1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Redirect Virus Removal

Discussion in 'Virus & Other Malware Removal' started by katsim57, Jan 22, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. katsim57

    katsim57 Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    159
    This redirect virus is driving me crazy! Hope this is the info you need; thanks for all the help!


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:46:15 PM, on 1/22/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\jmesoft\hotkey.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe
    C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\kat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSA6640M\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={55F0DF...6586afe55ad&lang=en&ds=hk011&pr=&d=2013-01-02 15:29:28&v=13.2.0.4&sap=hp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120906212239.dll (file missing)
    O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
    O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
    O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
    O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Users\kat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    O4 - HKCU\..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
    O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
    O4 - HKCU\..\Run: [QUOX] rundll32 "C:\Users\kat\AppData\Roaming\cipher3.dll",Ebumoiemht
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Marketsplash Print Software.lnk = C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: McAfee Application Installer Cleanup (0099891358203947) (0099891358203947mcinstcleanup) - Unknown owner - C:\windows\TEMP\009989~1.EXE (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: FastbootService - 1206 Lab - C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 18037 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by kat at 20:49:42 on 2013-01-22
    .
    ============== Running Processes ================
    .
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\jmesoft\Service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\jmesoft\hotkey.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe
    C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\jmesoft\JME_LOAD.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\SysWOW64\NOTEPAD.EXE
    C:\windows\SysWOW64\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://isearch.avg.com/?cid={55F0DF6F-9BAD-4BF0-B036-40FD981BEBB4}&mid=6a644787654f4b058365e8ec9daf4dc7-9b49efbef7e2605d71baa34bdd2db6586afe55ad&lang=en&ds=hk011&pr=&d=2013-01-02 15:29:28&v=13.2.0.4&sap=hp
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    uRun: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
    uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
    uRun: [QUOX] rundll32 "C:\Users\kat\AppData\Roaming\cipher3.dll",Ebumoiemht
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
    mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
    mRun: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
    mRun: [Fastboot] C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe
    mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [ShopAtHomeWatcher] C:\Users\kat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{0689BAAE-57FC-4BAA-9F01-9EAE2A89F6D7} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{1A015C10-7C08-4A8E-AFF9-ECEFA5B7B854} : DHCPNameServer = 192.168.1.254
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? 0099891358203947mcinstcleanup;McAfee Application Installer Cleanup (0099891358203947)
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? esgiguard;esgiguard
    R? HipShieldK;McAfee Inc. HipShieldK
    R? McComponentHostService;McAfee Security Scan Component Host Service
    R? mferkdet;McAfee Inc. mferkdet
    R? Partner Service;Partner Service
    R? pctplsm;pctplsm
    R? sdAuxService;PC Tools Auxiliary Service
    R? sdCoreService;PC Tools Security Service
    R? SpyHunter 4 Service;SpyHunter 4 Service
    R? TsUsbFlt;TsUsbFlt
    R? TsUsbGD;Remote Desktop Generic USB Device
    R? USBAAPL64;Apple Mobile USB Driver
    R? WatAdminSvc;Windows Activation Technologies Service
    R? wlcrasvc;Windows Live Mesh remote connections service
    R? wsvd;wsvd
    R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
    S? !SASCORE;SAS Core Service
    S? avgtp;avgtp
    S? Browser Defender Update Service;Browser Defender Update Service
    S? cfwids;McAfee Inc. cfwids
    S? Fastboot;Fastboot
    S? FastbootService;FastbootService
    S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
    S? IntcDAud;Intel(R) Display Audio
    S? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
    S? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
    S? JME Keyboard;JME Keyboard Driver
    S? MBAMProtector;MBAMProtector
    S? MBAMScheduler;MBAMScheduler
    S? MBAMService;MBAMService
    S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
    S? McMPFSvc;McAfee Personal Firewall Service
    S? McNaiAnn;McAfee VirusScan Announcer
    S? McProxy;McAfee Proxy Service
    S? McShield;McAfee McShield
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfefire;McAfee Firewall Core Service
    S? mfefirek;McAfee Inc. mfefirek
    S? mfehidk;McAfee Inc. mfehidk
    S? mfevtp;McAfee Validation Trust Protection Service
    S? mfewfpk;McAfee Inc. mfewfpk
    S? PCTBD;PC Tools Browser Defender Driver
    S? PCTCore;PCTools KDS
    S? pctDS;PC Tools Data Store
    S? pctEFA;PC Tools Extended File Attributes
    S? pctgntdi;pctgntdi
    S? PCTSD;PC Tools Spyware Doctor Driver
    S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
    S? RTL8167;Realtek 8167 NT Driver
    S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
    S? SASDIFSV;SASDIFSV
    S? SASKUTIL;SASKUTIL
    S? UNS;Intel(R) Management and Security Application User Notification Service
    S? vToolbarUpdater13.2.0;vToolbarUpdater13.2.0
    .
    =============== Created Last 30 ================
    .
    2013-01-23 01:31:52 77144 ----a-w- C:\windows\System32\drivers\PCTBD64.sys
    2013-01-23 01:31:52 769144 ----a-w- C:\windows\BDTSupport.dll
    2013-01-23 01:31:49 150648 ----a-w- C:\windows\SGDetectionTool.dll
    2013-01-23 01:31:48 2280568 ----a-w- C:\windows\PCTBDCore.dll
    2013-01-23 01:31:48 1690744 ----a-w- C:\windows\PCTBDRes.dll
    2013-01-23 01:31:23 347016 ----a-w- C:\windows\System32\drivers\pctgntdi64.sys
    2013-01-23 01:31:22 258424 ----a-w- C:\windows\System32\drivers\pctwfpfilter64.sys
    2013-01-23 01:31:21 16392 ----a-w- C:\windows\System32\drivers\pctBTFix64.sys
    2013-01-23 01:31:08 93600 ----a-w- C:\windows\System32\drivers\pctplsg64.sys
    2013-01-23 01:31:08 87968 ----a-w- C:\windows\System32\drivers\pctplsm64.sys
    2013-01-23 01:31:01 -------- d-----w- C:\Program Files (x86)\PC Tools
    2013-01-23 01:28:35 1096176 ----a-w- C:\windows\System32\drivers\pctEFA64.sys
    2013-01-23 01:28:34 453896 ----a-w- C:\windows\System32\drivers\pctDS64.sys
    2013-01-23 01:28:34 413448 ----a-w- C:\windows\System32\drivers\PCTCore64.sys
    2013-01-23 01:28:32 253256 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
    2013-01-23 01:28:32 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2013-01-23 01:27:43 -------- d-----w- C:\Users\kat\AppData\Roaming\TestApp
    2013-01-23 01:27:43 -------- d-----w- C:\ProgramData\PC Tools
    2013-01-15 02:12:19 -------- d-----w- C:\Users\kat\AppData\Roaming\CANON INC
    2013-01-15 00:54:00 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-01-15 00:53:45 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-01-15 00:53:33 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-01-15 00:53:12 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-01-09 11:01:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
    2013-01-02 23:43:28 -------- d-----w- C:\Users\kat\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-02 23:43:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-01-02 23:43:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2013-01-02 20:34:24 -------- d-----w- C:\Users\kat\AppData\Roaming\Malwarebytes
    2013-01-02 20:34:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-02 20:34:08 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
    2013-01-02 20:34:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-02 20:29:32 -------- d-----w- C:\Users\kat\AppData\Local\AVG Secure Search
    2013-01-02 20:29:30 -------- d-----w- C:\ProgramData\AVG Secure Search
    2013-01-02 20:29:27 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
    2013-01-02 20:29:26 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2013-01-02 20:29:25 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2013-01-02 20:29:19 -------- d-----w- C:\Users\kat\AppData\Roaming\Nico Mak Computing
    2013-01-02 20:29:17 18760 ----a-w- C:\windows\System32\roboot64.exe
    2013-01-02 20:03:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-01-02 20:03:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-01-02 20:03:10 -------- d-----w- C:\Users\kat\AppData\Local\Programs
    2013-01-02 19:39:12 -------- d-----w- C:\Program Files\Enigma Software Group
    2013-01-02 19:39:01 -------- d-----w- C:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2013-01-02 19:38:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-12-28 23:52:09 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-28 23:36:21 -------- d-----w- C:\Users\kat\AppData\Roaming\redsn0w
    .
    ==================== Find3M ====================
    .
    2013-01-22 23:25:59 1056 --sha-w- C:\windows\SysWow64\KGyGaAvL.sys
    2013-01-08 19:16:25 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-08 19:16:25 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-17 05:11:09 103832 ----a-w- C:\Users\kat\GoToAssistDownloadHelper.exe
    2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-15 02:27:11 126976 --sha-r- C:\Users\kat\AppData\Roaming\cipher3.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-09 11:40:24 69672 ----a-w- C:\windows\System32\drivers\cfwids.sys
    2012-11-09 11:37:42 339776 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
    2012-11-09 11:37:30 177680 ----a-w- C:\windows\System32\mfevtps.exe
    2012-11-09 11:36:40 10288 ----a-w- C:\windows\System32\drivers\mfeclnk.sys
    2012-11-09 11:36:30 106112 ----a-w- C:\windows\System32\drivers\mferkdet.sys
    2012-11-09 11:35:50 771096 ----a-w- C:\windows\System32\drivers\mfehidk.sys
    2012-11-09 11:34:58 515528 ----a-w- C:\windows\System32\drivers\mfefirek.sys
    2012-11-09 11:34:18 309400 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
    2012-11-09 11:33:58 178840 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
    2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll
    2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll
    2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-10-25 08:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 20:50:51.72 ===============

