1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google links redirect, webpage keyword ad links

Discussion in 'Virus & Other Malware Removal' started by Jwgus00, Jan 12, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    Hello,
    As with many other people, when I do a google search and get results, my initial click takes me to some ads, then i can hit the back button and continue with my searching.
    Also, some webpages i visit have some keywords pick out as links to ads and the such.
    I will now post all the logs you require:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:07:45 PM, on 1/12/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb128?a=6OyvgGdRxk&i=26
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11112 bytes

    8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
    Run by dana at 19:46:42 on 2013-01-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.1822 [GMT -5:00]
    .
    AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\atieclxx.exe
    C:\Windows\System32\GFNEXSrv.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\explorer.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredibar.com/mb128?a=6OyvgGdRxk&i=26
    uDefault_Page_URL = hxxp://start.toshiba.com
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{058F0B54-81FA-48FE-AF9F-8089AC5CE4BE} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-1-30 204288]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-1-30 162824]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-1-30 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-1-30 126392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-1-30 115216]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-30 38096]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-30 413800]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-30 1142376]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-1-30 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 EraserUtilDrv11122;EraserUtilDrv11122;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-5-3 138360]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-4 138360]
    S3 ivusb;Initio Driver for USB Default Controller;C:\windows\System32\drivers\ivusb.sys [2010-7-28 29720]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-30 250984]
    S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-4 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-13 00:36:08 -------- d-----w- C:\Users\dana\AppData\Local\{46691CDF-FC01-4C8E-88FD-D71CF946D989}
    2013-01-13 00:23:59 388096 ----a-r- C:\Users\dana\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-13 00:23:59 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-01-11 02:48:44 68608 ----a-w- C:\windows\System32\taskhost.exe
    2013-01-10 03:07:52 -------- d-----w- C:\Program Files\iPod
    2013-01-10 03:07:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-10 03:07:51 -------- d-----w- C:\Program Files\iTunes
    2013-01-10 03:07:51 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-01-08 00:09:00 -------- d-----w- C:\Users\dana\AppData\Roaming\AVG
    2013-01-08 00:08:07 -------- d-----w- C:\ProgramData\AVG
    2013-01-08 00:08:01 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2013-01-07 22:58:07 -------- d-----w- C:\Users\dana\AppData\Roaming\AVG2013
    2013-01-07 22:56:51 -------- d-----w- C:\Users\dana\AppData\Roaming\TuneUp Software
    2013-01-07 22:55:58 -------- d--h--w- C:\$AVG
    2013-01-07 22:55:58 -------- d-----w- C:\ProgramData\AVG2013
    2013-01-07 22:38:17 -------- d-----w- C:\Users\dana\AppData\Local\MFAData
    2013-01-07 22:38:17 -------- d-----w- C:\Users\dana\AppData\Local\Avg2013
    2013-01-07 22:36:17 -------- d-----w- C:\Users\dana\AppData\Roaming\HTML Executable
    2013-01-05 02:05:05 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1783655-BCFB-4CDC-9940-31B62A29DBFF}\mpengine.dll
    2012-12-22 04:10:38 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-22 04:10:38 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-22 04:10:36 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-22 04:10:35 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-19 04:15:04 -------- d-----w- C:\9cb0c41f1c9dabff4eb7d42ba3
    .
    ==================== Find3M ====================
    .
    2013-01-10 04:12:21 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 04:12:21 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll
    2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll
    2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-10-22 18:02:44 154464 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
    2012-10-15 08:48:50 63328 ----a-w- C:\windows\System32\drivers\avgidsha.sys
    .
    ============= FINISH: 19:47:25.15 ===============

    8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/2/2012 11:34:12 AM
    System Uptime: 1/12/2013 7:02:40 PM (0 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | TKBSS
    Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | CPU 1 | 795/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 580 GiB total, 477.053 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP106: 12/13/2012 7:41:11 PM - Windows Update
    RP107: 12/18/2012 11:14:42 PM - Windows Update
    RP108: 12/19/2012 9:05:31 PM - Windows Update
    RP109: 12/21/2012 11:09:55 PM - Windows Update
    RP110: 12/25/2012 1:47:11 PM - Windows Update
    RP111: 12/29/2012 7:48:07 PM - Windows Update
    RP112: 1/2/2013 6:27:13 PM - Windows Update
    RP113: 1/7/2013 5:54:35 PM - Installed AVG 2013
    RP114: 1/7/2013 5:55:21 PM - Installed AVG 2013
    RP115: 1/7/2013 7:08:12 PM - Installed AVG PC TuneUp
    RP116: 1/7/2013 7:19:46 PM - Removed AVG PC TuneUp
    RP117: 1/7/2013 7:20:15 PM - Removed AVG PC TuneUp Language Pack (en-US)
    RP118: 1/7/2013 8:58:10 PM - Windows Update
    RP119: 1/11/2013 12:23:46 AM - Windows Update
    RP120: 1/12/2013 7:23:28 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X MUI
    AMD Catalyst Install Manager
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CBR Reader
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    D3DX10
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    HiJackThis
    iCloud
    iTunes
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 35
    Junk Mail filter update
    [email protected] 1.0
    McAfee Security Scan Plus
    Media Player Codec Pack 4.1.8
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Skype Click to Call
    Skype Launcher
    Skype™ 5.10
    Synaptics Pointing Device Driver
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBARegistration
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.11 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/9/2013 10:07:13 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    1/9/2013 10:06:13 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/9/2013 10:05:56 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/7/2013 6:58:08 PM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
    1/7/2013 5:15:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/7/2013 5:14:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/12/2013 7:03:58 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    .
    ==== End Of File ===========================

    8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-12 20:01:31
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK6475GSX rev.GT001M 596.17GB
    Running: wt4qhd5s.exe; Driver: C:\Users\dana\AppData\Local\Temp\kxldapow.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    ? C:\windows\system32\mssprxy.dll [216] entry point in ".rdata" section 000000006f4971e6
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0xae9628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0xae9668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0xae95a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0xae9528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0xae9728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0xae9768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0xae96e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0xae96a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0xae9468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0xae94a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0xae9428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0xae95e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0xae9568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0xae94e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0x194a28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0x194a68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0x1949a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0x194928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0x194b28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0x194b68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0x194ae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0x194aa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0x194868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0x1948a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0x194828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0x1949e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0x194968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0x1948e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0xe38628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0xe38668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0xe385a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0xe38528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0xe38728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0xe38768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0xe386e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0xe386a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0xe38468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0xe384a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0xe38428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0xe385e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0xe38568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0xe384e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0xc99628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0xc99668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0xc995a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0xc99528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0xc99728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0xc99768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0xc996e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0xc996a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0xc99468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0xc994a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0xc99428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0xc995e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0xc99568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0xc994e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0x789228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0x789268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0x7891a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0x789128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0x789328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0x789368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0x7892e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0x7892a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0x789068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0x7890a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0x789028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0x7891e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0x789168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0x7890e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8642750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8642b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8647de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8648130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8641908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8641c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef86481d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8642878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8647a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8646c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef86477bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8647064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8646544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8645e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:4036] 000007fef613cc10
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:4040] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5432] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5468] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5492] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5496] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5504] 000007fef610f718
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5516] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5520] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5524] 000007fef5ff143c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5760] 000007fef6636050
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:2828] 000007fef5ffb564
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4624:5192] 000007fefb9e2a7c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5556] 000007fef613cc10
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5560] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5648] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5652] 000007fef610f718
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5660] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5664] 000007fef6636050
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5876] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5880] 000007fefb9e2a7c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5892] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5896] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5900] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:6140] 000007fef5ff143c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5268] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5744] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5276] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:6120] 000000006db36c88
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:4340] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5632] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5988] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:2892] 000007fef5ffb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:3460] 000007fef5ffb564
    Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:5692] 0000000075807587
    Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:5700] 0000000067220cb3
    Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:4196] 0000000077bc2e25
    Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:5888] 0000000077bc3e45
    Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:5452] 0000000077bc3e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\PROGRA~2\AVG\AVG2013\avgrsa.exe [420] 000007feffbb0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [1152] 000000006b070000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2856] 000000006ad80000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732] 000007feff040000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4624] 000007feef630000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544] 000007feff040000

    ---- EOF - GMER 2.0 ----


    Thank you so much for the help
    Justin
     
  2. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    Bumpy bump thank you
     
  3. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    Bumply bump bump, bumply bump
     
  4. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    Bump
    Oh yeah, i should mention that chrome is my browser
     
  5. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
  6. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
  7. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
  8. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    Bump, Please help
     
  9. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    Bump please help
     
  10. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    Bump some help please, the problem persists.
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    does this happen in all browsers or only in chrome?


    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  12. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    TDSS found nothing

    The redirects only happen in chrome, internet explorer seems to be ok.

    22:22:24.0624 2184 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    22:22:25.0129 2184 ============================================================
    22:22:25.0129 2184 Current date / time: 2013/02/28 22:22:25.0129
    22:22:25.0130 2184 SystemInfo:
    22:22:25.0130 2184
    22:22:25.0130 2184 OS Version: 6.1.7601 ServicePack: 1.0
    22:22:25.0130 2184 Product type: Workstation
    22:22:25.0130 2184 ComputerName: DANA-PC
    22:22:25.0130 2184 UserName: dana
    22:22:25.0130 2184 Windows directory: C:\windows
    22:22:25.0130 2184 System windows directory: C:\windows
    22:22:25.0130 2184 Running under WOW64
    22:22:25.0130 2184 Processor architecture: Intel x64
    22:22:25.0130 2184 Number of processors: 4
    22:22:25.0130 2184 Page size: 0x1000
    22:22:25.0130 2184 Boot type: Normal boot
    22:22:25.0130 2184 ============================================================
    22:22:27.0282 2184 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:22:27.0287 2184 ============================================================
    22:22:27.0287 2184 \Device\Harddisk0\DR0:
    22:22:27.0287 2184 MBR partitions:
    22:22:27.0287 2184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x487EC000
    22:22:27.0287 2184 ============================================================
    22:22:27.0312 2184 C: <-> \Device\Harddisk0\DR0\Partition1
    22:22:27.0312 2184 ============================================================
    22:22:27.0312 2184 Initialize success
    22:22:27.0312 2184 ============================================================
    22:22:50.0049 4056 ============================================================
    22:22:50.0049 4056 Scan started
    22:22:50.0049 4056 Mode: Manual;
    22:22:50.0049 4056 ============================================================
    22:22:51.0848 4056 ================ Scan system memory ========================
    22:22:51.0848 4056 System memory - ok
    22:22:51.0849 4056 ================ Scan services =============================
    22:22:51.0986 4056 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    22:22:51.0992 4056 1394ohci - ok
    22:22:52.0018 4056 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    22:22:52.0025 4056 ACPI - ok
    22:22:52.0057 4056 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    22:22:52.0059 4056 AcpiPmi - ok
    22:22:52.0227 4056 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:22:52.0282 4056 AdobeFlashPlayerUpdateSvc - ok
    22:22:52.0420 4056 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
    22:22:52.0430 4056 adp94xx - ok
    22:22:52.0463 4056 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
    22:22:52.0471 4056 adpahci - ok
    22:22:52.0530 4056 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
    22:22:52.0535 4056 adpu320 - ok
    22:22:52.0580 4056 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    22:22:52.0583 4056 AeLookupSvc - ok
    22:22:52.0635 4056 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    22:22:52.0643 4056 AFD - ok
    22:22:52.0685 4056 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    22:22:52.0688 4056 agp440 - ok
    22:22:52.0736 4056 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    22:22:52.0739 4056 ALG - ok
    22:22:52.0766 4056 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    22:22:52.0768 4056 aliide - ok
    22:22:52.0828 4056 [ C08ADE825268D291AFE06EDA71415C7D ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
    22:22:52.0832 4056 AMD External Events Utility - ok
    22:22:52.0861 4056 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    22:22:52.0862 4056 amdide - ok
    22:22:52.0888 4056 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
    22:22:52.0890 4056 AmdK8 - ok
    22:22:53.0190 4056 [ F59A32A90C4F96189CD74473F7BE572B ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
    22:22:53.0399 4056 amdkmdag - ok
    22:22:53.0473 4056 [ 0327723D45A7BB7C1FE4835EB784AC61 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
    22:22:53.0476 4056 amdkmdap - ok
    22:22:53.0516 4056 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    22:22:53.0517 4056 AmdPPM - ok
    22:22:53.0543 4056 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    22:22:53.0546 4056 amdsata - ok
    22:22:53.0562 4056 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
    22:22:53.0565 4056 amdsbs - ok
    22:22:53.0579 4056 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    22:22:53.0579 4056 amdxata - ok
    22:22:53.0628 4056 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    22:22:53.0629 4056 AppID - ok
    22:22:53.0649 4056 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    22:22:53.0650 4056 AppIDSvc - ok
    22:22:53.0664 4056 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    22:22:53.0665 4056 Appinfo - ok
    22:22:53.0782 4056 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:22:53.0784 4056 Apple Mobile Device - ok
    22:22:53.0815 4056 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
    22:22:53.0817 4056 arc - ok
    22:22:53.0851 4056 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
    22:22:53.0854 4056 arcsas - ok
    22:22:53.0875 4056 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    22:22:53.0876 4056 AsyncMac - ok
    22:22:53.0896 4056 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    22:22:53.0896 4056 atapi - ok
    22:22:53.0951 4056 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
    22:22:53.0953 4056 AtiHDAudioService - ok
    22:22:54.0000 4056 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    22:22:54.0008 4056 AudioEndpointBuilder - ok
    22:22:54.0020 4056 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    22:22:54.0025 4056 AudioSrv - ok
    22:22:54.0047 4056 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    22:22:54.0049 4056 AxInstSV - ok
    22:22:54.0094 4056 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
    22:22:54.0100 4056 b06bdrv - ok
    22:22:54.0133 4056 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    22:22:54.0137 4056 b57nd60a - ok
    22:22:54.0167 4056 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    22:22:54.0169 4056 BDESVC - ok
    22:22:54.0200 4056 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    22:22:54.0200 4056 Beep - ok
    22:22:54.0287 4056 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
    22:22:54.0296 4056 BFE - ok
    22:22:54.0342 4056 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
    22:22:54.0353 4056 BITS - ok
    22:22:54.0376 4056 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    22:22:54.0377 4056 blbdrive - ok
    22:22:54.0465 4056 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:22:54.0475 4056 Bonjour Service - ok
    22:22:54.0511 4056 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    22:22:54.0513 4056 bowser - ok
    22:22:54.0543 4056 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
    22:22:54.0545 4056 BrFiltLo - ok
    22:22:54.0581 4056 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
    22:22:54.0582 4056 BrFiltUp - ok
    22:22:54.0623 4056 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    22:22:54.0626 4056 Browser - ok
    22:22:54.0650 4056 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    22:22:54.0654 4056 Brserid - ok
    22:22:54.0694 4056 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    22:22:54.0695 4056 BrSerWdm - ok
    22:22:54.0731 4056 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    22:22:54.0733 4056 BrUsbMdm - ok
    22:22:54.0760 4056 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    22:22:54.0761 4056 BrUsbSer - ok
    22:22:54.0781 4056 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
    22:22:54.0782 4056 BTHMODEM - ok
    22:22:54.0807 4056 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    22:22:54.0809 4056 bthserv - ok
    22:22:54.0824 4056 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    22:22:54.0826 4056 cdfs - ok
    22:22:54.0868 4056 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    22:22:54.0870 4056 cdrom - ok
    22:22:54.0897 4056 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    22:22:54.0899 4056 CertPropSvc - ok
    22:22:54.0921 4056 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
    22:22:54.0922 4056 circlass - ok
    22:22:54.0947 4056 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    22:22:54.0951 4056 CLFS - ok
    22:22:55.0023 4056 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:22:55.0024 4056 clr_optimization_v2.0.50727_32 - ok
    22:22:55.0064 4056 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:22:55.0066 4056 clr_optimization_v2.0.50727_64 - ok
    22:22:55.0136 4056 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:22:55.0140 4056 clr_optimization_v4.0.30319_32 - ok
    22:22:55.0163 4056 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:22:55.0166 4056 clr_optimization_v4.0.30319_64 - ok
    22:22:55.0198 4056 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    22:22:55.0199 4056 CmBatt - ok
    22:22:55.0214 4056 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    22:22:55.0215 4056 cmdide - ok
    22:22:55.0250 4056 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    22:22:55.0256 4056 CNG - ok
    22:22:55.0310 4056 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
    22:22:55.0311 4056 Compbatt - ok
    22:22:55.0333 4056 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
    22:22:55.0333 4056 CompositeBus - ok
    22:22:55.0341 4056 COMSysApp - ok
    22:22:55.0375 4056 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
    22:22:55.0376 4056 crcdisk - ok
    22:22:55.0413 4056 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
    22:22:55.0416 4056 CryptSvc - ok
    22:22:55.0497 4056 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    22:22:55.0503 4056 cvhsvc - ok
    22:22:55.0552 4056 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    22:22:55.0560 4056 DcomLaunch - ok
    22:22:55.0585 4056 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    22:22:55.0589 4056 defragsvc - ok
    22:22:55.0611 4056 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    22:22:55.0613 4056 DfsC - ok
    22:22:55.0645 4056 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    22:22:55.0649 4056 Dhcp - ok
    22:22:55.0676 4056 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    22:22:55.0676 4056 discache - ok
    22:22:55.0710 4056 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
    22:22:55.0711 4056 Disk - ok
    22:22:55.0756 4056 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    22:22:55.0758 4056 Dnscache - ok
    22:22:55.0774 4056 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    22:22:55.0778 4056 dot3svc - ok
    22:22:55.0793 4056 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    22:22:55.0796 4056 DPS - ok
    22:22:55.0840 4056 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    22:22:55.0841 4056 drmkaud - ok
    22:22:55.0878 4056 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    22:22:55.0885 4056 DXGKrnl - ok
    22:22:55.0937 4056 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    22:22:55.0939 4056 EapHost - ok
    22:22:55.0956 4056 easytether - ok
    22:22:56.0059 4056 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
    22:22:56.0098 4056 ebdrv - ok
    22:22:56.0190 4056 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    22:22:56.0197 4056 eeCtrl - ok
    22:22:56.0220 4056 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    22:22:56.0221 4056 EFS - ok
    22:22:56.0365 4056 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    22:22:56.0374 4056 ehRecvr - ok
    22:22:56.0415 4056 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    22:22:56.0417 4056 ehSched - ok
    22:22:56.0484 4056 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
    22:22:56.0490 4056 elxstor - ok
    22:22:56.0629 4056 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilDrv11122 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
    22:22:56.0632 4056 EraserUtilDrv11122 - ok
    22:22:56.0692 4056 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:22:56.0695 4056 EraserUtilRebootDrv - ok
    22:22:56.0711 4056 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    22:22:56.0712 4056 ErrDev - ok
    22:22:56.0762 4056 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    22:22:56.0767 4056 EventSystem - ok
    22:22:56.0787 4056 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    22:22:56.0789 4056 exfat - ok
    22:22:56.0812 4056 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    22:22:56.0815 4056 fastfat - ok
    22:22:56.0852 4056 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    22:22:56.0861 4056 Fax - ok
    22:22:56.0891 4056 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
    22:22:56.0892 4056 fdc - ok
    22:22:56.0936 4056 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    22:22:56.0938 4056 fdPHost - ok
    22:22:56.0952 4056 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    22:22:56.0954 4056 FDResPub - ok
    22:22:56.0966 4056 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    22:22:56.0967 4056 FileInfo - ok
    22:22:56.0987 4056 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    22:22:56.0988 4056 Filetrace - ok
    22:22:57.0008 4056 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
    22:22:57.0009 4056 flpydisk - ok
    22:22:57.0026 4056 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    22:22:57.0030 4056 FltMgr - ok
    22:22:57.0116 4056 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
    22:22:57.0135 4056 FontCache - ok
    22:22:57.0185 4056 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:22:57.0186 4056 FontCache3.0.0.0 - ok
    22:22:57.0202 4056 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    22:22:57.0204 4056 FsDepends - ok
    22:22:57.0231 4056 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    22:22:57.0232 4056 Fs_Rec - ok
    22:22:57.0273 4056 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    22:22:57.0276 4056 fvevol - ok
    22:22:57.0306 4056 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
    22:22:57.0308 4056 gagp30kx - ok
    22:22:57.0350 4056 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    22:22:57.0351 4056 GEARAspiWDM - ok
    22:22:57.0460 4056 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
    22:22:57.0464 4056 GFNEXSrv - ok
    22:22:57.0501 4056 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    22:22:57.0514 4056 gpsvc - ok
    22:22:57.0568 4056 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:22:57.0570 4056 gupdate - ok
    22:22:57.0575 4056 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:22:57.0577 4056 gupdatem - ok
    22:22:57.0605 4056 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    22:22:57.0606 4056 hcw85cir - ok
    22:22:57.0637 4056 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    22:22:57.0642 4056 HdAudAddService - ok
    22:22:57.0677 4056 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
    22:22:57.0678 4056 HDAudBus - ok
    22:22:57.0693 4056 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
    22:22:57.0694 4056 HidBatt - ok
    22:22:57.0712 4056 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
    22:22:57.0714 4056 HidBth - ok
    22:22:57.0752 4056 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
    22:22:57.0755 4056 HidIr - ok
    22:22:57.0789 4056 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    22:22:57.0791 4056 hidserv - ok
    22:22:57.0825 4056 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
    22:22:57.0826 4056 HidUsb - ok
    22:22:57.0853 4056 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    22:22:57.0855 4056 hkmsvc - ok
    22:22:57.0873 4056 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    22:22:57.0877 4056 HomeGroupListener - ok
    22:22:57.0910 4056 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    22:22:57.0913 4056 HomeGroupProvider - ok
    22:22:57.0978 4056 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    22:22:57.0979 4056 HpSAMD - ok
    22:22:58.0018 4056 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    22:22:58.0027 4056 HTTP - ok
    22:22:58.0036 4056 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    22:22:58.0037 4056 hwpolicy - ok
    22:22:58.0081 4056 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    22:22:58.0083 4056 i8042prt - ok
    22:22:58.0127 4056 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    22:22:58.0133 4056 iaStorV - ok
    22:22:58.0187 4056 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:22:58.0203 4056 idsvc - ok
    22:22:58.0220 4056 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
    22:22:58.0222 4056 iirsp - ok
    22:22:58.0289 4056 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    22:22:58.0299 4056 IKEEXT - ok
    22:22:58.0401 4056 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    22:22:58.0425 4056 IntcAzAudAddService - ok
    22:22:58.0444 4056 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    22:22:58.0446 4056 intelide - ok
    22:22:58.0474 4056 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
    22:22:58.0475 4056 intelppm - ok
    22:22:58.0508 4056 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    22:22:58.0510 4056 IPBusEnum - ok
    22:22:58.0524 4056 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    22:22:58.0526 4056 IpFilterDriver - ok
    22:22:58.0570 4056 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    22:22:58.0577 4056 iphlpsvc - ok
    22:22:58.0599 4056 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    22:22:58.0601 4056 IPMIDRV - ok
    22:22:58.0620 4056 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    22:22:58.0622 4056 IPNAT - ok
    22:22:58.0683 4056 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:22:58.0691 4056 iPod Service - ok
    22:22:58.0724 4056 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    22:22:58.0725 4056 IRENUM - ok
    22:22:58.0747 4056 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    22:22:58.0749 4056 isapnp - ok
    22:22:58.0769 4056 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    22:22:58.0773 4056 iScsiPrt - ok
    22:22:58.0818 4056 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\windows\system32\DRIVERS\ivusb.sys
    22:22:58.0819 4056 ivusb - ok
    22:22:58.0852 4056 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    22:22:58.0853 4056 kbdclass - ok
    22:22:58.0887 4056 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    22:22:58.0888 4056 kbdhid - ok
    22:22:58.0909 4056 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    22:22:58.0910 4056 KeyIso - ok
    22:22:58.0934 4056 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    22:22:58.0935 4056 KSecDD - ok
    22:22:58.0958 4056 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    22:22:58.0960 4056 KSecPkg - ok
    22:22:58.0994 4056 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    22:22:58.0995 4056 ksthunk - ok
    22:22:59.0032 4056 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    22:22:59.0038 4056 KtmRm - ok
    22:22:59.0092 4056 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    22:22:59.0097 4056 LanmanServer - ok
    22:22:59.0118 4056 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    22:22:59.0121 4056 LanmanWorkstation - ok
    22:22:59.0492 4056 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    22:22:59.0669 4056 LeapFrog Connect Device Service - ok
    22:22:59.0701 4056 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    22:22:59.0703 4056 lltdio - ok
    22:22:59.0729 4056 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    22:22:59.0734 4056 lltdsvc - ok
    22:22:59.0749 4056 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    22:22:59.0751 4056 lmhosts - ok
    22:22:59.0780 4056 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
    22:22:59.0782 4056 LSI_FC - ok
    22:22:59.0798 4056 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
    22:22:59.0800 4056 LSI_SAS - ok
    22:22:59.0811 4056 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
    22:22:59.0813 4056 LSI_SAS2 - ok
    22:22:59.0827 4056 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
    22:22:59.0829 4056 LSI_SCSI - ok
    22:22:59.0846 4056 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    22:22:59.0848 4056 luafv - ok
    22:22:59.0924 4056 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    22:22:59.0930 4056 McComponentHostService - ok
    22:22:59.0967 4056 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    22:22:59.0970 4056 Mcx2Svc - ok
    22:23:00.0002 4056 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
    22:23:00.0004 4056 megasas - ok
    22:23:00.0033 4056 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
    22:23:00.0037 4056 MegaSR - ok
    22:23:00.0053 4056 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    22:23:00.0055 4056 MMCSS - ok
    22:23:00.0074 4056 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    22:23:00.0075 4056 Modem - ok
    22:23:00.0104 4056 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    22:23:00.0104 4056 monitor - ok
    22:23:00.0150 4056 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    22:23:00.0150 4056 mouclass - ok
    22:23:00.0170 4056 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
    22:23:00.0171 4056 mouhid - ok
    22:23:00.0191 4056 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    22:23:00.0192 4056 mountmgr - ok
    22:23:00.0206 4056 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    22:23:00.0209 4056 mpio - ok
    22:23:00.0240 4056 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    22:23:00.0242 4056 mpsdrv - ok
    22:23:00.0283 4056 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
    22:23:00.0294 4056 MpsSvc - ok
    22:23:00.0325 4056 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    22:23:00.0327 4056 MRxDAV - ok
    22:23:00.0342 4056 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    22:23:00.0345 4056 mrxsmb - ok
    22:23:00.0374 4056 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    22:23:00.0377 4056 mrxsmb10 - ok
    22:23:00.0395 4056 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    22:23:00.0397 4056 mrxsmb20 - ok
    22:23:00.0414 4056 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
    22:23:00.0414 4056 msahci - ok
    22:23:00.0439 4056 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    22:23:00.0442 4056 msdsm - ok
    22:23:00.0463 4056 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    22:23:00.0467 4056 MSDTC - ok
    22:23:00.0485 4056 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    22:23:00.0486 4056 Msfs - ok
    22:23:00.0512 4056 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    22:23:00.0512 4056 mshidkmdf - ok
    22:23:00.0527 4056 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    22:23:00.0528 4056 msisadrv - ok
    22:23:00.0565 4056 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    22:23:00.0568 4056 MSiSCSI - ok
    22:23:00.0574 4056 msiserver - ok
    22:23:00.0600 4056 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    22:23:00.0601 4056 MSKSSRV - ok
    22:23:00.0622 4056 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    22:23:00.0623 4056 MSPCLOCK - ok
    22:23:00.0643 4056 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    22:23:00.0644 4056 MSPQM - ok
    22:23:00.0665 4056 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    22:23:00.0669 4056 MsRPC - ok
    22:23:00.0688 4056 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
    22:23:00.0688 4056 mssmbios - ok
    22:23:00.0710 4056 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    22:23:00.0711 4056 MSTEE - ok
    22:23:00.0722 4056 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
    22:23:00.0723 4056 MTConfig - ok
    22:23:00.0743 4056 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    22:23:00.0744 4056 Mup - ok
    22:23:00.0803 4056 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    22:23:00.0815 4056 napagent - ok
    22:23:00.0863 4056 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    22:23:00.0868 4056 NativeWifiP - ok
    22:23:00.0925 4056 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
    22:23:00.0940 4056 NDIS - ok
    22:23:00.0974 4056 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    22:23:00.0975 4056 NdisCap - ok
    22:23:00.0996 4056 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    22:23:00.0997 4056 NdisTapi - ok
    22:23:01.0020 4056 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    22:23:01.0021 4056 Ndisuio - ok
    22:23:01.0038 4056 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    22:23:01.0042 4056 NdisWan - ok
    22:23:01.0056 4056 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    22:23:01.0057 4056 NDProxy - ok
    22:23:01.0094 4056 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    22:23:01.0095 4056 NetBIOS - ok
    22:23:01.0115 4056 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    22:23:01.0118 4056 NetBT - ok
    22:23:01.0131 4056 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    22:23:01.0132 4056 Netlogon - ok
    22:23:01.0158 4056 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    22:23:01.0164 4056 Netman - ok
    22:23:01.0193 4056 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    22:23:01.0200 4056 netprofm - ok
    22:23:01.0225 4056 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:23:01.0227 4056 NetTcpPortSharing - ok
    22:23:01.0265 4056 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
    22:23:01.0266 4056 nfrd960 - ok
    22:23:01.0295 4056 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
    22:23:01.0299 4056 NlaSvc - ok
    22:23:01.0337 4056 Norton PC Checkup Application Launcher - ok
    22:23:01.0352 4056 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    22:23:01.0353 4056 Npfs - ok
    22:23:01.0398 4056 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    22:23:01.0399 4056 nsi - ok
    22:23:01.0416 4056 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    22:23:01.0417 4056 nsiproxy - ok
    22:23:01.0529 4056 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    22:23:01.0549 4056 Ntfs - ok
    22:23:01.0584 4056 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    22:23:01.0585 4056 Null - ok
    22:23:01.0610 4056 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    22:23:01.0613 4056 nvraid - ok
    22:23:01.0634 4056 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    22:23:01.0637 4056 nvstor - ok
    22:23:01.0647 4056 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    22:23:01.0649 4056 nv_agp - ok
    22:23:01.0664 4056 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    22:23:01.0666 4056 ohci1394 - ok
    22:23:01.0710 4056 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:23:01.0712 4056 ose - ok
    22:23:01.0903 4056 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:23:02.0034 4056 osppsvc - ok
    22:23:02.0075 4056 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    22:23:02.0080 4056 p2pimsvc - ok
    22:23:02.0101 4056 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    22:23:02.0107 4056 p2psvc - ok
    22:23:02.0141 4056 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
    22:23:02.0143 4056 Parport - ok
    22:23:02.0167 4056 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    22:23:02.0168 4056 partmgr - ok
    22:23:02.0193 4056 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    22:23:02.0196 4056 PcaSvc - ok
    22:23:02.0219 4056 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    22:23:02.0220 4056 PCCUJobMgr - ok
    22:23:02.0244 4056 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    22:23:02.0246 4056 pci - ok
    22:23:02.0264 4056 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
    22:23:02.0264 4056 pciide - ok
    22:23:02.0285 4056 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
    22:23:02.0288 4056 pcmcia - ok
    22:23:02.0312 4056 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    22:23:02.0313 4056 pcw - ok
    22:23:02.0340 4056 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    22:23:02.0348 4056 PEAUTH - ok
    22:23:02.0415 4056 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    22:23:02.0417 4056 PerfHost - ok
    22:23:02.0535 4056 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    22:23:02.0536 4056 PGEffect - ok
    22:23:02.0775 4056 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    22:23:02.0795 4056 pla - ok
    22:23:02.0850 4056 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    22:23:02.0857 4056 PlugPlay - ok
    22:23:02.0879 4056 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    22:23:02.0881 4056 PNRPAutoReg - ok
    22:23:02.0897 4056 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    22:23:02.0901 4056 PNRPsvc - ok
    22:23:02.0931 4056 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    22:23:02.0937 4056 PolicyAgent - ok
    22:23:02.0955 4056 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    22:23:02.0958 4056 Power - ok
    22:23:02.0998 4056 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    22:23:03.0000 4056 PptpMiniport - ok
    22:23:03.0033 4056 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
    22:23:03.0035 4056 Processor - ok
    22:23:03.0063 4056 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    22:23:03.0067 4056 ProfSvc - ok
    22:23:03.0086 4056 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    22:23:03.0088 4056 ProtectedStorage - ok
    22:23:03.0121 4056 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    22:23:03.0123 4056 Psched - ok
    22:23:03.0182 4056 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
    22:23:03.0200 4056 ql2300 - ok
    22:23:03.0228 4056 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
    22:23:03.0231 4056 ql40xx - ok
    22:23:03.0263 4056 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    22:23:03.0268 4056 QWAVE - ok
    22:23:03.0321 4056 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    22:23:03.0322 4056 QWAVEdrv - ok
    22:23:03.0338 4056 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    22:23:03.0339 4056 RasAcd - ok
    22:23:03.0380 4056 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    22:23:03.0381 4056 RasAgileVpn - ok
    22:23:03.0403 4056 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    22:23:03.0406 4056 RasAuto - ok
    22:23:03.0423 4056 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    22:23:03.0425 4056 Rasl2tp - ok
    22:23:03.0444 4056 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    22:23:03.0450 4056 RasMan - ok
    22:23:03.0482 4056 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    22:23:03.0484 4056 RasPppoe - ok
    22:23:03.0491 4056 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    22:23:03.0493 4056 RasSstp - ok
    22:23:03.0519 4056 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    22:23:03.0523 4056 rdbss - ok
    22:23:03.0542 4056 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
    22:23:03.0543 4056 rdpbus - ok
    22:23:03.0560 4056 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    22:23:03.0561 4056 RDPCDD - ok
    22:23:03.0577 4056 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    22:23:03.0577 4056 RDPENCDD - ok
    22:23:03.0592 4056 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    22:23:03.0592 4056 RDPREFMP - ok
    22:23:03.0626 4056 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    22:23:03.0629 4056 RDPWD - ok
    22:23:03.0670 4056 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    22:23:03.0672 4056 rdyboost - ok
    22:23:03.0694 4056 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    22:23:03.0697 4056 RemoteAccess - ok
    22:23:03.0729 4056 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    22:23:03.0732 4056 RemoteRegistry - ok
    22:23:03.0746 4056 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    22:23:03.0749 4056 RpcEptMapper - ok
    22:23:03.0775 4056 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    22:23:03.0776 4056 RpcLocator - ok
    22:23:03.0796 4056 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    22:23:03.0802 4056 RpcSs - ok
    22:23:03.0837 4056 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    22:23:03.0839 4056 rspndr - ok
    22:23:03.0883 4056 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    22:23:03.0886 4056 RSUSBSTOR - ok
    22:23:03.0912 4056 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    22:23:03.0915 4056 RTL8167 - ok
    22:23:03.0999 4056 [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
    22:23:04.0008 4056 RTL8192Ce - ok
    22:23:04.0020 4056 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    22:23:04.0021 4056 SamSs - ok
    22:23:04.0054 4056 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    22:23:04.0056 4056 sbp2port - ok
    22:23:04.0084 4056 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    22:23:04.0088 4056 SCardSvr - ok
    22:23:04.0108 4056 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    22:23:04.0109 4056 scfilter - ok
    22:23:04.0145 4056 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    22:23:04.0160 4056 Schedule - ok
    22:23:04.0186 4056 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    22:23:04.0187 4056 SCPolicySvc - ok
    22:23:04.0225 4056 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    22:23:04.0229 4056 SDRSVC - ok
    22:23:04.0255 4056 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    22:23:04.0256 4056 secdrv - ok
    22:23:04.0271 4056 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    22:23:04.0273 4056 seclogon - ok
    22:23:04.0286 4056 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    22:23:04.0289 4056 SENS - ok
    22:23:04.0318 4056 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    22:23:04.0321 4056 SensrSvc - ok
    22:23:04.0333 4056 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
    22:23:04.0335 4056 Serenum - ok
    22:23:04.0369 4056 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
    22:23:04.0372 4056 Serial - ok
    22:23:04.0403 4056 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
    22:23:04.0405 4056 sermouse - ok
    22:23:04.0445 4056 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    22:23:04.0448 4056 SessionEnv - ok
    22:23:04.0460 4056 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    22:23:04.0462 4056 sffdisk - ok
    22:23:04.0470 4056 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    22:23:04.0471 4056 sffp_mmc - ok
    22:23:04.0489 4056 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    22:23:04.0490 4056 sffp_sd - ok
    22:23:04.0517 4056 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
    22:23:04.0518 4056 sfloppy - ok
    22:23:04.0560 4056 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
    22:23:04.0567 4056 Sftfs - ok
    22:23:04.0646 4056 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    22:23:04.0653 4056 sftlist - ok
    22:23:04.0764 4056 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
    22:23:04.0767 4056 Sftplay - ok
    22:23:04.0788 4056 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
    22:23:04.0789 4056 Sftredir - ok
    22:23:04.0817 4056 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
    22:23:04.0818 4056 Sftvol - ok
    22:23:04.0855 4056 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    22:23:04.0857 4056 sftvsa - ok
    22:23:04.0888 4056 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
    22:23:04.0893 4056 SharedAccess - ok
    22:23:04.0926 4056 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    22:23:04.0932 4056 ShellHWDetection - ok
    22:23:04.0956 4056 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
    22:23:04.0958 4056 SiSRaid2 - ok
    22:23:04.0989 4056 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
    22:23:04.0990 4056 SiSRaid4 - ok
    22:23:05.0132 4056 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    22:23:05.0157 4056 Skype C2C Service - ok
    22:23:05.0211 4056 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:23:05.0213 4056 SkypeUpdate - ok
    22:23:05.0239 4056 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    22:23:05.0241 4056 Smb - ok
    22:23:05.0302 4056 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    22:23:05.0304 4056 SNMPTRAP - ok
    22:23:05.0336 4056 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    22:23:05.0336 4056 spldr - ok
    22:23:05.0387 4056 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    22:23:05.0396 4056 Spooler - ok
    22:23:05.0497 4056 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    22:23:05.0525 4056 sppsvc - ok
    22:23:05.0568 4056 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    22:23:05.0571 4056 sppuinotify - ok
    22:23:05.0603 4056 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    22:23:05.0609 4056 srv - ok
    22:23:05.0630 4056 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    22:23:05.0635 4056 srv2 - ok
    22:23:05.0656 4056 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    22:23:05.0658 4056 srvnet - ok
    22:23:05.0690 4056 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    22:23:05.0694 4056 SSDPSRV - ok
    22:23:05.0715 4056 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    22:23:05.0718 4056 SstpSvc - ok
    22:23:05.0745 4056 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
    22:23:05.0747 4056 stexstor - ok
    22:23:05.0784 4056 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    22:23:05.0792 4056 stisvc - ok
    22:23:05.0809 4056 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
    22:23:05.0810 4056 swenum - ok
    22:23:05.0834 4056 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    22:23:05.0842 4056 swprv - ok
    22:23:05.0903 4056 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    22:23:05.0913 4056 SynTP - ok
    22:23:05.0974 4056 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    22:23:05.0996 4056 SysMain - ok
    22:23:06.0014 4056 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    22:23:06.0017 4056 TabletInputService - ok
    22:23:06.0036 4056 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    22:23:06.0041 4056 TapiSrv - ok
    22:23:06.0063 4056 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    22:23:06.0065 4056 TBS - ok
    22:23:06.0128 4056 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    22:23:06.0151 4056 Tcpip - ok
    22:23:06.0183 4056 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    22:23:06.0197 4056 TCPIP6 - ok
    22:23:06.0229 4056 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    22:23:06.0230 4056 tcpipreg - ok
    22:23:06.0264 4056 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    22:23:06.0265 4056 tdcmdpst - ok
    22:23:06.0304 4056 TDEIO - ok
    22:23:06.0328 4056 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    22:23:06.0329 4056 TDPIPE - ok
    22:23:06.0358 4056 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    22:23:06.0360 4056 TDTCP - ok
    22:23:06.0382 4056 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    22:23:06.0384 4056 tdx - ok
    22:23:06.0401 4056 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
    22:23:06.0402 4056 TermDD - ok
    22:23:06.0446 4056 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    22:23:06.0456 4056 TermService - ok
    22:23:06.0468 4056 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    22:23:06.0471 4056 Themes - ok
    22:23:06.0487 4056 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    22:23:06.0488 4056 THREADORDER - ok
    22:23:06.0552 4056 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    22:23:06.0553 4056 TMachInfo - ok
    22:23:06.0588 4056 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
    22:23:06.0591 4056 TODDSrv - ok
    22:23:06.0672 4056 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    22:23:06.0683 4056 TosCoSrv - ok
    22:23:06.0729 4056 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    22:23:06.0732 4056 TOSHIBA eco Utility Service - ok
    22:23:06.0823 4056 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    22:23:06.0826 4056 TOSHIBA HDD SSD Alert Service - ok
    22:23:06.0880 4056 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    22:23:06.0895 4056 TPCHSrv - ok
    22:23:06.0920 4056 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    22:23:06.0923 4056 TrkWks - ok
    22:23:06.0968 4056 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    22:23:06.0972 4056 TrustedInstaller - ok
    22:23:07.0000 4056 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    22:23:07.0001 4056 tssecsrv - ok
    22:23:07.0035 4056 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    22:23:07.0037 4056 TsUsbFlt - ok
    22:23:07.0061 4056 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
    22:23:07.0062 4056 TsUsbGD - ok
    22:23:07.0094 4056 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    22:23:07.0096 4056 tunnel - ok
    22:23:07.0131 4056 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    22:23:07.0131 4056 TVALZ - ok
    22:23:07.0148 4056 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    22:23:07.0148 4056 TVALZFL - ok
    22:23:07.0172 4056 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
    22:23:07.0174 4056 uagp35 - ok
    22:23:07.0196 4056 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    22:23:07.0201 4056 udfs - ok
    22:23:07.0238 4056 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    22:23:07.0241 4056 UI0Detect - ok
    22:23:07.0257 4056 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    22:23:07.0259 4056 uliagpkx - ok
    22:23:07.0291 4056 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
    22:23:07.0292 4056 umbus - ok
    22:23:07.0363 4056 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    22:23:07.0364 4056 UmPass - ok
    22:23:07.0389 4056 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    22:23:07.0395 4056 upnphost - ok
    22:23:07.0418 4056 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    22:23:07.0420 4056 USBAAPL64 - ok
    22:23:07.0435 4056 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    22:23:07.0437 4056 usbccgp - ok
    22:23:07.0458 4056 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    22:23:07.0460 4056 usbcir - ok
    22:23:07.0491 4056 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
    22:23:07.0492 4056 usbehci - ok
    22:23:07.0527 4056 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    22:23:07.0531 4056 usbhub - ok
    22:23:07.0548 4056 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
    22:23:07.0549 4056 usbohci - ok
    22:23:07.0564 4056 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
    22:23:07.0565 4056 usbprint - ok
    22:23:07.0587 4056 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    22:23:07.0589 4056 USBSTOR - ok
    22:23:07.0608 4056 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    22:23:07.0610 4056 usbuhci - ok
    22:23:07.0636 4056 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
    22:23:07.0638 4056 usbvideo - ok
    22:23:07.0664 4056 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    22:23:07.0666 4056 UxSms - ok
    22:23:07.0675 4056 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    22:23:07.0677 4056 VaultSvc - ok
    22:23:07.0694 4056 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    22:23:07.0695 4056 vdrvroot - ok
    22:23:07.0714 4056 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    22:23:07.0722 4056 vds - ok
    22:23:07.0797 4056 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    22:23:07.0847 4056 vga - ok
    22:23:07.0877 4056 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    22:23:07.0933 4056 VgaSave - ok
    22:23:08.0052 4056 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    22:23:08.0057 4056 vhdmp - ok
    22:23:08.0078 4056 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    22:23:08.0080 4056 viaide - ok
    22:23:08.0097 4056 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    22:23:08.0099 4056 volmgr - ok
    22:23:08.0116 4056 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    22:23:08.0120 4056 volmgrx - ok
    22:23:08.0148 4056 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
    22:23:08.0151 4056 volsnap - ok
    22:23:08.0180 4056 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
    22:23:08.0183 4056 vsmraid - ok
    22:23:08.0252 4056 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    22:23:08.0272 4056 VSS - ok
    22:23:08.0302 4056 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    22:23:08.0303 4056 vwifibus - ok
    22:23:08.0330 4056 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    22:23:08.0332 4056 vwififlt - ok
    22:23:08.0357 4056 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    22:23:08.0364 4056 W32Time - ok
    22:23:08.0405 4056 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
    22:23:08.0406 4056 WacomPen - ok
    22:23:08.0436 4056 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    22:23:08.0438 4056 WANARP - ok
    22:23:08.0442 4056 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    22:23:08.0444 4056 Wanarpv6 - ok
    22:23:08.0509 4056 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    22:23:08.0525 4056 WatAdminSvc - ok
    22:23:08.0589 4056 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    22:23:08.0609 4056 wbengine - ok
    22:23:08.0630 4056 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    22:23:08.0634 4056 WbioSrvc - ok
    22:23:08.0659 4056 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    22:23:08.0665 4056 wcncsvc - ok
    22:23:08.0686 4056 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    22:23:08.0688 4056 WcsPlugInService - ok
    22:23:08.0720 4056 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
    22:23:08.0721 4056 Wd - ok
    22:23:08.0769 4056 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    22:23:08.0778 4056 Wdf01000 - ok
    22:23:08.0801 4056 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    22:23:08.0804 4056 WdiServiceHost - ok
    22:23:08.0809 4056 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    22:23:08.0812 4056 WdiSystemHost - ok
    22:23:08.0834 4056 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    22:23:08.0839 4056 WebClient - ok
    22:23:08.0859 4056 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    22:23:08.0864 4056 Wecsvc - ok
    22:23:08.0870 4056 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    22:23:08.0874 4056 wercplsupport - ok
    22:23:08.0893 4056 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    22:23:08.0896 4056 WerSvc - ok
    22:23:08.0931 4056 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    22:23:08.0932 4056 WfpLwf - ok
    22:23:08.0951 4056 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    22:23:08.0952 4056 WIMMount - ok
    22:23:08.0973 4056 WinDefend - ok
    22:23:08.0979 4056 WinHttpAutoProxySvc - ok
    22:23:09.0026 4056 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    22:23:09.0030 4056 Winmgmt - ok
    22:23:09.0096 4056 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    22:23:09.0121 4056 WinRM - ok
    22:23:09.0165 4056 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    22:23:09.0166 4056 WinUsb - ok
    22:23:09.0203 4056 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    22:23:09.0215 4056 Wlansvc - ok
    22:23:09.0277 4056 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:23:09.0280 4056 wlcrasvc - ok
    22:23:09.0455 4056 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:23:09.0481 4056 wlidsvc - ok
    22:23:09.0511 4056 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
    22:23:09.0512 4056 WmiAcpi - ok
    22:23:09.0550 4056 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    22:23:09.0554 4056 wmiApSrv - ok
    22:23:09.0589 4056 WMPNetworkSvc - ok
    22:23:09.0609 4056 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    22:23:09.0611 4056 WPCSvc - ok
    22:23:09.0625 4056 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    22:23:09.0629 4056 WPDBusEnum - ok
    22:23:09.0661 4056 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    22:23:09.0662 4056 ws2ifsl - ok
    22:23:09.0673 4056 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
    22:23:09.0677 4056 wscsvc - ok
    22:23:09.0682 4056 WSearch - ok
    22:23:09.0764 4056 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    22:23:09.0804 4056 wuauserv - ok
    22:23:09.0843 4056 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    22:23:09.0845 4056 WudfPf - ok
    22:23:09.0879 4056 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    22:23:09.0882 4056 WUDFRd - ok
    22:23:09.0914 4056 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    22:23:09.0917 4056 wudfsvc - ok
    22:23:09.0949 4056 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    22:23:09.0953 4056 WwanSvc - ok
    22:23:09.0989 4056 ================ Scan global ===============================
    22:23:10.0013 4056 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    22:23:10.0042 4056 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
    22:23:10.0052 4056 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
    22:23:10.0076 4056 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    22:23:10.0112 4056 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    22:23:10.0118 4056 [Global] - ok
    22:23:10.0119 4056 ================ Scan MBR ==================================
    22:23:10.0129 4056 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    22:23:10.0338 4056 \Device\Harddisk0\DR0 - ok
    22:23:10.0339 4056 ================ Scan VBR ==================================
    22:23:10.0355 4056 [ 233DAD61F305AE3EDD6B953204857F5F ] \Device\Harddisk0\DR0\Partition1
    22:23:10.0358 4056 \Device\Harddisk0\DR0\Partition1 - ok
    22:23:10.0358 4056 ============================================================
    22:23:10.0358 4056 Scan finished
    22:23:10.0358 4056 ============================================================
    22:23:10.0382 4752 Detected object count: 0
    22:23:10.0382 4752 Actual detected object count: 0
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  14. Jwgus00

    Jwgus00 Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    13
    # AdwCleaner v2.113 - Logfile created 03/01/2013 at 18:50:02
    # Updated 23/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : dana - DANA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\dana\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\user.js
    Folder Found : C:\Program Files (x86)\fbphotozoom
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\dana\AppData\Local\Temp\boost_interprocess
    Folder Found : C:\Users\dana\AppData\Local\Temp\incredibar.com

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
    Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Software
    Key Found : HKLM\SOFTWARE\Tarma Installer
    Key Found : HKU\S-1-5-21-4214067739-3292234976-1094395009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKU\S-1-5-21-4214067739-3292234976-1094395009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Google Chrome v25.0.1364.97

    File : C:\Users\dana\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3256 octets] - [01/03/2013 18:50:02]

    ########## EOF - C:\AdwCleaner[R1].txt - [3316 octets] ##########
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt
    I doubt that it will cure the problem in Chrome
    The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084930

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice