Google links redirect, webpage keyword ad links

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Jwgus00

Thread Starter
Joined
Jan 12, 2013
Messages
13
Hello,
As with many other people, when I do a google search and get results, my initial click takes me to some ads, then i can hit the back button and continue with my searching.
Also, some webpages i visit have some keywords pick out as links to ads and the such.
I will now post all the logs you require:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:45 PM, on 1/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb128?a=6OyvgGdRxk&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11112 bytes

8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by dana at 19:46:42 on 2013-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.1822 [GMT -5:00]
.
AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb128?a=6OyvgGdRxk&i=26
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{058F0B54-81FA-48FE-AF9F-8089AC5CE4BE} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-1-30 204288]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-1-30 162824]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-1-30 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-1-30 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-1-30 115216]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-30 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-30 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-30 1142376]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-1-30 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 EraserUtilDrv11122;EraserUtilDrv11122;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-5-3 138360]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-4 138360]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-30 250984]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-13 00:36:08 -------- d-----w- C:\Users\dana\AppData\Local\{46691CDF-FC01-4C8E-88FD-D71CF946D989}
2013-01-13 00:23:59 388096 ----a-r- C:\Users\dana\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-13 00:23:59 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-01-11 02:48:44 68608 ----a-w- C:\windows\System32\taskhost.exe
2013-01-10 03:07:52 -------- d-----w- C:\Program Files\iPod
2013-01-10 03:07:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-10 03:07:51 -------- d-----w- C:\Program Files\iTunes
2013-01-10 03:07:51 -------- d-----w- C:\Program Files (x86)\iTunes
2013-01-08 00:09:00 -------- d-----w- C:\Users\dana\AppData\Roaming\AVG
2013-01-08 00:08:07 -------- d-----w- C:\ProgramData\AVG
2013-01-08 00:08:01 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-07 22:58:07 -------- d-----w- C:\Users\dana\AppData\Roaming\AVG2013
2013-01-07 22:56:51 -------- d-----w- C:\Users\dana\AppData\Roaming\TuneUp Software
2013-01-07 22:55:58 -------- d--h--w- C:\$AVG
2013-01-07 22:55:58 -------- d-----w- C:\ProgramData\AVG2013
2013-01-07 22:38:17 -------- d-----w- C:\Users\dana\AppData\Local\MFAData
2013-01-07 22:38:17 -------- d-----w- C:\Users\dana\AppData\Local\Avg2013
2013-01-07 22:36:17 -------- d-----w- C:\Users\dana\AppData\Roaming\HTML Executable
2013-01-05 02:05:05 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1783655-BCFB-4CDC-9940-31B62A29DBFF}\mpengine.dll
2012-12-22 04:10:38 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-22 04:10:38 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-22 04:10:36 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-22 04:10:35 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-19 04:15:04 -------- d-----w- C:\9cb0c41f1c9dabff4eb7d42ba3
.
==================== Find3M ====================
.
2013-01-10 04:12:21 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 04:12:21 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-10-22 18:02:44 154464 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
2012-10-15 08:48:50 63328 ----a-w- C:\windows\System32\drivers\avgidsha.sys
.
============= FINISH: 19:47:25.15 ===============

8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/2/2012 11:34:12 AM
System Uptime: 1/12/2013 7:02:40 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | TKBSS
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | CPU 1 | 795/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 477.053 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP106: 12/13/2012 7:41:11 PM - Windows Update
RP107: 12/18/2012 11:14:42 PM - Windows Update
RP108: 12/19/2012 9:05:31 PM - Windows Update
RP109: 12/21/2012 11:09:55 PM - Windows Update
RP110: 12/25/2012 1:47:11 PM - Windows Update
RP111: 12/29/2012 7:48:07 PM - Windows Update
RP112: 1/2/2013 6:27:13 PM - Windows Update
RP113: 1/7/2013 5:54:35 PM - Installed AVG 2013
RP114: 1/7/2013 5:55:21 PM - Installed AVG 2013
RP115: 1/7/2013 7:08:12 PM - Installed AVG PC TuneUp
RP116: 1/7/2013 7:19:46 PM - Removed AVG PC TuneUp
RP117: 1/7/2013 7:20:15 PM - Removed AVG PC TuneUp Language Pack (en-US)
RP118: 1/7/2013 8:58:10 PM - Windows Update
RP119: 1/11/2013 12:23:46 AM - Windows Update
RP120: 1/12/2013 7:23:28 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CBR Reader
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
iCloud
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 35
Junk Mail filter update
[email protected] 1.0
McAfee Security Scan Plus
Media Player Codec Pack 4.1.8
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Skype Click to Call
Skype Launcher
Skype™ 5.10
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 10:07:13 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
1/9/2013 10:06:13 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/9/2013 10:05:56 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 6:58:08 PM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
1/7/2013 5:15:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/7/2013 5:14:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 5:13:17 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/12/2013 7:03:58 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================

8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-12 20:01:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK6475GSX rev.GT001M 596.17GB
Running: wt4qhd5s.exe; Driver: C:\Users\dana\AppData\Local\Temp\kxldapow.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1916] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4068] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3208] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4044] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
? C:\windows\system32\mssprxy.dll [216] entry point in ".rdata" section 000000006f4971e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0xae9628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0xae9668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0xae95a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0xae9528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0xae9728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0xae9768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0xae96e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0xae96a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0xae9468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0xae94a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0xae9428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0xae95e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0xae9568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0xae94e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3004] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0x194a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0x194a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0x1949a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0x194928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0x194b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0x194b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0x194ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0x194aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0x194868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0x1948a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0x194828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0x1949e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0x194968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0x1948e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0xe38628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0xe38668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0xe385a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0xe38528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0xe38728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0xe38768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0xe386e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0xe386a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0xe38468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0xe384a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0xe38428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0xe385e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0xe38568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0xe384e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0xc99628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0xc99668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0xc995a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0xc99528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0xc99728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0xc99768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0xc996e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0xc996a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0xc99468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0xc994a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0xc99428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0xc995e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0xc99568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0xc994e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0x789228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0x789268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0x7891a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0x789128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0x789328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0x789368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0x7892e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0x7892a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0x789068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0x7890a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0x789028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0x7891e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0x789168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0x7890e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075471401 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075471419 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075471431 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007547144a 2 bytes [47, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754714dd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754714f5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007547150d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075471525 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007547153d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075471555 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007547156d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075471585 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007547159d 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754715b5 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754715cd 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754716b2 2 bytes [47, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1416] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754716bd 2 bytes [47, 75]

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8642750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8642b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8647de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8648130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8641908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8641c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef86481d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8642878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8647a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8646c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef86477bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8647064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8646544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1464] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8645e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:4036] 000007fef613cc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:4040] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5432] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5468] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5492] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5496] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5504] 000007fef610f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5516] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5520] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5524] 000007fef5ff143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:5760] 000007fef6636050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732:2828] 000007fef5ffb564
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4624:5192] 000007fefb9e2a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5556] 000007fef613cc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5560] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5648] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5652] 000007fef610f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5660] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5664] 000007fef6636050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5876] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5880] 000007fefb9e2a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5892] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5896] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5900] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:6140] 000007fef5ff143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5268] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5744] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5276] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:6120] 000000006db36c88
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:4340] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5632] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:5988] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:2892] 000007fef5ffb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544:3460] 000007fef5ffb564
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:5692] 0000000075807587
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:5700] 0000000067220cb3
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:4196] 0000000077bc2e25
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:5888] 0000000077bc3e45
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4860:5452] 0000000077bc3e45
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\PROGRA~2\AVG\AVG2013\avgrsa.exe [420] 000007feffbb0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [1152] 000000006b070000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2856] 000000006ad80000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732] 000007feff040000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4624] 000007feef630000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5544] 000007feff040000

---- EOF - GMER 2.0 ----


Thank you so much for the help
Justin
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
does this happen in all browsers or only in chrome?


Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
 

Jwgus00

Thread Starter
Joined
Jan 12, 2013
Messages
13
TDSS found nothing

The redirects only happen in chrome, internet explorer seems to be ok.

22:22:24.0624 2184 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:22:25.0129 2184 ============================================================
22:22:25.0129 2184 Current date / time: 2013/02/28 22:22:25.0129
22:22:25.0130 2184 SystemInfo:
22:22:25.0130 2184
22:22:25.0130 2184 OS Version: 6.1.7601 ServicePack: 1.0
22:22:25.0130 2184 Product type: Workstation
22:22:25.0130 2184 ComputerName: DANA-PC
22:22:25.0130 2184 UserName: dana
22:22:25.0130 2184 Windows directory: C:\windows
22:22:25.0130 2184 System windows directory: C:\windows
22:22:25.0130 2184 Running under WOW64
22:22:25.0130 2184 Processor architecture: Intel x64
22:22:25.0130 2184 Number of processors: 4
22:22:25.0130 2184 Page size: 0x1000
22:22:25.0130 2184 Boot type: Normal boot
22:22:25.0130 2184 ============================================================
22:22:27.0282 2184 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:22:27.0287 2184 ============================================================
22:22:27.0287 2184 \Device\Harddisk0\DR0:
22:22:27.0287 2184 MBR partitions:
22:22:27.0287 2184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x487EC000
22:22:27.0287 2184 ============================================================
22:22:27.0312 2184 C: <-> \Device\Harddisk0\DR0\Partition1
22:22:27.0312 2184 ============================================================
22:22:27.0312 2184 Initialize success
22:22:27.0312 2184 ============================================================
22:22:50.0049 4056 ============================================================
22:22:50.0049 4056 Scan started
22:22:50.0049 4056 Mode: Manual;
22:22:50.0049 4056 ============================================================
22:22:51.0848 4056 ================ Scan system memory ========================
22:22:51.0848 4056 System memory - ok
22:22:51.0849 4056 ================ Scan services =============================
22:22:51.0986 4056 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:22:51.0992 4056 1394ohci - ok
22:22:52.0018 4056 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:22:52.0025 4056 ACPI - ok
22:22:52.0057 4056 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:22:52.0059 4056 AcpiPmi - ok
22:22:52.0227 4056 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:22:52.0282 4056 AdobeFlashPlayerUpdateSvc - ok
22:22:52.0420 4056 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
22:22:52.0430 4056 adp94xx - ok
22:22:52.0463 4056 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
22:22:52.0471 4056 adpahci - ok
22:22:52.0530 4056 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
22:22:52.0535 4056 adpu320 - ok
22:22:52.0580 4056 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:22:52.0583 4056 AeLookupSvc - ok
22:22:52.0635 4056 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:22:52.0643 4056 AFD - ok
22:22:52.0685 4056 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:22:52.0688 4056 agp440 - ok
22:22:52.0736 4056 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:22:52.0739 4056 ALG - ok
22:22:52.0766 4056 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:22:52.0768 4056 aliide - ok
22:22:52.0828 4056 [ C08ADE825268D291AFE06EDA71415C7D ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
22:22:52.0832 4056 AMD External Events Utility - ok
22:22:52.0861 4056 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:22:52.0862 4056 amdide - ok
22:22:52.0888 4056 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
22:22:52.0890 4056 AmdK8 - ok
22:22:53.0190 4056 [ F59A32A90C4F96189CD74473F7BE572B ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
22:22:53.0399 4056 amdkmdag - ok
22:22:53.0473 4056 [ 0327723D45A7BB7C1FE4835EB784AC61 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
22:22:53.0476 4056 amdkmdap - ok
22:22:53.0516 4056 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:22:53.0517 4056 AmdPPM - ok
22:22:53.0543 4056 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:22:53.0546 4056 amdsata - ok
22:22:53.0562 4056 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
22:22:53.0565 4056 amdsbs - ok
22:22:53.0579 4056 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:22:53.0579 4056 amdxata - ok
22:22:53.0628 4056 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:22:53.0629 4056 AppID - ok
22:22:53.0649 4056 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:22:53.0650 4056 AppIDSvc - ok
22:22:53.0664 4056 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
22:22:53.0665 4056 Appinfo - ok
22:22:53.0782 4056 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:22:53.0784 4056 Apple Mobile Device - ok
22:22:53.0815 4056 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
22:22:53.0817 4056 arc - ok
22:22:53.0851 4056 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
22:22:53.0854 4056 arcsas - ok
22:22:53.0875 4056 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:22:53.0876 4056 AsyncMac - ok
22:22:53.0896 4056 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:22:53.0896 4056 atapi - ok
22:22:53.0951 4056 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
22:22:53.0953 4056 AtiHDAudioService - ok
22:22:54.0000 4056 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:22:54.0008 4056 AudioEndpointBuilder - ok
22:22:54.0020 4056 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:22:54.0025 4056 AudioSrv - ok
22:22:54.0047 4056 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:22:54.0049 4056 AxInstSV - ok
22:22:54.0094 4056 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
22:22:54.0100 4056 b06bdrv - ok
22:22:54.0133 4056 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:22:54.0137 4056 b57nd60a - ok
22:22:54.0167 4056 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:22:54.0169 4056 BDESVC - ok
22:22:54.0200 4056 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:22:54.0200 4056 Beep - ok
22:22:54.0287 4056 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
22:22:54.0296 4056 BFE - ok
22:22:54.0342 4056 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
22:22:54.0353 4056 BITS - ok
22:22:54.0376 4056 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:22:54.0377 4056 blbdrive - ok
22:22:54.0465 4056 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:22:54.0475 4056 Bonjour Service - ok
22:22:54.0511 4056 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:22:54.0513 4056 bowser - ok
22:22:54.0543 4056 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
22:22:54.0545 4056 BrFiltLo - ok
22:22:54.0581 4056 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
22:22:54.0582 4056 BrFiltUp - ok
22:22:54.0623 4056 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:22:54.0626 4056 Browser - ok
22:22:54.0650 4056 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:22:54.0654 4056 Brserid - ok
22:22:54.0694 4056 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:22:54.0695 4056 BrSerWdm - ok
22:22:54.0731 4056 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:22:54.0733 4056 BrUsbMdm - ok
22:22:54.0760 4056 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:22:54.0761 4056 BrUsbSer - ok
22:22:54.0781 4056 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
22:22:54.0782 4056 BTHMODEM - ok
22:22:54.0807 4056 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:22:54.0809 4056 bthserv - ok
22:22:54.0824 4056 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:22:54.0826 4056 cdfs - ok
22:22:54.0868 4056 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:22:54.0870 4056 cdrom - ok
22:22:54.0897 4056 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:22:54.0899 4056 CertPropSvc - ok
22:22:54.0921 4056 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
22:22:54.0922 4056 circlass - ok
22:22:54.0947 4056 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:22:54.0951 4056 CLFS - ok
22:22:55.0023 4056 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:55.0024 4056 clr_optimization_v2.0.50727_32 - ok
22:22:55.0064 4056 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:22:55.0066 4056 clr_optimization_v2.0.50727_64 - ok
22:22:55.0136 4056 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:55.0140 4056 clr_optimization_v4.0.30319_32 - ok
22:22:55.0163 4056 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:22:55.0166 4056 clr_optimization_v4.0.30319_64 - ok
22:22:55.0198 4056 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:22:55.0199 4056 CmBatt - ok
22:22:55.0214 4056 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:22:55.0215 4056 cmdide - ok
22:22:55.0250 4056 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:22:55.0256 4056 CNG - ok
22:22:55.0310 4056 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
22:22:55.0311 4056 Compbatt - ok
22:22:55.0333 4056 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
22:22:55.0333 4056 CompositeBus - ok
22:22:55.0341 4056 COMSysApp - ok
22:22:55.0375 4056 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
22:22:55.0376 4056 crcdisk - ok
22:22:55.0413 4056 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
22:22:55.0416 4056 CryptSvc - ok
22:22:55.0497 4056 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:22:55.0503 4056 cvhsvc - ok
22:22:55.0552 4056 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:22:55.0560 4056 DcomLaunch - ok
22:22:55.0585 4056 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:22:55.0589 4056 defragsvc - ok
22:22:55.0611 4056 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:22:55.0613 4056 DfsC - ok
22:22:55.0645 4056 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:22:55.0649 4056 Dhcp - ok
22:22:55.0676 4056 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:22:55.0676 4056 discache - ok
22:22:55.0710 4056 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
22:22:55.0711 4056 Disk - ok
22:22:55.0756 4056 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:22:55.0758 4056 Dnscache - ok
22:22:55.0774 4056 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:22:55.0778 4056 dot3svc - ok
22:22:55.0793 4056 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:22:55.0796 4056 DPS - ok
22:22:55.0840 4056 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:22:55.0841 4056 drmkaud - ok
22:22:55.0878 4056 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:22:55.0885 4056 DXGKrnl - ok
22:22:55.0937 4056 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:22:55.0939 4056 EapHost - ok
22:22:55.0956 4056 easytether - ok
22:22:56.0059 4056 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
22:22:56.0098 4056 ebdrv - ok
22:22:56.0190 4056 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:22:56.0197 4056 eeCtrl - ok
22:22:56.0220 4056 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:22:56.0221 4056 EFS - ok
22:22:56.0365 4056 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:22:56.0374 4056 ehRecvr - ok
22:22:56.0415 4056 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:22:56.0417 4056 ehSched - ok
22:22:56.0484 4056 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
22:22:56.0490 4056 elxstor - ok
22:22:56.0629 4056 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilDrv11122 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
22:22:56.0632 4056 EraserUtilDrv11122 - ok
22:22:56.0692 4056 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:22:56.0695 4056 EraserUtilRebootDrv - ok
22:22:56.0711 4056 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:22:56.0712 4056 ErrDev - ok
22:22:56.0762 4056 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:22:56.0767 4056 EventSystem - ok
22:22:56.0787 4056 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:22:56.0789 4056 exfat - ok
22:22:56.0812 4056 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:22:56.0815 4056 fastfat - ok
22:22:56.0852 4056 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:22:56.0861 4056 Fax - ok
22:22:56.0891 4056 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
22:22:56.0892 4056 fdc - ok
22:22:56.0936 4056 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:22:56.0938 4056 fdPHost - ok
22:22:56.0952 4056 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
22:22:56.0954 4056 FDResPub - ok
22:22:56.0966 4056 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:22:56.0967 4056 FileInfo - ok
22:22:56.0987 4056 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:22:56.0988 4056 Filetrace - ok
22:22:57.0008 4056 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
22:22:57.0009 4056 flpydisk - ok
22:22:57.0026 4056 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:22:57.0030 4056 FltMgr - ok
22:22:57.0116 4056 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
22:22:57.0135 4056 FontCache - ok
22:22:57.0185 4056 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:22:57.0186 4056 FontCache3.0.0.0 - ok
22:22:57.0202 4056 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:22:57.0204 4056 FsDepends - ok
22:22:57.0231 4056 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:22:57.0232 4056 Fs_Rec - ok
22:22:57.0273 4056 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:22:57.0276 4056 fvevol - ok
22:22:57.0306 4056 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
22:22:57.0308 4056 gagp30kx - ok
22:22:57.0350 4056 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:22:57.0351 4056 GEARAspiWDM - ok
22:22:57.0460 4056 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
22:22:57.0464 4056 GFNEXSrv - ok
22:22:57.0501 4056 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:22:57.0514 4056 gpsvc - ok
22:22:57.0568 4056 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:22:57.0570 4056 gupdate - ok
22:22:57.0575 4056 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:22:57.0577 4056 gupdatem - ok
22:22:57.0605 4056 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:22:57.0606 4056 hcw85cir - ok
22:22:57.0637 4056 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:22:57.0642 4056 HdAudAddService - ok
22:22:57.0677 4056 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
22:22:57.0678 4056 HDAudBus - ok
22:22:57.0693 4056 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
22:22:57.0694 4056 HidBatt - ok
22:22:57.0712 4056 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
22:22:57.0714 4056 HidBth - ok
22:22:57.0752 4056 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
22:22:57.0755 4056 HidIr - ok
22:22:57.0789 4056 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
22:22:57.0791 4056 hidserv - ok
22:22:57.0825 4056 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
22:22:57.0826 4056 HidUsb - ok
22:22:57.0853 4056 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:22:57.0855 4056 hkmsvc - ok
22:22:57.0873 4056 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:22:57.0877 4056 HomeGroupListener - ok
22:22:57.0910 4056 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:22:57.0913 4056 HomeGroupProvider - ok
22:22:57.0978 4056 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:22:57.0979 4056 HpSAMD - ok
22:22:58.0018 4056 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:22:58.0027 4056 HTTP - ok
22:22:58.0036 4056 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:22:58.0037 4056 hwpolicy - ok
22:22:58.0081 4056 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:22:58.0083 4056 i8042prt - ok
22:22:58.0127 4056 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:22:58.0133 4056 iaStorV - ok
22:22:58.0187 4056 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:22:58.0203 4056 idsvc - ok
22:22:58.0220 4056 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
22:22:58.0222 4056 iirsp - ok
22:22:58.0289 4056 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:22:58.0299 4056 IKEEXT - ok
22:22:58.0401 4056 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
22:22:58.0425 4056 IntcAzAudAddService - ok
22:22:58.0444 4056 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:22:58.0446 4056 intelide - ok
22:22:58.0474 4056 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
22:22:58.0475 4056 intelppm - ok
22:22:58.0508 4056 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:22:58.0510 4056 IPBusEnum - ok
22:22:58.0524 4056 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:22:58.0526 4056 IpFilterDriver - ok
22:22:58.0570 4056 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:22:58.0577 4056 iphlpsvc - ok
22:22:58.0599 4056 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:22:58.0601 4056 IPMIDRV - ok
22:22:58.0620 4056 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:22:58.0622 4056 IPNAT - ok
22:22:58.0683 4056 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:22:58.0691 4056 iPod Service - ok
22:22:58.0724 4056 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:22:58.0725 4056 IRENUM - ok
22:22:58.0747 4056 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:22:58.0749 4056 isapnp - ok
22:22:58.0769 4056 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:22:58.0773 4056 iScsiPrt - ok
22:22:58.0818 4056 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\windows\system32\DRIVERS\ivusb.sys
22:22:58.0819 4056 ivusb - ok
22:22:58.0852 4056 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:22:58.0853 4056 kbdclass - ok
22:22:58.0887 4056 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:22:58.0888 4056 kbdhid - ok
22:22:58.0909 4056 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:22:58.0910 4056 KeyIso - ok
22:22:58.0934 4056 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:22:58.0935 4056 KSecDD - ok
22:22:58.0958 4056 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:22:58.0960 4056 KSecPkg - ok
22:22:58.0994 4056 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:22:58.0995 4056 ksthunk - ok
22:22:59.0032 4056 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:22:59.0038 4056 KtmRm - ok
22:22:59.0092 4056 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
22:22:59.0097 4056 LanmanServer - ok
22:22:59.0118 4056 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:22:59.0121 4056 LanmanWorkstation - ok
22:22:59.0492 4056 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
22:22:59.0669 4056 LeapFrog Connect Device Service - ok
22:22:59.0701 4056 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:22:59.0703 4056 lltdio - ok
22:22:59.0729 4056 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:22:59.0734 4056 lltdsvc - ok
22:22:59.0749 4056 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:22:59.0751 4056 lmhosts - ok
22:22:59.0780 4056 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
22:22:59.0782 4056 LSI_FC - ok
22:22:59.0798 4056 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
22:22:59.0800 4056 LSI_SAS - ok
22:22:59.0811 4056 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
22:22:59.0813 4056 LSI_SAS2 - ok
22:22:59.0827 4056 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
22:22:59.0829 4056 LSI_SCSI - ok
22:22:59.0846 4056 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:22:59.0848 4056 luafv - ok
22:22:59.0924 4056 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
22:22:59.0930 4056 McComponentHostService - ok
22:22:59.0967 4056 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:22:59.0970 4056 Mcx2Svc - ok
22:23:00.0002 4056 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
22:23:00.0004 4056 megasas - ok
22:23:00.0033 4056 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
22:23:00.0037 4056 MegaSR - ok
22:23:00.0053 4056 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:23:00.0055 4056 MMCSS - ok
22:23:00.0074 4056 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:23:00.0075 4056 Modem - ok
22:23:00.0104 4056 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:23:00.0104 4056 monitor - ok
22:23:00.0150 4056 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:23:00.0150 4056 mouclass - ok
22:23:00.0170 4056 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
22:23:00.0171 4056 mouhid - ok
22:23:00.0191 4056 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:23:00.0192 4056 mountmgr - ok
22:23:00.0206 4056 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:23:00.0209 4056 mpio - ok
22:23:00.0240 4056 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:23:00.0242 4056 mpsdrv - ok
22:23:00.0283 4056 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
22:23:00.0294 4056 MpsSvc - ok
22:23:00.0325 4056 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:23:00.0327 4056 MRxDAV - ok
22:23:00.0342 4056 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:23:00.0345 4056 mrxsmb - ok
22:23:00.0374 4056 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:23:00.0377 4056 mrxsmb10 - ok
22:23:00.0395 4056 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:23:00.0397 4056 mrxsmb20 - ok
22:23:00.0414 4056 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
22:23:00.0414 4056 msahci - ok
22:23:00.0439 4056 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:23:00.0442 4056 msdsm - ok
22:23:00.0463 4056 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:23:00.0467 4056 MSDTC - ok
22:23:00.0485 4056 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:23:00.0486 4056 Msfs - ok
22:23:00.0512 4056 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:23:00.0512 4056 mshidkmdf - ok
22:23:00.0527 4056 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:23:00.0528 4056 msisadrv - ok
22:23:00.0565 4056 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:23:00.0568 4056 MSiSCSI - ok
22:23:00.0574 4056 msiserver - ok
22:23:00.0600 4056 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:23:00.0601 4056 MSKSSRV - ok
22:23:00.0622 4056 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:23:00.0623 4056 MSPCLOCK - ok
22:23:00.0643 4056 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:23:00.0644 4056 MSPQM - ok
22:23:00.0665 4056 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:23:00.0669 4056 MsRPC - ok
22:23:00.0688 4056 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:23:00.0688 4056 mssmbios - ok
22:23:00.0710 4056 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:23:00.0711 4056 MSTEE - ok
22:23:00.0722 4056 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
22:23:00.0723 4056 MTConfig - ok
22:23:00.0743 4056 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:23:00.0744 4056 Mup - ok
22:23:00.0803 4056 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:23:00.0815 4056 napagent - ok
22:23:00.0863 4056 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:23:00.0868 4056 NativeWifiP - ok
22:23:00.0925 4056 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
22:23:00.0940 4056 NDIS - ok
22:23:00.0974 4056 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:23:00.0975 4056 NdisCap - ok
22:23:00.0996 4056 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:23:00.0997 4056 NdisTapi - ok
22:23:01.0020 4056 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:23:01.0021 4056 Ndisuio - ok
22:23:01.0038 4056 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:23:01.0042 4056 NdisWan - ok
22:23:01.0056 4056 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:23:01.0057 4056 NDProxy - ok
22:23:01.0094 4056 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:23:01.0095 4056 NetBIOS - ok
22:23:01.0115 4056 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:23:01.0118 4056 NetBT - ok
22:23:01.0131 4056 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:23:01.0132 4056 Netlogon - ok
22:23:01.0158 4056 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:23:01.0164 4056 Netman - ok
22:23:01.0193 4056 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:23:01.0200 4056 netprofm - ok
22:23:01.0225 4056 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:23:01.0227 4056 NetTcpPortSharing - ok
22:23:01.0265 4056 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
22:23:01.0266 4056 nfrd960 - ok
22:23:01.0295 4056 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
22:23:01.0299 4056 NlaSvc - ok
22:23:01.0337 4056 Norton PC Checkup Application Launcher - ok
22:23:01.0352 4056 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:23:01.0353 4056 Npfs - ok
22:23:01.0398 4056 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:23:01.0399 4056 nsi - ok
22:23:01.0416 4056 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:23:01.0417 4056 nsiproxy - ok
22:23:01.0529 4056 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:23:01.0549 4056 Ntfs - ok
22:23:01.0584 4056 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:23:01.0585 4056 Null - ok
22:23:01.0610 4056 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
22:23:01.0613 4056 nvraid - ok
22:23:01.0634 4056 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
22:23:01.0637 4056 nvstor - ok
22:23:01.0647 4056 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:23:01.0649 4056 nv_agp - ok
22:23:01.0664 4056 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:23:01.0666 4056 ohci1394 - ok
22:23:01.0710 4056 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:01.0712 4056 ose - ok
22:23:01.0903 4056 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:23:02.0034 4056 osppsvc - ok
22:23:02.0075 4056 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:23:02.0080 4056 p2pimsvc - ok
22:23:02.0101 4056 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:23:02.0107 4056 p2psvc - ok
22:23:02.0141 4056 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
22:23:02.0143 4056 Parport - ok
22:23:02.0167 4056 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:23:02.0168 4056 partmgr - ok
22:23:02.0193 4056 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:23:02.0196 4056 PcaSvc - ok
22:23:02.0219 4056 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
22:23:02.0220 4056 PCCUJobMgr - ok
22:23:02.0244 4056 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:23:02.0246 4056 pci - ok
22:23:02.0264 4056 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
22:23:02.0264 4056 pciide - ok
22:23:02.0285 4056 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
22:23:02.0288 4056 pcmcia - ok
22:23:02.0312 4056 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:23:02.0313 4056 pcw - ok
22:23:02.0340 4056 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:23:02.0348 4056 PEAUTH - ok
22:23:02.0415 4056 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:23:02.0417 4056 PerfHost - ok
22:23:02.0535 4056 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
22:23:02.0536 4056 PGEffect - ok
22:23:02.0775 4056 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:23:02.0795 4056 pla - ok
22:23:02.0850 4056 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:23:02.0857 4056 PlugPlay - ok
22:23:02.0879 4056 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:23:02.0881 4056 PNRPAutoReg - ok
22:23:02.0897 4056 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:23:02.0901 4056 PNRPsvc - ok
22:23:02.0931 4056 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:23:02.0937 4056 PolicyAgent - ok
22:23:02.0955 4056 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
22:23:02.0958 4056 Power - ok
22:23:02.0998 4056 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:23:03.0000 4056 PptpMiniport - ok
22:23:03.0033 4056 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
22:23:03.0035 4056 Processor - ok
22:23:03.0063 4056 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:23:03.0067 4056 ProfSvc - ok
22:23:03.0086 4056 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:23:03.0088 4056 ProtectedStorage - ok
22:23:03.0121 4056 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:23:03.0123 4056 Psched - ok
22:23:03.0182 4056 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
22:23:03.0200 4056 ql2300 - ok
22:23:03.0228 4056 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
22:23:03.0231 4056 ql40xx - ok
22:23:03.0263 4056 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:23:03.0268 4056 QWAVE - ok
22:23:03.0321 4056 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:23:03.0322 4056 QWAVEdrv - ok
22:23:03.0338 4056 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:23:03.0339 4056 RasAcd - ok
22:23:03.0380 4056 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:23:03.0381 4056 RasAgileVpn - ok
22:23:03.0403 4056 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:23:03.0406 4056 RasAuto - ok
22:23:03.0423 4056 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:23:03.0425 4056 Rasl2tp - ok
22:23:03.0444 4056 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:23:03.0450 4056 RasMan - ok
22:23:03.0482 4056 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:23:03.0484 4056 RasPppoe - ok
22:23:03.0491 4056 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:23:03.0493 4056 RasSstp - ok
22:23:03.0519 4056 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:23:03.0523 4056 rdbss - ok
22:23:03.0542 4056 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
22:23:03.0543 4056 rdpbus - ok
22:23:03.0560 4056 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:23:03.0561 4056 RDPCDD - ok
22:23:03.0577 4056 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:23:03.0577 4056 RDPENCDD - ok
22:23:03.0592 4056 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:23:03.0592 4056 RDPREFMP - ok
22:23:03.0626 4056 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:23:03.0629 4056 RDPWD - ok
22:23:03.0670 4056 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:23:03.0672 4056 rdyboost - ok
22:23:03.0694 4056 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:23:03.0697 4056 RemoteAccess - ok
22:23:03.0729 4056 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:23:03.0732 4056 RemoteRegistry - ok
22:23:03.0746 4056 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:23:03.0749 4056 RpcEptMapper - ok
22:23:03.0775 4056 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:23:03.0776 4056 RpcLocator - ok
22:23:03.0796 4056 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:23:03.0802 4056 RpcSs - ok
22:23:03.0837 4056 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:23:03.0839 4056 rspndr - ok
22:23:03.0883 4056 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
22:23:03.0886 4056 RSUSBSTOR - ok
22:23:03.0912 4056 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
22:23:03.0915 4056 RTL8167 - ok
22:23:03.0999 4056 [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
22:23:04.0008 4056 RTL8192Ce - ok
22:23:04.0020 4056 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:23:04.0021 4056 SamSs - ok
22:23:04.0054 4056 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:23:04.0056 4056 sbp2port - ok
22:23:04.0084 4056 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:23:04.0088 4056 SCardSvr - ok
22:23:04.0108 4056 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:23:04.0109 4056 scfilter - ok
22:23:04.0145 4056 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:23:04.0160 4056 Schedule - ok
22:23:04.0186 4056 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:23:04.0187 4056 SCPolicySvc - ok
22:23:04.0225 4056 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:23:04.0229 4056 SDRSVC - ok
22:23:04.0255 4056 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:23:04.0256 4056 secdrv - ok
22:23:04.0271 4056 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:23:04.0273 4056 seclogon - ok
22:23:04.0286 4056 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
22:23:04.0289 4056 SENS - ok
22:23:04.0318 4056 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:23:04.0321 4056 SensrSvc - ok
22:23:04.0333 4056 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
22:23:04.0335 4056 Serenum - ok
22:23:04.0369 4056 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
22:23:04.0372 4056 Serial - ok
22:23:04.0403 4056 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
22:23:04.0405 4056 sermouse - ok
22:23:04.0445 4056 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:23:04.0448 4056 SessionEnv - ok
22:23:04.0460 4056 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:23:04.0462 4056 sffdisk - ok
22:23:04.0470 4056 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:23:04.0471 4056 sffp_mmc - ok
22:23:04.0489 4056 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:23:04.0490 4056 sffp_sd - ok
22:23:04.0517 4056 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
22:23:04.0518 4056 sfloppy - ok
22:23:04.0560 4056 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
22:23:04.0567 4056 Sftfs - ok
22:23:04.0646 4056 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:23:04.0653 4056 sftlist - ok
22:23:04.0764 4056 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
22:23:04.0767 4056 Sftplay - ok
22:23:04.0788 4056 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
22:23:04.0789 4056 Sftredir - ok
22:23:04.0817 4056 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
22:23:04.0818 4056 Sftvol - ok
22:23:04.0855 4056 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:23:04.0857 4056 sftvsa - ok
22:23:04.0888 4056 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
22:23:04.0893 4056 SharedAccess - ok
22:23:04.0926 4056 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:23:04.0932 4056 ShellHWDetection - ok
22:23:04.0956 4056 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
22:23:04.0958 4056 SiSRaid2 - ok
22:23:04.0989 4056 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
22:23:04.0990 4056 SiSRaid4 - ok
22:23:05.0132 4056 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:23:05.0157 4056 Skype C2C Service - ok
22:23:05.0211 4056 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:23:05.0213 4056 SkypeUpdate - ok
22:23:05.0239 4056 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:23:05.0241 4056 Smb - ok
22:23:05.0302 4056 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:23:05.0304 4056 SNMPTRAP - ok
22:23:05.0336 4056 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
22:23:05.0336 4056 spldr - ok
22:23:05.0387 4056 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
22:23:05.0396 4056 Spooler - ok
22:23:05.0497 4056 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
22:23:05.0525 4056 sppsvc - ok
22:23:05.0568 4056 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:23:05.0571 4056 sppuinotify - ok
22:23:05.0603 4056 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
22:23:05.0609 4056 srv - ok
22:23:05.0630 4056 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:23:05.0635 4056 srv2 - ok
22:23:05.0656 4056 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:23:05.0658 4056 srvnet - ok
22:23:05.0690 4056 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:23:05.0694 4056 SSDPSRV - ok
22:23:05.0715 4056 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
22:23:05.0718 4056 SstpSvc - ok
22:23:05.0745 4056 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
22:23:05.0747 4056 stexstor - ok
22:23:05.0784 4056 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
22:23:05.0792 4056 stisvc - ok
22:23:05.0809 4056 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
22:23:05.0810 4056 swenum - ok
22:23:05.0834 4056 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
22:23:05.0842 4056 swprv - ok
22:23:05.0903 4056 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
22:23:05.0913 4056 SynTP - ok
22:23:05.0974 4056 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
22:23:05.0996 4056 SysMain - ok
22:23:06.0014 4056 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:23:06.0017 4056 TabletInputService - ok
22:23:06.0036 4056 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
22:23:06.0041 4056 TapiSrv - ok
22:23:06.0063 4056 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
22:23:06.0065 4056 TBS - ok
22:23:06.0128 4056 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:23:06.0151 4056 Tcpip - ok
22:23:06.0183 4056 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:23:06.0197 4056 TCPIP6 - ok
22:23:06.0229 4056 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:23:06.0230 4056 tcpipreg - ok
22:23:06.0264 4056 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
22:23:06.0265 4056 tdcmdpst - ok
22:23:06.0304 4056 TDEIO - ok
22:23:06.0328 4056 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:23:06.0329 4056 TDPIPE - ok
22:23:06.0358 4056 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:23:06.0360 4056 TDTCP - ok
22:23:06.0382 4056 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:23:06.0384 4056 tdx - ok
22:23:06.0401 4056 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
22:23:06.0402 4056 TermDD - ok
22:23:06.0446 4056 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
22:23:06.0456 4056 TermService - ok
22:23:06.0468 4056 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
22:23:06.0471 4056 Themes - ok
22:23:06.0487 4056 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
22:23:06.0488 4056 THREADORDER - ok
22:23:06.0552 4056 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:23:06.0553 4056 TMachInfo - ok
22:23:06.0588 4056 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
22:23:06.0591 4056 TODDSrv - ok
22:23:06.0672 4056 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
22:23:06.0683 4056 TosCoSrv - ok
22:23:06.0729 4056 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:23:06.0732 4056 TOSHIBA eco Utility Service - ok
22:23:06.0823 4056 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:23:06.0826 4056 TOSHIBA HDD SSD Alert Service - ok
22:23:06.0880 4056 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:23:06.0895 4056 TPCHSrv - ok
22:23:06.0920 4056 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
22:23:06.0923 4056 TrkWks - ok
22:23:06.0968 4056 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:23:06.0972 4056 TrustedInstaller - ok
22:23:07.0000 4056 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:23:07.0001 4056 tssecsrv - ok
22:23:07.0035 4056 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:23:07.0037 4056 TsUsbFlt - ok
22:23:07.0061 4056 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
22:23:07.0062 4056 TsUsbGD - ok
22:23:07.0094 4056 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:23:07.0096 4056 tunnel - ok
22:23:07.0131 4056 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:23:07.0131 4056 TVALZ - ok
22:23:07.0148 4056 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
22:23:07.0148 4056 TVALZFL - ok
22:23:07.0172 4056 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
22:23:07.0174 4056 uagp35 - ok
22:23:07.0196 4056 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:23:07.0201 4056 udfs - ok
22:23:07.0238 4056 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:23:07.0241 4056 UI0Detect - ok
22:23:07.0257 4056 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:23:07.0259 4056 uliagpkx - ok
22:23:07.0291 4056 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
22:23:07.0292 4056 umbus - ok
22:23:07.0363 4056 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
22:23:07.0364 4056 UmPass - ok
22:23:07.0389 4056 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
22:23:07.0395 4056 upnphost - ok
22:23:07.0418 4056 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
22:23:07.0420 4056 USBAAPL64 - ok
22:23:07.0435 4056 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:23:07.0437 4056 usbccgp - ok
22:23:07.0458 4056 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:23:07.0460 4056 usbcir - ok
22:23:07.0491 4056 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:23:07.0492 4056 usbehci - ok
22:23:07.0527 4056 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:23:07.0531 4056 usbhub - ok
22:23:07.0548 4056 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
22:23:07.0549 4056 usbohci - ok
22:23:07.0564 4056 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
22:23:07.0565 4056 usbprint - ok
22:23:07.0587 4056 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:23:07.0589 4056 USBSTOR - ok
22:23:07.0608 4056 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:23:07.0610 4056 usbuhci - ok
22:23:07.0636 4056 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
22:23:07.0638 4056 usbvideo - ok
22:23:07.0664 4056 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
22:23:07.0666 4056 UxSms - ok
22:23:07.0675 4056 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
22:23:07.0677 4056 VaultSvc - ok
22:23:07.0694 4056 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:23:07.0695 4056 vdrvroot - ok
22:23:07.0714 4056 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
22:23:07.0722 4056 vds - ok
22:23:07.0797 4056 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:23:07.0847 4056 vga - ok
22:23:07.0877 4056 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
22:23:07.0933 4056 VgaSave - ok
22:23:08.0052 4056 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:23:08.0057 4056 vhdmp - ok
22:23:08.0078 4056 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
22:23:08.0080 4056 viaide - ok
22:23:08.0097 4056 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:23:08.0099 4056 volmgr - ok
22:23:08.0116 4056 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:23:08.0120 4056 volmgrx - ok
22:23:08.0148 4056 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
22:23:08.0151 4056 volsnap - ok
22:23:08.0180 4056 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
22:23:08.0183 4056 vsmraid - ok
22:23:08.0252 4056 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
22:23:08.0272 4056 VSS - ok
22:23:08.0302 4056 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:23:08.0303 4056 vwifibus - ok
22:23:08.0330 4056 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:23:08.0332 4056 vwififlt - ok
22:23:08.0357 4056 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
22:23:08.0364 4056 W32Time - ok
22:23:08.0405 4056 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
22:23:08.0406 4056 WacomPen - ok
22:23:08.0436 4056 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:23:08.0438 4056 WANARP - ok
22:23:08.0442 4056 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:23:08.0444 4056 Wanarpv6 - ok
22:23:08.0509 4056 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:23:08.0525 4056 WatAdminSvc - ok
22:23:08.0589 4056 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
22:23:08.0609 4056 wbengine - ok
22:23:08.0630 4056 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:23:08.0634 4056 WbioSrvc - ok
22:23:08.0659 4056 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
22:23:08.0665 4056 wcncsvc - ok
22:23:08.0686 4056 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:23:08.0688 4056 WcsPlugInService - ok
22:23:08.0720 4056 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
22:23:08.0721 4056 Wd - ok
22:23:08.0769 4056 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:23:08.0778 4056 Wdf01000 - ok
22:23:08.0801 4056 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
22:23:08.0804 4056 WdiServiceHost - ok
22:23:08.0809 4056 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
22:23:08.0812 4056 WdiSystemHost - ok
22:23:08.0834 4056 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
22:23:08.0839 4056 WebClient - ok
22:23:08.0859 4056 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
22:23:08.0864 4056 Wecsvc - ok
22:23:08.0870 4056 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:23:08.0874 4056 wercplsupport - ok
22:23:08.0893 4056 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
22:23:08.0896 4056 WerSvc - ok
22:23:08.0931 4056 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:23:08.0932 4056 WfpLwf - ok
22:23:08.0951 4056 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:23:08.0952 4056 WIMMount - ok
22:23:08.0973 4056 WinDefend - ok
22:23:08.0979 4056 WinHttpAutoProxySvc - ok
22:23:09.0026 4056 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:23:09.0030 4056 Winmgmt - ok
22:23:09.0096 4056 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
22:23:09.0121 4056 WinRM - ok
22:23:09.0165 4056 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
22:23:09.0166 4056 WinUsb - ok
22:23:09.0203 4056 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
22:23:09.0215 4056 Wlansvc - ok
22:23:09.0277 4056 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:23:09.0280 4056 wlcrasvc - ok
22:23:09.0455 4056 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:23:09.0481 4056 wlidsvc - ok
22:23:09.0511 4056 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
22:23:09.0512 4056 WmiAcpi - ok
22:23:09.0550 4056 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:23:09.0554 4056 wmiApSrv - ok
22:23:09.0589 4056 WMPNetworkSvc - ok
22:23:09.0609 4056 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
22:23:09.0611 4056 WPCSvc - ok
22:23:09.0625 4056 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:23:09.0629 4056 WPDBusEnum - ok
22:23:09.0661 4056 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:23:09.0662 4056 ws2ifsl - ok
22:23:09.0673 4056 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
22:23:09.0677 4056 wscsvc - ok
22:23:09.0682 4056 WSearch - ok
22:23:09.0764 4056 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
22:23:09.0804 4056 wuauserv - ok
22:23:09.0843 4056 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:23:09.0845 4056 WudfPf - ok
22:23:09.0879 4056 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:23:09.0882 4056 WUDFRd - ok
22:23:09.0914 4056 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:23:09.0917 4056 wudfsvc - ok
22:23:09.0949 4056 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
22:23:09.0953 4056 WwanSvc - ok
22:23:09.0989 4056 ================ Scan global ===============================
22:23:10.0013 4056 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:23:10.0042 4056 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
22:23:10.0052 4056 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
22:23:10.0076 4056 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:23:10.0112 4056 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:23:10.0118 4056 [Global] - ok
22:23:10.0119 4056 ================ Scan MBR ==================================
22:23:10.0129 4056 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
22:23:10.0338 4056 \Device\Harddisk0\DR0 - ok
22:23:10.0339 4056 ================ Scan VBR ==================================
22:23:10.0355 4056 [ 233DAD61F305AE3EDD6B953204857F5F ] \Device\Harddisk0\DR0\Partition1
22:23:10.0358 4056 \Device\Harddisk0\DR0\Partition1 - ok
22:23:10.0358 4056 ============================================================
22:23:10.0358 4056 Scan finished
22:23:10.0358 4056 ============================================================
22:23:10.0382 4752 Detected object count: 0
22:23:10.0382 4752 Actual detected object count: 0
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
 

Jwgus00

Thread Starter
Joined
Jan 12, 2013
Messages
13
# AdwCleaner v2.113 - Logfile created 03/01/2013 at 18:50:02
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : dana - DANA-PC
# Boot Mode : Normal
# Running from : C:\Users\dana\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files (x86)\fbphotozoom
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\dana\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\dana\AppData\Local\Temp\incredibar.com

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-4214067739-3292234976-1094395009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-4214067739-3292234976-1094395009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\dana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3256 octets] - [01/03/2013 18:50:02]

########## EOF - C:\AdwCleaner[R1].txt - [3316 octets] ##########
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt
I doubt that it will cure the problem in Chrome
The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
Then reboot & reinstall chrome
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top