    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.5)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG Security Toolbar
    Bid Whist Challenge
    Bid Whist Challenge (C:\Program Files (x86)\Bid Whist Challenge\)
    Bonjour
    Browser Guard 4.0
    Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide
    Canon Utilities CameraWindow DC 8
    Canon Utilities ImageBrowser EX
    Canon Utilities PhotoStitch
    CDDRV_Installer
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Corel Paint Shop Pro Photo XI
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Education Portal
    erLT
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP Officejet 6500 E710a-f Basic Device Software
    HP Officejet 6500 E710a-f Help
    HP Officejet 6500 E710a-f Product Improvement Study
    HP Update
    I.R.I.S. OCR
    iCloud
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    IntelĀ® Trusted Connect Service Client
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Junk Mail filter update
    KhalInstallWrapper
    Lenovo Blacksilk USB Keyboard Driver
    Lenovo Driver and Application Installation
    Lenovo Power2Go
    Lenovo Rescue System
    Logitech SetPoint
    LVT
    Malwarebytes Anti-Malware version 1.70.0.1100
    Marketsplash Print Software
    Marketsplash Shortcuts
    McAfee Security Scan Plus
    McAfee SecurityCenter
    McAfee Virtual Technician
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PC Speed Maximizer v3.0
    PC Tools Spyware Doctor 9.1
    QuickTime
    Rapidboot Advanced
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    REALTEK Wireless LAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Shared C Run-time for x64
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile Device Updater Component
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== End Of File ===========================

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-22 20:55:49
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC66 931.51GB
    Running: i6rm0owj.exe; Driver: C:\Users\kat\AppData\Local\Temp\uwldqpow.sys

    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1820] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3116] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x2b000a]}
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x53000a]}
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\windows\SysWOW64\rundll32.exe[3312] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[3860] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x46000a]}
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4488] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x464000a]}
    .text C:\Windows\jmesoft\hotkey.exe[4672] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x42000a]}
    .text C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe[2248] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x1cf000a]}
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x220000a]}
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe[2612] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe[912] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x1ed000a]}
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[1660] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x5b000a]}
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x2d1000a]}
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6044] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x42000a]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x228000a]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x56000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x1ff000a]}
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[10516] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\kernel32.dll!GetProcAddress 0000000075e91222 6 bytes {JMP QWORD [RIP+0x719e001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\kernel32.dll!WriteFile 0000000075e91282 6 bytes {JMP QWORD [RIP+0x719b001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\kernel32.dll!CloseHandle 0000000075e91410 6 bytes {JMP QWORD [RIP+0x7198001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075e948fb 6 bytes {JMP QWORD [RIP+0x71a4001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075e94913 6 bytes {JMP QWORD [RIP+0x71a7001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075e94945 6 bytes {JMP QWORD [RIP+0x71a1001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\kernel32.dll!LoadLibraryA 0000000075e949bf 6 bytes {JMP QWORD [RIP+0x71ad001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075ea9ab4 6 bytes {JMP QWORD [RIP+0x7195001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x2ff000a]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!DrawTextExW 0000000075ab149e 5 bytes JMP 00000001041a031f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!DrawTextW 0000000075ab25cf 5 bytes JMP 00000001041a015d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075ab2da4 5 bytes JMP 0000000166e89eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!DrawTextA 0000000075abaea1 5 bytes JMP 00000001041a0082
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!DrawTextExA 0000000075abaed8 5 bytes JMP 00000001041a0238
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075accbf3 5 bytes JMP 0000000166fd8fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000075accfca 5 bytes JMP 000000010419ed8f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075ae8e57 5 bytes JMP 000000010419fdd3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000075aecb0c 5 bytes JMP 0000000166fd8f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075aece64 5 bytes JMP 0000000166fd901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075affbd1 5 bytes JMP 0000000166fd8ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075affc9d 5 bytes JMP 0000000166fd8e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000075affcd6 5 bytes JMP 0000000166fd8dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000075affcfa 5 bytes JMP 0000000166fd8d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\GDI32.dll!ExtTextOutW 0000000076638b7a 5 bytes JMP 00000001041a04ea
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\GDI32.dll!GetGlyphIndicesW 0000000076639963 5 bytes JMP 00000001041a0977
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\GDI32.dll!TextOutW 000000007663d41c 5 bytes JMP 000000010419ffb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\GDI32.dll!ExtTextOutA 000000007663dce4 5 bytes JMP 00000001041a0406
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\GDI32.dll!TextOutA 000000007663eda3 5 bytes JMP 000000010419feea
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\GDI32.dll!GetGlyphIndicesA 0000000076658dbd 5 bytes JMP 00000001041a08aa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076d293ec 5 bytes JMP 0000000166fd91d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WININET.dll!InternetCloseHandle 0000000075d6c664 5 bytes JMP 000000010419eefd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WININET.dll!InternetCrackUrlW 0000000075d93059 5 bytes JMP 00000001041a0d86
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075d95fef 5 bytes JMP 000000010419ee5a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WININET.dll!HttpSendRequestW 0000000075d9632d 5 bytes JMP 00000001041a100e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000074a9388e 5 bytes JMP 0000000166fd9080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000074b37922 5 bytes JMP 0000000166fd9128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076822694 5 bytes JMP 0000000166fd93c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!closesocket 0000000076d53918 5 bytes JMP 000000010419fd2c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d54296 5 bytes JMP 000000010419e8fb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!WSASend 0000000076d54406 5 bytes JMP 000000010419f9f4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d54889 5 bytes JMP 000000010419e9db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!recv 0000000076d56b0e 5 bytes JMP 000000010419f946
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!send 0000000076d56f01 5 bytes JMP 000000010419f8a1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!WSARecv 0000000076d57089 5 bytes JMP 000000010419fac8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!WSAAsyncGetHostByName 0000000076d6726a 5 bytes JMP 000000010419ecb0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3888] C:\windows\syswow64\WS2_32.dll!gethostbyname 0000000076d67673 5 bytes JMP 000000010419e83a
    ? C:\windows\system32\mssprxy.dll [3888] entry point in ".rdata" section 0000000074d571e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000777325fd 6 bytes JMP 0000000166ea8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077742a63 6 bytes JMP 0000000166e49805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!GetProcAddress 0000000075e91222 6 bytes {JMP QWORD [RIP+0x719e001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!WriteFile 0000000075e91282 6 bytes {JMP QWORD [RIP+0x719b001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!CloseHandle 0000000075e91410 6 bytes {JMP QWORD [RIP+0x7198001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!CreateThread 0000000075e934b5 5 bytes JMP 0000000166e475db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075e948fb 6 bytes {JMP QWORD [RIP+0x71a4001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075e94913 6 bytes {JMP QWORD [RIP+0x71a7001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075e94945 6 bytes {JMP QWORD [RIP+0x71a1001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!LoadLibraryA 0000000075e949bf 6 bytes {JMP QWORD [RIP+0x71ad001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075ea9ab4 6 bytes {JMP QWORD [RIP+0x7195001e]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x301000a]}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075aa8a29 5 bytes JMP 0000000166eb03cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!CreateWindowExA 0000000075aad22e 5 bytes JMP 0000000166e5363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!DrawTextExW 0000000075ab149e 5 bytes JMP 000000010044031f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!DrawTextW 0000000075ab25cf 5 bytes JMP 000000010044015d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075ab291f 5 bytes JMP 0000000166e2ddab
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075ab2da4 5 bytes JMP 0000000166e89eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!CallNextHookEx 0000000075ab6285 5 bytes JMP 0000000166ea7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ab7603 5 bytes JMP 0000000166e825ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!DrawTextA 0000000075abaea1 5 bytes JMP 0000000100440082
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!DrawTextExA 0000000075abaed8 5 bytes JMP 0000000100440238
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000075abb029 5 bytes JMP 0000000166fd9358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000075abc63e 5 bytes JMP 0000000166fd9390
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!IsDialogMessage 0000000075ac50ed 5 bytes JMP 0000000166fd9a52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000075ac5246 5 bytes JMP 0000000166fd92e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!EndDialog 0000000075acb99c 5 bytes JMP 0000000166fd9d26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!IsDialogMessageW 0000000075acc701 5 bytes JMP 0000000166fd9a7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075accbf3 5 bytes JMP 0000000166fd8fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!DialogBoxParamW 0000000075accfca 5 bytes JMP 000000010043ed8f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075aceb96 5 bytes JMP 0000000166e2ded5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075acf52b 5 bytes JMP 0000000166eced00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!SendInput 0000000075acff4a 5 bytes JMP 0000000166fda2e9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!CreateDialogParamW 0000000075ad10dc 5 bytes JMP 0000000166fd9320
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!SetKeyboardState 0000000075ad14b2 5 bytes JMP 0000000166fda341
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075ae8e57 5 bytes JMP 000000010043fdd3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000075ae9cfd 5 bytes JMP 0000000166fda3c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!DialogBoxParamA 0000000075aecb0c 5 bytes JMP 0000000166fd8f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075aece64 5 bytes JMP 0000000166fd901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075affbd1 5 bytes JMP 0000000166fd8ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075affc9d 5 bytes JMP 0000000166fd8e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!MessageBoxExA 0000000075affcd6 5 bytes JMP 0000000166fd8dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!MessageBoxExW 0000000075affcfa 5 bytes JMP 0000000166fd8d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\USER32.dll!keybd_event 0000000075b002bf 5 bytes JMP 0000000166fda2a6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\GDI32.dll!ExtTextOutW 0000000076638b7a 5 bytes JMP 00000001004404ea
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\GDI32.dll!GetGlyphIndicesW 0000000076639963 5 bytes JMP 0000000100440977
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\GDI32.dll!TextOutW 000000007663d41c 5 bytes JMP 000000010043ffb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\GDI32.dll!ExtTextOutA 000000007663dce4 5 bytes JMP 0000000100440406
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\GDI32.dll!TextOutA 000000007663eda3 5 bytes JMP 000000010043feea
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\GDI32.dll!GetGlyphIndicesA 0000000076658dbd 5 bytes JMP 00000001004408aa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\ole32.dll!OleLoadFromStream 00000000766b6143 5 bytes JMP 0000000166fd9784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076cc3e59 5 bytes JMP 0000000166fd987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\OLEAUT32.dll!VariantClear 0000000076cc3eae 5 bytes JMP 0000000166fd98fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076cc4731 5 bytes JMP 0000000166fd97ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076cc5dee 5 bytes JMP 0000000166fd989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076d293ec 5 bytes JMP 0000000166fd91d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WININET.dll!InternetCloseHandle 0000000075d6c664 5 bytes JMP 000000010043eefd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WININET.dll!InternetReadFile 0000000075d6f8d8 5 bytes JMP 0000000170d053c0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075d73184 5 bytes JMP 0000000170d04d40
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WININET.dll!InternetCrackUrlW 0000000075d93059 5 bytes JMP 0000000100440d86
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WININET.dll!InternetConnectA 0000000075d9567e 5 bytes JMP 0000000170d056c0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075d95761 5 bytes JMP 0000000170d05500
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075d95fef 5 bytes JMP 000000010043ee5a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WININET.dll!HttpSendRequestW 0000000075d9632d 5 bytes JMP 000000010044100e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000074a9388e 5 bytes JMP 0000000166fd9080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000074b37922 5 bytes JMP 0000000166fd9128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\comdlg32.dll!PrintDlgW 00000000768133a3 5 bytes JMP 0000000166fd946c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076822694 5 bytes JMP 0000000166fd93c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\comdlg32.dll!PrintDlgA 000000007682e8ff 5 bytes JMP 0000000166fd9538
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!closesocket 0000000076d53918 5 bytes JMP 000000010043fd2c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d54296 5 bytes JMP 000000010043e8fb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!WSASend 0000000076d54406 5 bytes JMP 000000010043f9f4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d54889 5 bytes JMP 000000010043e9db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!recv 0000000076d56b0e 5 bytes JMP 000000010043f946
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!send 0000000076d56f01 5 bytes JMP 000000010043f8a1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!WSARecv 0000000076d57089 5 bytes JMP 000000010043fac8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!WSAAsyncGetHostByName 0000000076d6726a 5 bytes JMP 000000010043ecb0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11012] C:\windows\syswow64\WS2_32.dll!gethostbyname 0000000076d67673 5 bytes JMP 000000010043e83a
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x30000a]}
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe[9320] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x26000a]}
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076922c91 4 bytes {CALL QWORD [RIP+0x27000a]}
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4696] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076021401 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076021419 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076021431 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007602144a 2 bytes [02, 76]
    .text ... * 9
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760214dd 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760214f5 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007602150d 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076021525 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007602153d 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076021555 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007602156d 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076021585 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007602159d 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760215b5 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760215cd 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760216b2 2 bytes [02, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[11112] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760216bd 2 bytes [02, 76]
    ---- Threads - GMER 2.0 ----
    Thread C:\windows\SysWOW64\rundll32.exe [3312:3836] 000000000028ffd0
    Thread C:\windows\SysWOW64\rundll32.exe [3312:4116] 0000000000213a80
    Thread C:\windows\SysWOW64\rundll32.exe [3312:5872] 0000000000213a10
    Thread C:\windows\SysWOW64\rundll32.exe [3312:5816] 00000000002e5cfe
    Thread C:\windows\SysWOW64\rundll32.exe [3312:2816] 00000000002e2ea6
    Thread C:\windows\SysWOW64\rundll32.exe [3312:5832] 00000000002e33de
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:8544] 0000000073058920
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:8856] 000007fef92a141c
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:11084] 0000000073059130
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:8708] 0000000073058cf0
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:6216] 000007fef929fab8
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:10744] 000007fef929fb28
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:10164] 000007fef6f8483c
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:2192] 000000007305fa60
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:2648] 000007fee0cbab30
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:6848] 000007fee0bc7a80
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:10252] 000007fee0cbab30
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:7080] 000007fee0cbab30
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:10452] 000007fefd10ea40
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:4600] 000000007305fa60
    Thread C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304:9684] 000000007305fa60
    Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3888:7368] 00000000041b91d7
    Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3888:1344] 0000000004199429
    Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3888:9580] 0000000004199516
    Thread C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [8568:7128] 0000000062c023f0
    Thread C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [8568:5032] 00000000634d5904
    Thread C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [8568:6448] 00000000634d5904
    Thread C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [8568:1900] 0000000072bb32fb
    ---- Processes - GMER 2.0 ----
    Library ? (*** suspicious ***) @ C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [5304] 0000000073090000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [8568] 0000000061280000
    ---- EOF - GMER 2.0 ----
     
  2. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hello there.

    My name is [Jimbo] and I will be helping you.
    Please give me some time to look over your computer's log(s).

    You may want to keep the link to this topic in your favourites. Alternatively, you can visit this website and check through your account.

    Please take note of the following guidelines in the meantime:

    • In the meantime, please refrain from making any changes to your computer.
    • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.

    Regards Jimbo.
     
  3. katsim57

    katsim57 Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    159
    Thanks! I did remove malware( the trial expired)
     
  4. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi there. You said you removed the malware with what software? Also you mentioned the trial expired, can you please elaborate?

    For now I want you to carry out the following instructions please.

    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
    Please post the log for TDSS in your next reply.
     
  5. katsim57

    katsim57 Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    159
    I had downloaded a trial version of the Anti-Malware program, the trial expired a few days ago. It didin't help with this virus, so I didn't want to purchase the full version.

    17:12:10.0643 1468 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

    17:12:11.0407 1468 ============================================================

    17:12:11.0407 1468 Current date / time: 2013/01/24 17:12:11.0407

    17:12:11.0407 1468 SystemInfo:

    17:12:11.0407 1468

    17:12:11.0407 1468 OS Version: 6.1.7601 ServicePack: 1.0

    17:12:11.0407 1468 Product type: Workstation

    17:12:11.0407 1468 ComputerName: KAT-PC

    17:12:11.0407 1468 UserName: kat

    17:12:11.0407 1468 Windows directory: C:\windows

    17:12:11.0407 1468 System windows directory: C:\windows

    17:12:11.0407 1468 Running under WOW64

    17:12:11.0407 1468 Processor architecture: Intel x64

    17:12:11.0407 1468 Number of processors: 4

    17:12:11.0407 1468 Page size: 0x1000

    17:12:11.0407 1468 Boot type: Normal boot

    17:12:11.0407 1468 ============================================================

    17:12:11.0844 1468 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    17:12:11.0844 1468 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    17:12:11.0860 1468 ============================================================

    17:12:11.0860 1468 \Device\Harddisk0\DR0:

    17:12:11.0860 1468 MBR partitions:

    17:12:11.0860 1468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

    17:12:11.0860 1468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800

    17:12:11.0860 1468 \Device\Harddisk1\DR1:

    17:12:11.0860 1468 MBR partitions:

    17:12:11.0860 1468 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

    17:12:11.0860 1468 ============================================================

    17:12:11.0875 1468 C: <-> \Device\Harddisk0\DR0\Partition2

    17:12:11.0922 1468 E: <-> \Device\Harddisk1\DR1\Partition1

    17:12:11.0922 1468 ============================================================

    17:12:11.0922 1468 Initialize success

    17:12:11.0922 1468 ============================================================

    17:12:13.0997 8864 ============================================================

    17:12:13.0997 8864 Scan started

    17:12:13.0997 8864 Mode: Manual;

    17:12:13.0997 8864 ============================================================

    17:12:14.0543 8864 ================ Scan system memory ========================

    17:12:14.0543 8864 System memory - ok

    17:12:14.0543 8864 ================ Scan services =============================

    17:12:14.0621 8864 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

    17:12:14.0621 8864 !SASCORE - ok

    17:12:14.0730 8864 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

    17:12:14.0792 8864 1394ohci - ok

    17:12:14.0808 8864 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

    17:12:14.0824 8864 ACPI - ok

    17:12:14.0824 8864 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

    17:12:14.0855 8864 AcpiPmi - ok

    17:12:14.0964 8864 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    17:12:14.0964 8864 AdobeARMservice - ok

    17:12:15.0042 8864 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    17:12:15.0042 8864 AdobeFlashPlayerUpdateSvc - ok

    17:12:15.0058 8864 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

    17:12:15.0073 8864 adp94xx - ok

    17:12:15.0089 8864 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

    17:12:15.0104 8864 adpahci - ok

    17:12:15.0104 8864 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

    17:12:15.0120 8864 adpu320 - ok

    17:12:15.0136 8864 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

    17:12:15.0136 8864 AeLookupSvc - ok

    17:12:15.0151 8864 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

    17:12:15.0198 8864 AFD - ok

    17:12:15.0214 8864 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

    17:12:15.0214 8864 agp440 - ok

    17:12:15.0245 8864 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

    17:12:15.0245 8864 ALG - ok

    17:12:15.0260 8864 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

    17:12:15.0260 8864 aliide - ok

    17:12:15.0260 8864 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

    17:12:15.0260 8864 amdide - ok

    17:12:15.0276 8864 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

    17:12:15.0276 8864 AmdK8 - ok

    17:12:15.0276 8864 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

    17:12:15.0276 8864 AmdPPM - ok

    17:12:15.0276 8864 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

    17:12:15.0323 8864 amdsata - ok

    17:12:15.0323 8864 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

    17:12:15.0338 8864 amdsbs - ok

    17:12:15.0338 8864 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

    17:12:15.0338 8864 amdxata - ok

    17:12:15.0370 8864 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

    17:12:15.0401 8864 AppID - ok

    17:12:15.0416 8864 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

    17:12:15.0416 8864 AppIDSvc - ok

    17:12:15.0432 8864 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

    17:12:15.0432 8864 Appinfo - ok

    17:12:15.0479 8864 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    17:12:15.0479 8864 Apple Mobile Device - ok

    17:12:15.0494 8864 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

    17:12:15.0494 8864 arc - ok

    17:12:15.0494 8864 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

    17:12:15.0510 8864 arcsas - ok

    17:12:15.0635 8864 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    17:12:15.0635 8864 aspnet_state - ok

    17:12:15.0650 8864 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

    17:12:15.0666 8864 AsyncMac - ok

    17:12:15.0666 8864 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

    17:12:15.0682 8864 atapi - ok

    17:12:15.0760 8864 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys

    17:12:15.0838 8864 atikmdag - ok

    17:12:15.0869 8864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

    17:12:15.0900 8864 AudioEndpointBuilder - ok

    17:12:15.0916 8864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

    17:12:15.0916 8864 AudioSrv - ok

    17:12:15.0947 8864 [ BFD698CC6E1DE2E0D23155DECC513D2F ] avgtp C:\windows\system32\drivers\avgtpx64.sys

    17:12:15.0994 8864 avgtp - ok

    17:12:16.0025 8864 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

    17:12:16.0040 8864 AxInstSV - ok

    17:12:16.0072 8864 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

    17:12:16.0072 8864 b06bdrv - ok

    17:12:16.0087 8864 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

    17:12:16.0087 8864 b57nd60a - ok

    17:12:16.0103 8864 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

    17:12:16.0118 8864 BDESVC - ok

    17:12:16.0134 8864 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

    17:12:16.0150 8864 Beep - ok

    17:12:16.0181 8864 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

    17:12:16.0196 8864 BFE - ok

    17:12:16.0228 8864 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

    17:12:16.0228 8864 BITS - ok

    17:12:16.0243 8864 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

    17:12:16.0243 8864 blbdrive - ok

    17:12:16.0290 8864 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

    17:12:16.0306 8864 Bonjour Service - ok

    17:12:16.0306 8864 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

    17:12:16.0321 8864 bowser - ok

    17:12:16.0321 8864 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

    17:12:16.0321 8864 BrFiltLo - ok

    17:12:16.0337 8864 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

    17:12:16.0337 8864 BrFiltUp - ok

    17:12:16.0352 8864 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

    17:12:16.0384 8864 Browser - ok

    17:12:16.0415 8864 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

    17:12:16.0430 8864 Brserid - ok

    17:12:16.0430 8864 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

    17:12:16.0430 8864 BrSerWdm - ok

    17:12:16.0446 8864 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

    17:12:16.0446 8864 BrUsbMdm - ok

    17:12:16.0446 8864 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

    17:12:16.0446 8864 BrUsbSer - ok

    17:12:16.0446 8864 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

    17:12:16.0462 8864 BTHMODEM - ok

    17:12:16.0477 8864 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

    17:12:16.0493 8864 bthserv - ok

    17:12:16.0493 8864 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

    17:12:16.0508 8864 cdfs - ok

    17:12:16.0508 8864 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

    17:12:16.0540 8864 cdrom - ok

    17:12:16.0586 8864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

    17:12:16.0618 8864 CertPropSvc - ok

    17:12:16.0680 8864 [ A73276435F75025DA6E67B2470E1FE16 ] cfwids C:\windows\system32\drivers\cfwids.sys

    17:12:16.0742 8864 cfwids - ok

    17:12:16.0758 8864 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

    17:12:16.0758 8864 circlass - ok

    17:12:16.0789 8864 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

    17:12:16.0789 8864 CLFS - ok

    17:12:16.0836 8864 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    17:12:16.0852 8864 clr_optimization_v2.0.50727_32 - ok

    17:12:16.0867 8864 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    17:12:16.0867 8864 clr_optimization_v2.0.50727_64 - ok

    17:12:16.0914 8864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    17:12:16.0914 8864 clr_optimization_v4.0.30319_32 - ok

    17:12:16.0930 8864 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    17:12:16.0930 8864 clr_optimization_v4.0.30319_64 - ok

    17:12:16.0945 8864 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys

    17:12:16.0945 8864 CmBatt - ok

    17:12:16.0945 8864 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

    17:12:16.0945 8864 cmdide - ok

    17:12:16.0976 8864 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

    17:12:16.0976 8864 CNG - ok

    17:12:16.0992 8864 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

    17:12:16.0992 8864 Compbatt - ok

    17:12:17.0008 8864 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

    17:12:17.0039 8864 CompositeBus - ok

    17:12:17.0039 8864 COMSysApp - ok

    17:12:17.0086 8864 [ A0050420B91E097C178DFC3C0598F67B ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe

    17:12:17.0132 8864 cphs - ok

    17:12:17.0132 8864 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

    17:12:17.0148 8864 crcdisk - ok

    17:12:17.0179 8864 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

    17:12:17.0195 8864 CryptSvc - ok

    17:12:17.0226 8864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

    17:12:17.0242 8864 DcomLaunch - ok

    17:12:17.0273 8864 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

    17:12:17.0273 8864 defragsvc - ok

    17:12:17.0288 8864 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

    17:12:17.0288 8864 DfsC - ok

    17:12:17.0304 8864 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

    17:12:17.0335 8864 Dhcp - ok

    17:12:17.0382 8864 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

    17:12:17.0382 8864 discache - ok

    17:12:17.0398 8864 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

    17:12:17.0398 8864 Disk - ok

    17:12:17.0413 8864 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

    17:12:17.0460 8864 Dnscache - ok

    17:12:17.0476 8864 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

    17:12:17.0491 8864 dot3svc - ok

    17:12:17.0507 8864 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

    17:12:17.0507 8864 DPS - ok

    17:12:17.0538 8864 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

    17:12:17.0538 8864 drmkaud - ok

    17:12:17.0554 8864 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

    17:12:17.0600 8864 DXGKrnl - ok

    17:12:17.0616 8864 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

    17:12:17.0616 8864 EapHost - ok

    17:12:17.0678 8864 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

    17:12:17.0725 8864 ebdrv - ok

    17:12:17.0741 8864 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

    17:12:17.0772 8864 EFS - ok

    17:12:17.0819 8864 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

    17:12:17.0834 8864 ehRecvr - ok

    17:12:17.0850 8864 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

    17:12:17.0850 8864 ehSched - ok

    17:12:17.0866 8864 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

    17:12:17.0881 8864 elxstor - ok

    17:12:17.0897 8864 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

    17:12:17.0897 8864 ErrDev - ok

    17:12:17.0928 8864 esgiguard - ok

    17:12:17.0959 8864 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

    17:12:17.0959 8864 EventSystem - ok

    17:12:17.0975 8864 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

    17:12:17.0990 8864 exfat - ok

    17:12:18.0006 8864 [ 86A1CE37C4BE57FE1D064424C3715361 ] Fastboot C:\windows\system32\DRIVERS\Fastboot.sys

    17:12:18.0006 8864 Fastboot - ok

    17:12:18.0053 8864 [ D2AAD045C465FB33F791F89923CA22AF ] FastbootService C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe

    17:12:18.0053 8864 FastbootService - ok

    17:12:18.0068 8864 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

    17:12:18.0084 8864 fastfat - ok

    17:12:18.0115 8864 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

    17:12:18.0162 8864 Fax - ok

    17:12:18.0178 8864 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

    17:12:18.0178 8864 fdc - ok

    17:12:18.0193 8864 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

    17:12:18.0193 8864 fdPHost - ok

    17:12:18.0209 8864 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

    17:12:18.0209 8864 FDResPub - ok

    17:12:18.0240 8864 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

    17:12:18.0240 8864 FileInfo - ok

    17:12:18.0240 8864 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

    17:12:18.0240 8864 Filetrace - ok

    17:12:18.0271 8864 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

    17:12:18.0271 8864 flpydisk - ok

    17:12:18.0287 8864 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

    17:12:18.0287 8864 FltMgr - ok

    17:12:18.0318 8864 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

    17:12:18.0349 8864 FontCache - ok

    17:12:18.0380 8864 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    17:12:18.0427 8864 FontCache3.0.0.0 - ok

    17:12:18.0443 8864 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

    17:12:18.0443 8864 FsDepends - ok

    17:12:18.0458 8864 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

    17:12:18.0490 8864 Fs_Rec - ok

    17:12:18.0505 8864 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

    17:12:18.0505 8864 fvevol - ok

    17:12:18.0521 8864 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

    17:12:18.0521 8864 gagp30kx - ok

    17:12:18.0552 8864 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

    17:12:18.0614 8864 GEARAspiWDM - ok

    17:12:18.0630 8864 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

    17:12:18.0661 8864 gpsvc - ok

    17:12:18.0692 8864 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    17:12:18.0708 8864 gupdate - ok

    17:12:18.0708 8864 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    17:12:18.0708 8864 gupdatem - ok

    17:12:18.0739 8864 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    17:12:18.0739 8864 gusvc - ok

    17:12:18.0755 8864 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

    17:12:18.0755 8864 hcw85cir - ok

    17:12:18.0770 8864 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

    17:12:18.0817 8864 HdAudAddService - ok

    17:12:18.0833 8864 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

    17:12:18.0833 8864 HDAudBus - ok

    17:12:18.0833 8864 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

    17:12:18.0833 8864 HidBatt - ok

    17:12:18.0833 8864 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

    17:12:18.0848 8864 HidBth - ok

    17:12:18.0848 8864 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

    17:12:18.0864 8864 HidIr - ok

    17:12:18.0864 8864 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

    17:12:18.0864 8864 hidserv - ok

    17:12:18.0911 8864 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

    17:12:18.0958 8864 HidUsb - ok

    17:12:18.0989 8864 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys

    17:12:19.0036 8864 HipShieldK - ok

    17:12:19.0051 8864 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

    17:12:19.0067 8864 hkmsvc - ok

    17:12:19.0082 8864 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

    17:12:19.0114 8864 HomeGroupListener - ok

    17:12:19.0114 8864 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

    17:12:19.0145 8864 HomeGroupProvider - ok

    17:12:19.0145 8864 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

    17:12:19.0176 8864 HpSAMD - ok

    17:12:19.0223 8864 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

    17:12:19.0254 8864 HTTP - ok

    17:12:19.0254 8864 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

    17:12:19.0254 8864 hwpolicy - ok

    17:12:19.0270 8864 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

    17:12:19.0270 8864 i8042prt - ok

    17:12:19.0285 8864 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

    17:12:19.0301 8864 iaStor - ok

    17:12:19.0316 8864 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    17:12:19.0316 8864 IAStorDataMgrSvc - ok

    17:12:19.0332 8864 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

    17:12:19.0394 8864 iaStorV - ok

    17:12:19.0426 8864 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    17:12:19.0488 8864 idsvc - ok

    17:12:19.0691 8864 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

    17:12:19.0925 8864 igfx - ok

    17:12:19.0940 8864 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

    17:12:19.0940 8864 iirsp - ok

    17:12:19.0972 8864 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

    17:12:20.0003 8864 IKEEXT - ok

    17:12:20.0081 8864 [ 651972B4061F940DC154C6F7B948B76A ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

    17:12:20.0174 8864 IntcAzAudAddService - ok

    17:12:20.0206 8864 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

    17:12:20.0237 8864 IntcDAud - ok

    17:12:20.0284 8864 [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

    17:12:20.0284 8864 Intel(R) Capability Licensing Service Interface - ok

    17:12:20.0299 8864 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

    17:12:20.0299 8864 intelide - ok

    17:12:20.0330 8864 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

    17:12:20.0330 8864 intelppm - ok

    17:12:20.0362 8864 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

    17:12:20.0362 8864 IPBusEnum - ok

    17:12:20.0362 8864 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

    17:12:20.0424 8864 IpFilterDriver - ok

    17:12:20.0455 8864 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

    17:12:20.0518 8864 iphlpsvc - ok

    17:12:20.0533 8864 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

    17:12:20.0564 8864 IPMIDRV - ok

    17:12:20.0564 8864 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

    17:12:20.0564 8864 IPNAT - ok

    17:12:20.0627 8864 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

    17:12:20.0627 8864 iPod Service - ok

    17:12:20.0642 8864 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

    17:12:20.0658 8864 IRENUM - ok

    17:12:20.0674 8864 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

    17:12:20.0674 8864 isapnp - ok

    17:12:20.0689 8864 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

    17:12:20.0752 8864 iScsiPrt - ok

    17:12:20.0798 8864 [ 3628933AF5305EAB8173949BFF912F04 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

    17:12:20.0798 8864 jhi_service - ok

    17:12:20.0830 8864 [ 1DED0D0AA513E2A5862B20A520D3A1E1 ] JME Keyboard C:\Windows\jmesoft\Service.exe

    17:12:20.0876 8864 JME Keyboard - ok

    17:12:20.0908 8864 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

    17:12:20.0908 8864 kbdclass - ok

    17:12:20.0923 8864 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

    17:12:20.0954 8864 kbdhid - ok

    17:12:20.0970 8864 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

    17:12:20.0970 8864 KeyIso - ok

    17:12:20.0986 8864 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

    17:12:21.0001 8864 KSecDD - ok

    17:12:21.0001 8864 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

    17:12:21.0017 8864 KSecPkg - ok

    17:12:21.0017 8864 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

    17:12:21.0032 8864 ksthunk - ok

    17:12:21.0032 8864 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

    17:12:21.0048 8864 KtmRm - ok

    17:12:21.0079 8864 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

    17:12:21.0126 8864 LanmanServer - ok

    17:12:21.0157 8864 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

    17:12:21.0173 8864 LanmanWorkstation - ok

    17:12:21.0235 8864 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

    17:12:21.0298 8864 LBTServ - ok

    17:12:21.0313 8864 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys

    17:12:21.0344 8864 LHidFilt - ok

    17:12:21.0360 8864 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

    17:12:21.0360 8864 lltdio - ok

    17:12:21.0376 8864 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

    17:12:21.0391 8864 lltdsvc - ok

    17:12:21.0407 8864 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

    17:12:21.0407 8864 lmhosts - ok

    17:12:21.0422 8864 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys

    17:12:21.0454 8864 LMouFilt - ok

    17:12:21.0485 8864 [ BF22ACF4CF3734D61357E67F0521BC03 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    17:12:21.0485 8864 LMS - ok

    17:12:21.0500 8864 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

    17:12:21.0500 8864 LSI_FC - ok

    17:12:21.0516 8864 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

    17:12:21.0516 8864 LSI_SAS - ok

    17:12:21.0516 8864 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

    17:12:21.0516 8864 LSI_SAS2 - ok

    17:12:21.0532 8864 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

    17:12:21.0547 8864 LSI_SCSI - ok

    17:12:21.0547 8864 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

    17:12:21.0547 8864 luafv - ok

    17:12:21.0594 8864 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    17:12:21.0594 8864 McAfee SiteAdvisor Service - ok

    17:12:21.0625 8864 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe

    17:12:21.0641 8864 McComponentHostService - ok

    17:12:21.0656 8864 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    17:12:21.0656 8864 McMPFSvc - ok

    17:12:21.0688 8864 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

    17:12:21.0688 8864 mcmscsvc - ok

    17:12:21.0688 8864 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

    17:12:21.0703 8864 McNaiAnn - ok

    17:12:21.0719 8864 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

    17:12:21.0719 8864 McNASvc - ok

    17:12:21.0766 8864 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

    17:12:21.0781 8864 McODS - ok

    17:12:21.0781 8864 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

    17:12:21.0781 8864 McProxy - ok

    17:12:21.0828 8864 [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

    17:12:21.0828 8864 McShield - ok

    17:12:21.0859 8864 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

    17:12:21.0906 8864 Mcx2Svc - ok

    17:12:21.0922 8864 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

    17:12:21.0922 8864 megasas - ok

    17:12:21.0922 8864 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

    17:12:21.0937 8864 MegaSR - ok

    17:12:21.0953 8864 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

    17:12:21.0984 8864 MEIx64 - ok

    17:12:22.0000 8864 [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys

    17:12:22.0031 8864 mfeapfk - ok

    17:12:22.0046 8864 [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys

    17:12:22.0093 8864 mfeavfk - ok

    17:12:22.0093 8864 mfeavfk01 - ok

    17:12:22.0124 8864 [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    17:12:22.0124 8864 mfefire - ok

    17:12:22.0140 8864 [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek C:\windows\system32\drivers\mfefirek.sys

    17:12:22.0187 8864 mfefirek - ok

    17:12:22.0202 8864 [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk C:\windows\system32\drivers\mfehidk.sys

    17:12:22.0218 8864 mfehidk - ok

    17:12:22.0234 8864 [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet C:\windows\system32\drivers\mferkdet.sys

    17:12:22.0265 8864 mferkdet - ok

    17:12:22.0280 8864 [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp C:\windows\system32\mfevtps.exe

    17:12:22.0280 8864 mfevtp - ok

    17:12:22.0296 8864 [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys

    17:12:22.0296 8864 mfewfpk - ok

    17:12:22.0327 8864 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

    17:12:22.0327 8864 MMCSS - ok

    17:12:22.0343 8864 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

    17:12:22.0343 8864 Modem - ok

    17:12:22.0358 8864 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

    17:12:22.0358 8864 monitor - ok

    17:12:22.0374 8864 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

    17:12:22.0374 8864 mouclass - ok

    17:12:22.0390 8864 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

    17:12:22.0405 8864 mouhid - ok

    17:12:22.0405 8864 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

    17:12:22.0405 8864 mountmgr - ok

    17:12:22.0421 8864 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

    17:12:22.0468 8864 mpio - ok

    17:12:22.0468 8864 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

    17:12:22.0483 8864 mpsdrv - ok

    17:12:22.0499 8864 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

    17:12:22.0499 8864 MpsSvc - ok

    17:12:22.0514 8864 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

    17:12:22.0546 8864 MRxDAV - ok

    17:12:22.0561 8864 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

    17:12:22.0561 8864 mrxsmb - ok

    17:12:22.0577 8864 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

    17:12:22.0577 8864 mrxsmb10 - ok

    17:12:22.0592 8864 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

    17:12:22.0592 8864 mrxsmb20 - ok

    17:12:22.0592 8864 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

    17:12:22.0592 8864 msahci - ok

    17:12:22.0608 8864 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

    17:12:22.0655 8864 msdsm - ok

    17:12:22.0655 8864 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

    17:12:22.0670 8864 MSDTC - ok

    17:12:22.0702 8864 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

    17:12:22.0702 8864 Msfs - ok

    17:12:22.0717 8864 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

    17:12:22.0733 8864 mshidkmdf - ok

    17:12:22.0733 8864 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

    17:12:22.0733 8864 msisadrv - ok

    17:12:22.0764 8864 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

    17:12:22.0764 8864 MSiSCSI - ok

    17:12:22.0764 8864 msiserver - ok

    17:12:22.0780 8864 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

    17:12:22.0780 8864 MSKSSRV - ok

    17:12:22.0780 8864 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

    17:12:22.0780 8864 MSPCLOCK - ok

    17:12:22.0780 8864 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

    17:12:22.0795 8864 MSPQM - ok

    17:12:22.0811 8864 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

    17:12:22.0811 8864 MsRPC - ok

    17:12:22.0826 8864 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

    17:12:22.0826 8864 mssmbios - ok

    17:12:22.0842 8864 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

    17:12:22.0858 8864 MSTEE - ok

    17:12:22.0858 8864 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

    17:12:22.0858 8864 MTConfig - ok

    17:12:22.0889 8864 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

    17:12:22.0889 8864 Mup - ok

    17:12:22.0904 8864 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

    17:12:22.0904 8864 napagent - ok

    17:12:22.0936 8864 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

    17:12:22.0951 8864 NativeWifiP - ok

    17:12:22.0982 8864 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

    17:12:22.0998 8864 NDIS - ok

    17:12:23.0014 8864 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

    17:12:23.0014 8864 NdisCap - ok

    17:12:23.0045 8864 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

    17:12:23.0045 8864 NdisTapi - ok

    17:12:23.0060 8864 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

    17:12:23.0107 8864 Ndisuio - ok

    17:12:23.0123 8864 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

    17:12:23.0154 8864 NdisWan - ok

    17:12:23.0170 8864 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

    17:12:23.0201 8864 NDProxy - ok

    17:12:23.0201 8864 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

    17:12:23.0201 8864 NetBIOS - ok

    17:12:23.0216 8864 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

    17:12:23.0248 8864 NetBT - ok

    17:12:23.0248 8864 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

    17:12:23.0248 8864 Netlogon - ok

    17:12:23.0263 8864 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

    17:12:23.0263 8864 Netman - ok

    17:12:23.0310 8864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    17:12:23.0310 8864 NetMsmqActivator - ok

    17:12:23.0326 8864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    17:12:23.0326 8864 NetPipeActivator - ok

    17:12:23.0357 8864 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

    17:12:23.0372 8864 netprofm - ok

    17:12:23.0372 8864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    17:12:23.0372 8864 NetTcpActivator - ok

    17:12:23.0372 8864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    17:12:23.0372 8864 NetTcpPortSharing - ok

    17:12:23.0388 8864 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

    17:12:23.0388 8864 nfrd960 - ok

    17:12:23.0435 8864 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

    17:12:23.0435 8864 NlaSvc - ok

    17:12:23.0450 8864 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

    17:12:23.0450 8864 Npfs - ok

    17:12:23.0466 8864 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

    17:12:23.0466 8864 nsi - ok

    17:12:23.0482 8864 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

    17:12:23.0482 8864 nsiproxy - ok

    17:12:23.0544 8864 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

    17:12:23.0575 8864 Ntfs - ok

    17:12:23.0591 8864 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

    17:12:23.0591 8864 Null - ok

    17:12:23.0606 8864 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

    17:12:23.0638 8864 nvraid - ok

    17:12:23.0638 8864 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

    17:12:23.0669 8864 nvstor - ok

    17:12:23.0684 8864 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

    17:12:23.0684 8864 nv_agp - ok

    17:12:23.0684 8864 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

    17:12:23.0684 8864 ohci1394 - ok

    17:12:23.0747 8864 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    17:12:23.0747 8864 ose - ok

    17:12:23.0872 8864 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    17:12:23.0965 8864 osppsvc - ok

    17:12:23.0981 8864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

    17:12:23.0981 8864 p2pimsvc - ok

    17:12:23.0996 8864 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

    17:12:23.0996 8864 p2psvc - ok

    17:12:23.0996 8864 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

    17:12:24.0012 8864 Parport - ok

    17:12:24.0028 8864 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

    17:12:24.0028 8864 partmgr - ok

    17:12:24.0074 8864 [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe

    17:12:24.0152 8864 Partner Service - ok

    17:12:24.0168 8864 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

    17:12:24.0168 8864 PcaSvc - ok

    17:12:24.0184 8864 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

    17:12:24.0184 8864 pci - ok

    17:12:24.0184 8864 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

    17:12:24.0184 8864 pciide - ok

    17:12:24.0199 8864 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

    17:12:24.0215 8864 pcmcia - ok

    17:12:24.0215 8864 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

    17:12:24.0215 8864 pcw - ok

    17:12:24.0262 8864 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

    17:12:24.0262 8864 PEAUTH - ok

    17:12:24.0324 8864 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

    17:12:24.0324 8864 PerfHost - ok

    17:12:24.0355 8864 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

    17:12:24.0418 8864 pla - ok

    17:12:24.0433 8864 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

    17:12:24.0464 8864 PlugPlay - ok

    17:12:24.0464 8864 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

    17:12:24.0480 8864 PNRPAutoReg - ok

    17:12:24.0480 8864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

    17:12:24.0480 8864 PNRPsvc - ok

    17:12:24.0511 8864 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

    17:12:24.0542 8864 PolicyAgent - ok

    17:12:24.0558 8864 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

    17:12:24.0558 8864 Power - ok

    17:12:24.0589 8864 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

    17:12:24.0589 8864 PptpMiniport - ok

    17:12:24.0605 8864 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

    17:12:24.0605 8864 Processor - ok

    17:12:24.0620 8864 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

    17:12:24.0652 8864 ProfSvc - ok

    17:12:24.0652 8864 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

    17:12:24.0652 8864 ProtectedStorage - ok

    17:12:24.0667 8864 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

    17:12:24.0698 8864 Psched - ok

    17:12:24.0730 8864 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

    17:12:24.0761 8864 ql2300 - ok

    17:12:24.0776 8864 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

    17:12:24.0776 8864 ql40xx - ok

    17:12:24.0792 8864 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

    17:12:24.0792 8864 QWAVE - ok

    17:12:24.0808 8864 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

    17:12:24.0808 8864 QWAVEdrv - ok

    17:12:24.0808 8864 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

    17:12:24.0823 8864 RasAcd - ok

    17:12:24.0839 8864 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

    17:12:24.0839 8864 RasAgileVpn - ok

    17:12:24.0854 8864 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

    17:12:24.0854 8864 RasAuto - ok

    17:12:24.0870 8864 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

    17:12:24.0901 8864 Rasl2tp - ok

    17:12:24.0917 8864 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

    17:12:24.0948 8864 RasMan - ok

    17:12:24.0979 8864 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

    17:12:24.0979 8864 RasPppoe - ok

    17:12:24.0979 8864 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

    17:12:24.0979 8864 RasSstp - ok

    17:12:24.0995 8864 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

    17:12:24.0995 8864 rdbss - ok

    17:12:25.0010 8864 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

    17:12:25.0010 8864 rdpbus - ok

    17:12:25.0026 8864 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

    17:12:25.0026 8864 RDPCDD - ok

    17:12:25.0057 8864 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

    17:12:25.0057 8864 RDPENCDD - ok

    17:12:25.0073 8864 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

    17:12:25.0073 8864 RDPREFMP - ok

    17:12:25.0104 8864 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

    17:12:25.0151 8864 RDPWD - ok

    17:12:25.0166 8864 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

    17:12:25.0166 8864 rdyboost - ok

    17:12:25.0182 8864 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

    17:12:25.0182 8864 RemoteAccess - ok

    17:12:25.0198 8864 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

    17:12:25.0198 8864 RemoteRegistry - ok

    17:12:25.0229 8864 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

    17:12:25.0229 8864 RpcEptMapper - ok

    17:12:25.0244 8864 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

    17:12:25.0244 8864 RpcLocator - ok

    17:12:25.0260 8864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

    17:12:25.0260 8864 RpcSs - ok

    17:12:25.0276 8864 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

    17:12:25.0291 8864 rspndr - ok

    17:12:25.0307 8864 [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

    17:12:25.0307 8864 RSUSBSTOR - ok

    17:12:25.0322 8864 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

    17:12:25.0369 8864 RTL8167 - ok

    17:12:25.0385 8864 [ 5AD2F62A8AC45F40E02992F8793A5A23 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys

    17:12:25.0385 8864 RTL8192Ce - ok

    17:12:25.0400 8864 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

    17:12:25.0400 8864 SamSs - ok

    17:12:25.0432 8864 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

    17:12:25.0432 8864 SASDIFSV - ok

    17:12:25.0447 8864 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

    17:12:25.0447 8864 SASKUTIL - ok

    17:12:25.0447 8864 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

    17:12:25.0494 8864 sbp2port - ok

    17:12:25.0510 8864 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

    17:12:25.0510 8864 SCardSvr - ok

    17:12:25.0525 8864 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

    17:12:25.0556 8864 scfilter - ok

    17:12:25.0572 8864 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

    17:12:25.0619 8864 Schedule - ok

    17:12:25.0650 8864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

    17:12:25.0650 8864 SCPolicySvc - ok

    17:12:25.0650 8864 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

    17:12:25.0681 8864 SDRSVC - ok

    17:12:25.0697 8864 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

    17:12:25.0697 8864 secdrv - ok

    17:12:25.0697 8864 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

    17:12:25.0728 8864 seclogon - ok

    17:12:25.0728 8864 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

    17:12:25.0728 8864 SENS - ok

    17:12:25.0744 8864 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

    17:12:25.0744 8864 SensrSvc - ok

    17:12:25.0759 8864 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys

    17:12:25.0759 8864 Serenum - ok

    17:12:25.0775 8864 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys

    17:12:25.0790 8864 Serial - ok

    17:12:25.0806 8864 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

    17:12:25.0806 8864 sermouse - ok

    17:12:25.0822 8864 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

    17:12:25.0853 8864 SessionEnv - ok

    17:12:25.0853 8864 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

    17:12:25.0853 8864 sffdisk - ok

    17:12:25.0868 8864 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

    17:12:25.0868 8864 sffp_mmc - ok

    17:12:25.0868 8864 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

    17:12:25.0900 8864 sffp_sd - ok

    17:12:25.0900 8864 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

    17:12:25.0900 8864 sfloppy - ok

    17:12:25.0931 8864 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

    17:12:25.0946 8864 SharedAccess - ok

    17:12:25.0962 8864 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

    17:12:25.0978 8864 ShellHWDetection - ok

    17:12:25.0993 8864 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

    17:12:25.0993 8864 SiSRaid2 - ok

    17:12:26.0009 8864 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

    17:12:26.0009 8864 SiSRaid4 - ok

    17:12:26.0024 8864 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

    17:12:26.0040 8864 Smb - ok

    17:12:26.0040 8864 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

    17:12:26.0056 8864 SNMPTRAP - ok

    17:12:26.0056 8864 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

    17:12:26.0056 8864 spldr - ok

    17:12:26.0087 8864 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

    17:12:26.0118 8864 Spooler - ok

    17:12:26.0180 8864 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

    17:12:26.0243 8864 sppsvc - ok

    17:12:26.0243 8864 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

    17:12:26.0258 8864 sppuinotify - ok

    17:12:26.0290 8864 SpyHunter 4 Service - ok

    17:12:26.0305 8864 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

    17:12:26.0305 8864 srv - ok

    17:12:26.0336 8864 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

    17:12:26.0336 8864 srv2 - ok

    17:12:26.0352 8864 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

    17:12:26.0352 8864 srvnet - ok

    17:12:26.0368 8864 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

    17:12:26.0368 8864 SSDPSRV - ok

    17:12:26.0383 8864 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

    17:12:26.0383 8864 SstpSvc - ok

    17:12:26.0399 8864 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

    17:12:26.0399 8864 stexstor - ok

    17:12:26.0430 8864 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys

    17:12:26.0446 8864 StillCam - ok

    17:12:26.0461 8864 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

    17:12:26.0508 8864 stisvc - ok

    17:12:26.0524 8864 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

    17:12:26.0524 8864 swenum - ok

    17:12:26.0539 8864 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

    17:12:26.0539 8864 swprv - ok

    17:12:26.0570 8864 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

    17:12:26.0602 8864 SysMain - ok

    17:12:26.0617 8864 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

    17:12:26.0648 8864 TabletInputService - ok

    17:12:26.0664 8864 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

    17:12:26.0680 8864 TapiSrv - ok

    17:12:26.0695 8864 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

    17:12:26.0695 8864 TBS - ok

    17:12:26.0758 8864 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys

    17:12:26.0789 8864 Tcpip - ok

    17:12:26.0836 8864 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

    17:12:26.0851 8864 TCPIP6 - ok

    17:12:26.0882 8864 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

    17:12:26.0914 8864 tcpipreg - ok

    17:12:26.0945 8864 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

    17:12:26.0945 8864 TDPIPE - ok

    17:12:26.0960 8864 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

    17:12:26.0992 8864 TDTCP - ok

    17:12:27.0007 8864 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

    17:12:27.0038 8864 tdx - ok

    17:12:27.0054 8864 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

    17:12:27.0070 8864 TermDD - ok

    17:12:27.0101 8864 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

    17:12:27.0116 8864 TermService - ok

    17:12:27.0132 8864 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

    17:12:27.0132 8864 Themes - ok

    17:12:27.0148 8864 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

    17:12:27.0148 8864 THREADORDER - ok

    17:12:27.0148 8864 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

    17:12:27.0163 8864 TrkWks - ok

    17:12:27.0194 8864 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

    17:12:27.0194 8864 TrustedInstaller - ok

    17:12:27.0210 8864 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

    17:12:27.0241 8864 tssecsrv - ok

    17:12:27.0257 8864 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

    17:12:27.0288 8864 TsUsbFlt - ok

    17:12:27.0304 8864 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

    17:12:27.0335 8864 TsUsbGD - ok

    17:12:27.0350 8864 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

    17:12:27.0382 8864 tunnel - ok

    17:12:27.0382 8864 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

    17:12:27.0397 8864 uagp35 - ok

    17:12:27.0413 8864 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

    17:12:27.0444 8864 udfs - ok

    17:12:27.0460 8864 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

    17:12:27.0475 8864 UI0Detect - ok

    17:12:27.0475 8864 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

    17:12:27.0491 8864 uliagpkx - ok

    17:12:27.0506 8864 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

    17:12:27.0538 8864 umbus - ok

    17:12:27.0553 8864 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys

    17:12:27.0553 8864 UmPass - ok

    17:12:27.0600 8864 [ B097EBA0E3FEB020BB65FE43AF5ECCFF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    17:12:27.0600 8864 UNS - ok

    17:12:27.0616 8864 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

    17:12:27.0631 8864 upnphost - ok

    17:12:27.0662 8864 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

    17:12:27.0662 8864 USBAAPL64 - ok

    17:12:27.0662 8864 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

    17:12:27.0709 8864 usbccgp - ok

    17:12:27.0709 8864 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

    17:12:27.0709 8864 usbcir - ok

    17:12:27.0725 8864 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys

    17:12:27.0725 8864 usbehci - ok

    17:12:27.0725 8864 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

    17:12:27.0740 8864 usbhub - ok

    17:12:27.0740 8864 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

    17:12:27.0772 8864 usbohci - ok

    17:12:27.0787 8864 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys

    17:12:27.0787 8864 usbprint - ok

    17:12:27.0803 8864 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

    17:12:27.0834 8864 USBSTOR - ok

    17:12:27.0850 8864 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

    17:12:27.0881 8864 usbuhci - ok

    17:12:27.0896 8864 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

    17:12:27.0896 8864 UxSms - ok

    17:12:27.0896 8864 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

    17:12:27.0896 8864 VaultSvc - ok

    17:12:27.0912 8864 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

    17:12:27.0912 8864 vdrvroot - ok

    17:12:27.0928 8864 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

    17:12:27.0959 8864 vds - ok

    17:12:27.0974 8864 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

    17:12:27.0974 8864 vga - ok

    17:12:27.0990 8864 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

    17:12:28.0006 8864 VgaSave - ok

    17:12:28.0021 8864 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

    17:12:28.0052 8864 vhdmp - ok

    17:12:28.0068 8864 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

    17:12:28.0068 8864 viaide - ok

    17:12:28.0084 8864 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

    17:12:28.0084 8864 volmgr - ok

    17:12:28.0099 8864 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

    17:12:28.0099 8864 volmgrx - ok

    17:12:28.0115 8864 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

    17:12:28.0115 8864 volsnap - ok

    17:12:28.0130 8864 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

    17:12:28.0130 8864 vsmraid - ok

    17:12:28.0162 8864 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

    17:12:28.0177 8864 VSS - ok

    17:12:28.0208 8864 [ 7DB85B78309C05C9F06F469ED976DC9E ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

    17:12:28.0255 8864 vToolbarUpdater13.2.0 - ok

    17:12:28.0255 8864 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

    17:12:28.0255 8864 vwifibus - ok

    17:12:28.0271 8864 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

    17:12:28.0271 8864 vwififlt - ok

    17:12:28.0286 8864 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

    17:12:28.0302 8864 vwifimp - ok

    17:12:28.0318 8864 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

    17:12:28.0333 8864 W32Time - ok

    17:12:28.0333 8864 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

    17:12:28.0333 8864 WacomPen - ok

    17:12:28.0349 8864 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

    17:12:28.0380 8864 WANARP - ok

    17:12:28.0380 8864 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

    17:12:28.0396 8864 Wanarpv6 - ok

    17:12:28.0442 8864 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

    17:12:28.0489 8864 WatAdminSvc - ok

    17:12:28.0520 8864 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

    17:12:28.0567 8864 wbengine - ok

    17:12:28.0583 8864 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

    17:12:28.0598 8864 WbioSrvc - ok

    17:12:28.0614 8864 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

    17:12:28.0645 8864 wcncsvc - ok

    17:12:28.0645 8864 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

    17:12:28.0661 8864 WcsPlugInService - ok

    17:12:28.0661 8864 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

    17:12:28.0661 8864 Wd - ok

    17:12:28.0692 8864 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

    17:12:28.0692 8864 Wdf01000 - ok

    17:12:28.0708 8864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

    17:12:28.0708 8864 WdiServiceHost - ok

    17:12:28.0723 8864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

    17:12:28.0723 8864 WdiSystemHost - ok

    17:12:28.0723 8864 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

    17:12:28.0754 8864 WebClient - ok

    17:12:28.0770 8864 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

    17:12:28.0770 8864 Wecsvc - ok

    17:12:28.0786 8864 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

    17:12:28.0786 8864 wercplsupport - ok

    17:12:28.0801 8864 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

    17:12:28.0801 8864 WerSvc - ok

    17:12:28.0817 8864 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

    17:12:28.0817 8864 WfpLwf - ok

    17:12:28.0832 8864 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

    17:12:28.0832 8864 WIMMount - ok

    17:12:28.0848 8864 WinDefend - ok

    17:12:28.0848 8864 WinHttpAutoProxySvc - ok

    17:12:28.0895 8864 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

    17:12:28.0895 8864 Winmgmt - ok

    17:12:28.0957 8864 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

    17:12:29.0020 8864 WinRM - ok

    17:12:29.0066 8864 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

    17:12:29.0066 8864 WinUsb - ok

    17:12:29.0098 8864 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

    17:12:29.0098 8864 Wlansvc - ok

    17:12:29.0129 8864 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

    17:12:29.0160 8864 wlcrasvc - ok

    17:12:29.0254 8864 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    17:12:29.0316 8864 wlidsvc - ok

    17:12:29.0316 8864 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

    17:12:29.0332 8864 WmiAcpi - ok

    17:12:29.0347 8864 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

    17:12:29.0347 8864 wmiApSrv - ok

    17:12:29.0363 8864 WMPNetworkSvc - ok

    17:12:29.0410 8864 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe

    17:12:29.0425 8864 WMZuneComm - ok

    17:12:29.0441 8864 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

    17:12:29.0441 8864 WPCSvc - ok

    17:12:29.0456 8864 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

    17:12:29.0488 8864 WPDBusEnum - ok

    17:12:29.0503 8864 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

    17:12:29.0503 8864 ws2ifsl - ok

    17:12:29.0503 8864 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

    17:12:29.0503 8864 wscsvc - ok

    17:12:29.0534 8864 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys

    17:12:29.0534 8864 WSDPrintDevice - ok

    17:12:29.0534 8864 WSearch - ok

    17:12:29.0566 8864 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys

    17:12:29.0597 8864 wsvd - ok

    17:12:29.0644 8864 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

    17:12:29.0659 8864 wuauserv - ok

    17:12:29.0690 8864 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

    17:12:29.0722 8864 WudfPf - ok

    17:12:29.0737 8864 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

    17:12:29.0737 8864 WUDFRd - ok

    17:12:29.0753 8864 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

    17:12:29.0768 8864 wudfsvc - ok

    17:12:29.0784 8864 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

    17:12:29.0800 8864 WwanSvc - ok

    17:12:29.0815 8864 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys

    17:12:29.0831 8864 yukonw7 - ok

    17:12:30.0002 8864 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe

    17:12:30.0096 8864 ZuneNetworkSvc - ok

    17:12:30.0127 8864 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe

    17:12:30.0127 8864 ZuneWlanCfgSvc - ok

    17:12:30.0143 8864 ================ Scan global ===============================

    17:12:30.0158 8864 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

    17:12:30.0205 8864 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll

    17:12:30.0252 8864 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll

    17:12:30.0268 8864 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

    17:12:30.0299 8864 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

    17:12:30.0299 8864 [Global] - ok

    17:12:30.0299 8864 ================ Scan MBR ==================================

    17:12:30.0314 8864 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

    17:12:30.0392 8864 \Device\Harddisk0\DR0 - ok

    17:12:30.0392 8864 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

    17:12:30.0408 8864 \Device\Harddisk1\DR1 - ok

    17:12:30.0408 8864 ================ Scan VBR ==================================

    17:12:30.0408 8864 [ 5B2263CBC98B0006D6CF74157199B6B2 ] \Device\Harddisk0\DR0\Partition1

    17:12:30.0408 8864 \Device\Harddisk0\DR0\Partition1 - ok

    17:12:30.0424 8864 [ ABD7A33ACA26E15E9191937F2A09B287 ] \Device\Harddisk0\DR0\Partition2

    17:12:30.0424 8864 \Device\Harddisk0\DR0\Partition2 - ok

    17:12:30.0424 8864 [ 8A8D6E594892EEA5F4063898A30C4BED ] \Device\Harddisk1\DR1\Partition1

    17:12:30.0424 8864 \Device\Harddisk1\DR1\Partition1 - ok

    17:12:30.0424 8864 ============================================================

    17:12:30.0424 8864 Scan finished

    17:12:30.0424 8864 ============================================================

    17:12:30.0439 3224 Detected object count: 0

    17:12:30.0439 3224 Actual detected object count: 0
     
  6. katsim57

    katsim57 Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    159
    **I removed the Anti-Malware program through the Control Panel - Add/Remove Programs.
     
  7. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi there. Sorry for the delay.

    • Close every Program so you are displayed with the Desktop
    • Right click in an empty area in your Desktop and choose New Text Document
    • Open the Text Documents and paste the following:
      Code:
      @echo off
      sc config start= auto
      sc start winmgmt
      del %0
      Click File Save As in the file name call it start.bat and save it in your Desktop.
    • Run the file by double clicking it on your desktop and after you have run it, delete the file.
    Next

    Download ComboFix from this location:

    Link 1



    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

    *Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
     
  8. katsim57

    katsim57 Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    159
    ComboFix 13-01-27.03 - kat 01/27/2013 14:12:12.1.4 - x64
    Running from: c:\users\kat\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\kat\AppData\Roaming\cipher3.dll
    c:\users\kat\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-27 to 2013-01-27 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-27 19:16 . 2013-01-27 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-23 02:39 . 2013-01-23 02:39 -------- d-----w- c:\programdata\Ask
    2013-01-23 02:14 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-23 01:31 . 2013-01-23 01:31 -------- d-----w- c:\program files (x86)\PC Tools
    2013-01-23 01:28 . 2013-01-23 02:43 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2013-01-23 01:28 . 2012-11-01 20:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2013-01-23 01:27 . 2013-01-23 02:42 -------- d-----w- c:\programdata\PC Tools
    2013-01-23 01:27 . 2013-01-23 01:27 -------- d-----w- c:\users\kat\AppData\Roaming\TestApp
    2013-01-15 02:12 . 2013-01-15 02:12 -------- d-----w- c:\users\kat\AppData\Roaming\CANON INC
    2013-01-15 00:54 . 2013-01-15 00:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-01-15 00:53 . 2013-01-15 00:53 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-01-15 00:53 . 2013-01-15 00:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-01-15 00:53 . 2013-01-15 00:53 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-01-09 11:01 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-02 23:43 . 2013-01-02 23:43 -------- d-----w- c:\users\kat\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-02 23:43 . 2013-01-02 23:43 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-01-02 23:43 . 2013-01-02 23:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-01-02 20:34 . 2013-01-02 20:34 -------- d-----w- c:\users\kat\AppData\Roaming\Malwarebytes
    2013-01-02 20:34 . 2013-01-02 20:34 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-02 20:29 . 2013-01-02 20:29 -------- d-----w- c:\users\kat\AppData\Local\AVG Secure Search
    2013-01-02 20:29 . 2013-01-02 20:29 -------- d-----w- c:\programdata\AVG Secure Search
    2013-01-02 20:29 . 2013-01-02 20:29 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-01-02 20:29 . 2013-01-02 20:29 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2013-01-02 20:29 . 2013-01-03 21:34 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2013-01-02 20:29 . 2013-01-06 21:14 -------- d-----w- c:\users\kat\AppData\Roaming\Nico Mak Computing
    2013-01-02 20:29 . 2012-02-08 15:29 18760 ----a-w- c:\windows\system32\roboot64.exe
    2013-01-02 20:03 . 2013-01-02 20:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-01-02 20:03 . 2013-01-06 03:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2013-01-02 20:03 . 2013-01-02 20:03 -------- d-----w- c:\users\kat\AppData\Local\Programs
    2013-01-02 19:39 . 2013-01-02 19:39 -------- d-----w- c:\program files\Enigma Software Group
    2013-01-02 19:39 . 2013-01-02 20:24 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2013-01-02 19:38 . 2013-01-02 19:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-12-28 23:52 . 2012-12-28 23:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-28 23:36 . 2012-12-28 23:57 -------- d-----w- c:\users\kat\AppData\Roaming\redsn0w
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-10 08:03 . 2012-09-11 00:49 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-08 19:16 . 2012-10-11 16:33 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-08 19:16 . 2012-10-11 16:33 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-26 14:55 . 2012-12-17 05:00 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-12-26 14:52 . 2011-03-13 18:20 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-12-26 14:52 . 2012-04-25 00:04 182312 ----a-w- c:\windows\system32\mfevtps.exe
    2012-12-26 14:51 . 2012-12-17 05:00 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-12-26 14:51 . 2012-12-17 05:00 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-12-26 14:50 . 2011-03-13 18:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-12-26 14:49 . 2012-12-17 05:00 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-12-26 14:49 . 2012-12-17 05:00 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-12-26 14:48 . 2012-07-17 19:48 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-12-16 17:11 . 2012-12-21 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-11-30 04:45 . 2013-01-09 11:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-14 07:06 . 2012-12-13 08:00 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-13 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-13 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-13 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-13 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-13 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-13 08:00 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-13 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-13 08:00 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-13 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-13 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-13 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-13 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-13 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-13 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-13 08:00 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-13 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-13 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-13 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-13 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-13 08:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-13 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-12 21:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 21:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-02 05:59 . 2012-12-12 21:02 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 21:02 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
     
  9. katsim57

    katsim57 Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    159
    Should I turn my virus protection back on now?

    Thanks for all the hard work!
     
  10. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Yes you can turn it on.
     
  11. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi

    Sorry for the delay.

    Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.
     
  12. katsim57

    katsim57 Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    159
    My computer won't let me save it to the flash. Is it because my virus protection is on? Should I turn it off?
     
  13. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    You could try that and see if that will allow you to do it or perhaps save it in my documents and then copy it over.
     
  14. jimbo100

    jimbo100 Malware Trainee

    Joined:
    Jul 1, 2011
    Messages:
    185
    Hi. Sorry for the delay.
    • Please download Farbar Service Scanner and save it to your desktop.
    • Make sure only the following option is checked:
      Internet Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
    In your next reply, please post the log.
     
  15. katsim57

    katsim57 Thread Starter

    Joined:
    Apr 21, 2010
    Messages:
    159
    Farbar Service Scanner Version: 30-01-2013
    Ran by kat (administrator) on 03-02-2013 at 18:34:55
    Running from "C:\Users\kat\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086472

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice