleted the program may not run successfully.  OK to delete or not?

    [.ShellClassInfo]
    [email protected]%SystemRoot%\system32\shell32.dll,-21769
    IconResource=%SystemRoot%\system32\imageres.dll,-183
    [LocalizedFileNames]
    Internet [email protected]%windir%\System32\ie4uinit.exe,-734
    [email protected]%SystemRoot%\system32\gameux.dll,-10056
    [email protected]%SystemRoot%\system32\shell32.dll,-22019
     

    [.ShellClassInfo]
    [email protected]%SystemRoot%\system32\shell32.dll,-21799
     


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP

    Leave the files.  They look like desktop.ini.  Normally you won't see these but they are visible because we have run OTL.  They will go back to hiding once we cleanup.  It looks like ESET ran OK.  Did it act like it found anything?  

     

    Let's see if there is any damage:

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.

    • 0

    #8
    anseladams

    anseladams

      Member

    • Topic Starter
    • Member
    • PipPip
    • 11 posts

    ESET Cleaner ran OK.  The ESET Scanner (recommended 1 time only scan post using the cleaner tool) found 1435 infected files: Win32/filecoder.CRtrojan.  Near the end of the scan, it appeared to stall so I chose to exit.

     

    A check of critical system files looks OK ("Windows Resource Protection did not find any integrity violations").

     

    Event Viewer Logs are below:

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 08/02/2015 1:59:25 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 08/02/2015 6:14:52 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#.

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 08/02/2015 1:40:04 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 08/02/2015 6:16:04 PM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 08/02/2015 6:13:15 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-1853160511-3213668173-3947774843-1000:
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\SystemCertificates\Disallowed
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Policies\Microsoft\SystemCertificates
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\SystemCertificates\trust
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\SystemCertificates\My
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\SystemCertificates\CA
    Process 2192 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\SystemCertificates\Root

     


    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP

    I expect the files ESET online scan found were all just encrypted by the virus and not really bad.

     

    The first error is nothing to worry about tho I have heard that if you change the Startup Type on Windows Driver Foundation - User-mode Driver Framework from Manual to Automatic that it goes away.  In the Search box type:  services.msc

    and hit Enter.  Scroll down until you find Windows Driver Foundation - User-mode Driver Framework and right click on it and select Properties.  Change the Startup Type from manual to Automatic.  OK

     

     

    The second has a fixit.  Again it's nothing important.

     

    Works best with IE:

     

     
     
    The third is caused by Windows Live.  Will cause it to be slower shutting down. Unless they actually use it you should uninstall Windows Live Essentials.  I assume there is a newer version out there that doesn't have this problem so look for it if it's something they use.
     
     

    Are you having any other problems?


    • 0

    #10
    anseladams

    anseladams

      Member

    • Topic Starter
    • Member
    • PipPip
    • 11 posts

    I can't thank you enough RKinner - -

     

    * I changed the Startup Type on Windows Driver Foundation - User-mode Driver Framework from Manual to Automatic.

    * Downloaded & ran Microsoft Fix It 50688

    * Windows Live Essentials 2011 has been uninstalled (parents don't use it)

     

    PC running good now.  What about those desktop.ini files (still showing on desktop).  How do I hide them?


    • 0

    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,999 posts
    • MVP
    Time to clean up.  Make sure you install Cryptoprevent (in bold).  Consider putting it on any PC you control.  This will hopefully prevent a reinfection.
     
     Copy the following:
     
     
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
     
    
    Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
     
    That will get the last of the malware off the system.
     
     
     
    You can uninstall or delete any tools we had you download and their logs. 
     
    If we ran Combofix:To uninstall combofix, copy the next line:
     
    "c:\users\Thackers\Desktop\ComboFix.exe" /Uninstall
     
    Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
    then right click, Paste, then hit Enter.
     
     
     
    OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
     
    To hide hidden files again:
     
    Vista or Win7
     
    # Open the Control Panel menu and click Folder Options.
    # After the new window appears select the View tab.
    # Remove the check in the  checkbox labeled Display the contents of system folders.
    # Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
    # Check the checkbox labeled Hide protected operating system files.
    # Press the Apply button and then the OK button and exit My Computer. 
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is the number one target of malware these days since Java has fallen out of favor.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
    To help keep your programs up-to-date you should download and run the UpdateChecker: 
    (You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
    If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
     Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
     
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while.
     
     
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     
    Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP