1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System 32 Services.exe problems

Discussion in 'Virus & Other Malware Removal' started by colorsflashn, Jan 31, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    Hi Folks,

    My husbands computer has been acting up while searching the web in RockMelt browser. We have seen several threads with very similar issues as he is having. Followed the actions the best we could thus far, however, we noted the fixes there were for that particular user so...

    After Malwarebytes identified some threats he ran AdwCleaner. I believe it updated when he ran it and he said due to the update it fixed/deleted some items. A log is attached.

    While downloading HiJackThis he encountered a message that it may not have run correctly due to something about the System denied Host.file. A log file was created and attached.

    He followed the link to DDS @ BleepingComputer. However, he said the logs never appeared on the desktop. He tried 4 times. It never created the dds.txt or attach.txt files.

    Also attached is the TDSSKiller log. As well as the MALPC log file of system specs if needed.

    Thanks very much for any assistance.

    PS Any advise on getting DDS to run and create the logs needed? Maybe the Norton blocking?
     
  2. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    Sorry for not sharing the logs correctly earlier. A long day at work as it is end of month...:)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:13:01 PM, on 1/31/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files (x86)\ASUS\EPU\EPU.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Users\S&M Productions\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.1.22\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.1.22\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.1.22\coIEPlg.dll
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
    O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
    O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\S&M Productions\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: Amazon Unbox.lnk = ?
    O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
    O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SetupARService - Realtek Semiconductor. - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10424 bytes

    ark.txt file:


    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-31 14:26:35
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX4 rev.1.5 119.24GB
    Running: b2192o5s.exe; Driver: C:\Users\S&MPRO~1\AppData\Local\Temp\uwdoypow.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 00000001000a091c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 00000001000a0048
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001000a02ee
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001000a04b2
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001000a09fe
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 00000001000a0ae0
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 00000001000a012a
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 00000001000a0758
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 00000001000a0676
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001000a03d0
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 00000001000a0594
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 00000001000a083a
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 00000001000a020c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 00000001000b059e
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 00000001000a0f52
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 00000001000b0210
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 00000001000b0048
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a47a9d1}
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 00000001000a0ca6
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001000b03d8
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 00000001000b012c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001000b02f4
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1820] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 00000001000a0e6e
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010024091c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100240048
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002402ee
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002404b2
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002409fe
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100240ae0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010024012a
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100240758
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100240676
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002403d0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100240594
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010024083a
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010024020c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100240f52
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100250210
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100250048
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a61a9d1}
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100240ca6
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001002503d8
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010025012c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001002502f4
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100240e6e
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[1864] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010025059e
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 3 bytes JMP 000000010018091c
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007717fc94 1 byte [89]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 3 bytes JMP 0000000100180048
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 4 000000007717fdf8 1 byte [89]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 3 bytes JMP 00000001001802ee
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent + 4 000000007717fe8c 1 byte [89]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 3 bytes JMP 00000001001804b2
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007717ffe8 1 byte [89]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 3 bytes JMP 00000001001809fe
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 4 000000007718001c 1 byte [89]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 3 bytes JMP 0000000100180ae0
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 4 000000007718004c 1 byte [89]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010018012a
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100180758
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100180676
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001001803d0
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100180594
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010018083a
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010018020c
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100180f52
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100190210
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100190048
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a55a9d1}
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100180ca6
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001001903d8
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010019012c
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001001902f4
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100180e6e
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1956] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010019059e
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010024091c
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100240048
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002402ee
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002404b2
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002409fe
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100240ae0
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010024012a
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100240758
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100240676
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002403d0
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100240594
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010024083a
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010024020c
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 00000001002504bc
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100240f52
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100250210
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100250048
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a61a9d1}
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100240ca6
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001002503d8
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010025012c
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001002502f4
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe[1872] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100240e6e
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010029091c
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100290048
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002902ee
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002904b2
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002909fe
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100290ae0
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010029012a
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100290758
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100290676
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002903d0
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100290594
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010029083a
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010029020c
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 00000001002a04bc
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100290f52
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 00000001002a0210
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 00000001002a0048
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a66a9d1}
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100290ca6
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001002a03d8
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 00000001002a012c
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001002a02f4
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100290e6e
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757a1401 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757a1419 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757a1431 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757a144a 2 bytes [7A, 75]
    .text ... * 9
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757a14dd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757a14f5 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757a150d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757a1525 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757a153d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757a1555 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757a156d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757a1585 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757a159d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757a15b5 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757a15cd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757a16b2 2 bytes [7A, 75]
    .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757a16bd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010028091c
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100280048
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002802ee
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002804b2
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002809fe
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100280ae0
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010026004c
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010028012a
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100280758
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100280676
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002803d0
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100280594
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010028083a
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010028020c
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 0000000100290762
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100280f52
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100290210
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100290048
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a65a9d1}
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100280ca6
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001002903d8
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010029012c
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001002902f4
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe[2084] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100280e6e
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010029091c
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100290048
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002902ee
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002904b2
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002909fe
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100290ae0
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010029012a
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100290758
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100290676
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002903d0
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100290594
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010029083a
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010029020c
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 00000001002a04bc
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100290f52
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 00000001002a0210
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 00000001002a0048
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a66a9d1}
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100290ca6
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001002a03d8
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 00000001002a012c
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001002a02f4
    .text C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe[2140] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100290e6e
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010012091c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100120048
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001001202ee
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001001204b2
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001001209fe
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100120ae0
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010010004c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010012012a
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100120758
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100120676
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001001203d0
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100120594
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010012083a
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010012020c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010013059e
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100120f52
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100130210
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100130048
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a4fa9d1}
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100120ca6
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001001303d8
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010013012c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001001302f4
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2292] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100120e6e
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010017091c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100170048
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001001702ee
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001001704b2
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001001709fe
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100170ae0
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010015004c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010017012a
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100170758
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100170676
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001001703d0
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100170594
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010017083a
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010017020c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2368] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010018059e
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010030091c
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100300048
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001003002ee
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001003004b2
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001003009fe
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100300ae0
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010030012a
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100300758
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100300676
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001003003d0
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100300594
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010030083a
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010030020c
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 00000001003104bc
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100300f52
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100310210
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100310048
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a6da9d1}
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100300ca6
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001003103d8
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010031012c
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001003102f4
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100300e6e
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000757a1401 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000757a1419 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000757a1431 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000757a144a 2 bytes [7A, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000757a14dd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000757a14f5 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000757a150d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000757a1525 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000757a153d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000757a1555 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000757a156d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000757a1585 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000757a159d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000757a15b5 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000757a15cd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000757a16b2 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2416] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000757a16bd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 00000001000f091c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 00000001000f0048
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001000f02ee
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001000f04b2
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001000f09fe
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 00000001000f0ae0
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 00000001000d004c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 00000001000f012a
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 00000001000f0758
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 00000001000f0676
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001000f03d0
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 00000001000f0594
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 00000001000f083a
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 00000001000f020c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010010059e
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 00000001000f0f52
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100100210
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100100048
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a4ca9d1}
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 00000001000f0ca6
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001001003d8
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010010012c
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001001002f4
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2676] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 00000001000f0e6e
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 00000001002a091c
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 00000001002a0048
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002a02ee
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002a04b2
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002a09fe
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 00000001002a0ae0
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 00000001002a012a
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 00000001002a0758
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 00000001002a0676
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002a03d0
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 00000001002a0594
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 00000001002a083a
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 00000001002a020c
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 00000001002d091c
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 00000001002d0048
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002d02ee
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002d04b2
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002d09fe
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 00000001002d0ae0
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 00000001002d012a
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 00000001002d0758
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 00000001002d0676
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002d03d0
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 00000001002d0594
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 00000001002d083a
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 00000001002d020c
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 00000001002d0f52
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 00000001003e0210
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 00000001003e0048
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a7aa9d1}
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 00000001002d0ca6
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001003e03d8
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 00000001003e012c
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001003e02f4
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 00000001002d0e6e
    .text C:\Program Files (x86)\ASUS\EPU\EPU.exe[3088] C:\Windows\syswow64\USER32.DLL!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 00000001003e059e
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010029091c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100290048
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002902ee
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002904b2
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002909fe
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100290ae0
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010029012a
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100290758
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100290676
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002903d0
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100290594
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010029083a
    .text C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010029020c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010031091c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100310048
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001003102ee
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001003104b2
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001003109fe
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100310ae0
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010031012a
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100310758
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100310676
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001003103d0
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100310594
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010031083a
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010031020c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100310f52
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100320210
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100320048
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a6ea9d1}
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100310ca6
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001003203d8
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010032012c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001003202f4
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100310e6e
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3228] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010032059e
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010021091c
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100210048
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002102ee
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002104b2
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002109fe
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100210ae0
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010021012a
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100210758
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100210676
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002103d0
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100210594
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010021083a
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010021020c
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010022059e
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100210f52
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100220210
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100220048
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a5ea9d1}
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100210ca6
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001002203d8
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010022012c
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001002202f4
    .text C:\Program Files (x86)\Winamp\winampa.exe[3280] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100210e6e
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 00000001003f091c
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 00000001003f0048
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001003f02ee
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001003f04b2
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001003f09fe
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 00000001003f0ae0
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 00000001003d004c
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 00000001003f012a
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 00000001003f0758
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 00000001003f0676
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001003f03d0
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 00000001003f0594
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 00000001003f083a
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 00000001003f020c
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010054059e
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 00000001003f0f52
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100540210
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100540048
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a90a9d1}
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 00000001003f0ca6
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001005403d8
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010054012c
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001005402f4
    .text C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe[4024] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 00000001003f0e6e
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010043091c
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100430048
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001004302ee
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001004304b2
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001004309fe
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100430ae0
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010043012a
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100430758
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100430676
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001004303d0
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100430594
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010043083a
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010043020c
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 00000001004404bc
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100430f52
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100440210
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100440048
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a80a9d1}
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100430ca6
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001004403d8
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010044012c
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001004402f4
    .text C:\Windows\SysWOW64\WinMsgBalloonServer.exe[3060] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100430e6e
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 000000010024091c
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100240048
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001002402ee
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001002404b2
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001002409fe
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100240ae0
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 000000010024012a
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100240758
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100240676
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001002403d0
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100240594
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 000000010024083a
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 000000010024020c
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 000000010025059e
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100240f52
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100250210
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100250048
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a61a9d1}
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100240ca6
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001002503d8
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010025012c
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001002502f4
    .text C:\Windows\SysWOW64\WinMsgBalloonClient.exe[4440] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100240e6e
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 0000000100a8091c
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100a80048
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 0000000100a802ee
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 0000000100a804b2
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 0000000100a809fe
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100a80ae0
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 00000001003a004c
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 0000000100a8012a
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100a80758
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100a80676
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 0000000100a803d0
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100a80594
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 0000000100a8083a
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 0000000100a8020c
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100a80f52
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100a90210
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100a90048
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8ae5a9d1}
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100a80ca6
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 0000000100a903d8
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 0000000100a9012c
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 0000000100a902f4
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100a80e6e
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 0000000100a90762
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757a1401 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757a1419 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757a1431 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757a144a 2 bytes [7A, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757a14dd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757a14f5 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757a150d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757a1525 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757a153d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757a1555 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757a156d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757a1585 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757a159d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757a15b5 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757a15cd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757a16b2 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757a16bd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 0000000100c8091c
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 0000000100c80048
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 0000000100c802ee
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 0000000100c804b2
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 0000000100c809fe
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 0000000100c80ae0
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 0000000100b2004c
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 0000000100c8012a
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 0000000100c80758
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 0000000100c80676
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 0000000100c803d0
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 0000000100c80594
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 0000000100c8083a
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 0000000100c8020c
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 0000000100c80f52
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100c90210
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100c90048
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8b05a9d1}
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 0000000100c80ca6
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 0000000100c903d8
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 0000000100c9012c
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 0000000100c902f4
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 0000000100c80e6e
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 0000000100c90762
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757a1401 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757a1419 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757a1431 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757a144a 2 bytes [7A, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757a14dd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757a14f5 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757a150d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757a1525 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757a153d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757a1555 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757a156d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757a1585 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757a159d 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757a15b5 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757a15cd 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757a16b2 2 bytes [7A, 75]
    .text C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757a16bd 2 bytes [7A, 75]
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007717fc90 5 bytes JMP 00000001004f091c
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fdf4 5 bytes JMP 00000001004f0048
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007717fe88 5 bytes JMP 00000001004f02ee
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007717ffe4 5 bytes JMP 00000001004f04b2
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077180018 5 bytes JMP 00000001004f09fe
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077180048 5 bytes JMP 00000001004f0ae0
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077180064 5 bytes JMP 000000010002004c
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007718077c 5 bytes JMP 00000001004f012a
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007718086c 5 bytes JMP 00000001004f0758
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077180884 5 bytes JMP 00000001004f0676
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077180dd4 5 bytes JMP 00000001004f03d0
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077181900 5 bytes JMP 00000001004f0594
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077181bc4 5 bytes JMP 00000001004f083a
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077181d50 5 bytes JMP 00000001004f020c
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075c3524f 7 bytes JMP 00000001004f0f52
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075c353d0 7 bytes JMP 0000000100500210
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075c35677 1 byte JMP 0000000100500048
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075c35679 5 bytes {JMP 0xffffffff8a8ca9d1}
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075c3589a 7 bytes JMP 00000001004f0ca6
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075c35a1d 7 bytes JMP 00000001005003d8
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075c35c9b 7 bytes JMP 000000010050012c
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075c35d87 7 bytes JMP 00000001005002f4
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075c37240 7 bytes JMP 00000001004f0e6e
    .text C:\Users\S&M Productions\Desktop\b2192o5s.exe[5556] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074e01492 7 bytes JMP 00000001005004bc

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2416:2424] 0000000000020060
    Thread C:\Windows\SysWOW64\WinMsgBalloonServer.exe [3060:2936] 0000000000020060
    Thread C:\Windows\SysWOW64\WinMsgBalloonClient.exe [4440:508] 0000000000020060

    ---- EOF - GMER 2.0 ----

    AdwCleaner Log:

    # AdwCleaner v2.109 - Logfile created 01/31/2013 at 16:41:35
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : S&M Productions - MAL-PCX1
    # Boot Mode : Normal
    # Running from : C:\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\APN

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?o=0&l=dir --> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.1 (en-US)

    File : C:\Users\S&M Productions\AppData\Roaming\Mozilla\Firefox\Profiles\pdh1ctua.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1163 octets] - [31/01/2013 16:40:32]
    AdwCleaner[R2].txt - [1223 octets] - [31/01/2013 16:41:25]
    AdwCleaner[S1].txt - [1201 octets] - [31/01/2013 16:41:35]

    ########## EOF - C:\AdwCleaner[S1].txt - [1261 octets] ##########

    And the TDSSKiller

    11:50:42.0582 7044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    11:50:43.0561 7044 ============================================================
    11:50:43.0561 7044 Current date / time: 2013/01/31 11:50:43.0561
    11:50:43.0561 7044 SystemInfo:
    11:50:43.0561 7044
    11:50:43.0561 7044 OS Version: 6.1.7601 ServicePack: 1.0
    11:50:43.0561 7044 Product type: Workstation
    11:50:43.0561 7044 ComputerName: MAL-PCX1
    11:50:43.0561 7044 UserName: S&M Productions
    11:50:43.0561 7044 Windows directory: C:\Windows
    11:50:43.0561 7044 System windows directory: C:\Windows
    11:50:43.0561 7044 Running under WOW64
    11:50:43.0561 7044 Processor architecture: Intel x64
    11:50:43.0561 7044 Number of processors: 2
    11:50:43.0561 7044 Page size: 0x1000
    11:50:43.0561 7044 Boot type: Normal boot
    11:50:43.0561 7044 ============================================================
    11:50:43.0729 7044 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:50:43.0760 7044 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:50:43.0762 7044 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:50:43.0766 7044 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    11:50:43.0768 7044 ============================================================
    11:50:43.0768 7044 \Device\Harddisk0\DR0:
    11:50:43.0768 7044 MBR partitions:
    11:50:43.0768 7044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    11:50:43.0768 7044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
    11:50:43.0768 7044 \Device\Harddisk1\DR1:
    11:50:43.0769 7044 MBR partitions:
    11:50:43.0769 7044 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
    11:50:43.0769 7044 \Device\Harddisk2\DR2:
    11:50:43.0769 7044 MBR partitions:
    11:50:43.0769 7044 \Device\Harddisk3\DR3:
    11:50:43.0769 7044 MBR partitions:
    11:50:43.0769 7044 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
    11:50:43.0769 7044 ============================================================
    11:50:43.0770 7044 C: <-> \Device\Harddisk0\DR0\Partition2
    11:50:49.0895 7044 M: <-> \Device\Harddisk1\DR1\Partition1
    11:50:49.0931 7044 R: <-> \Device\Harddisk3\DR3\Partition1
    11:50:49.0931 7044 ============================================================
    11:50:49.0931 7044 Initialize success
    11:50:49.0931 7044 ============================================================
    11:51:18.0235 3280 ============================================================
    11:51:18.0235 3280 Scan started
    11:51:18.0235 3280 Mode: Manual; SigCheck;
    11:51:18.0235 3280 ============================================================
    11:51:18.0323 3280 ================ Scan system memory ========================
    11:51:18.0323 3280 System memory - ok
    11:51:18.0324 3280 ================ Scan services =============================
    11:51:18.0358 3280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    11:51:18.0399 3280 1394ohci - ok
    11:51:18.0405 3280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    11:51:18.0416 3280 ACPI - ok
    11:51:18.0419 3280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    11:51:18.0437 3280 AcpiPmi - ok
    11:51:18.0450 3280 [ AD1EE24224F770E598794ECABA26E8F3 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    11:51:18.0469 3280 AcrSch2Svc - ok
    11:51:18.0473 3280 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:51:18.0481 3280 AdobeARMservice - ok
    11:51:18.0500 3280 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:51:18.0509 3280 AdobeFlashPlayerUpdateSvc - ok
    11:51:18.0516 3280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    11:51:18.0530 3280 adp94xx - ok
    11:51:18.0536 3280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    11:51:18.0547 3280 adpahci - ok
    11:51:18.0552 3280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    11:51:18.0561 3280 adpu320 - ok
    11:51:18.0565 3280 [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    11:51:18.0570 3280 ADVService ( UnsignedFile.Multi.Generic ) - warning
    11:51:18.0570 3280 ADVService - detected UnsignedFile.Multi.Generic (1)
    11:51:18.0574 3280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    11:51:18.0614 3280 AeLookupSvc - ok
    11:51:18.0620 3280 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
    11:51:18.0632 3280 afcdp - ok
    11:51:18.0658 3280 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    11:51:18.0699 3280 afcdpsrv - ok
    11:51:18.0709 3280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    11:51:18.0722 3280 AFD - ok
    11:51:18.0726 3280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    11:51:18.0735 3280 agp440 - ok
    11:51:18.0738 3280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    11:51:18.0750 3280 ALG - ok
    11:51:18.0753 3280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    11:51:18.0760 3280 aliide - ok
    11:51:18.0765 3280 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    11:51:18.0779 3280 AMD External Events Utility - ok
    11:51:18.0783 3280 AMD FUEL Service - ok
    11:51:18.0785 3280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    11:51:18.0793 3280 amdide - ok
    11:51:18.0796 3280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    11:51:18.0805 3280 AmdK8 - ok
    11:51:18.0881 3280 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    11:51:18.0991 3280 amdkmdag - ok
    11:51:19.0002 3280 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    11:51:19.0016 3280 amdkmdap - ok
    11:51:19.0020 3280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    11:51:19.0030 3280 AmdPPM - ok
    11:51:19.0034 3280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    11:51:19.0043 3280 amdsata - ok
    11:51:19.0047 3280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    11:51:19.0057 3280 amdsbs - ok
    11:51:19.0060 3280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    11:51:19.0067 3280 amdxata - ok
    11:51:19.0072 3280 [ B9C95291F5EA1072CEC2BA690E07F29F ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    11:51:19.0076 3280 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
    11:51:19.0076 3280 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
    11:51:19.0079 3280 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    11:51:19.0085 3280 AODDriver4.2 - ok
    11:51:19.0089 3280 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
    11:51:19.0095 3280 APC Data Service - ok
    11:51:19.0103 3280 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
    11:51:19.0116 3280 APC UPS Service - ok
    11:51:19.0120 3280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    11:51:19.0142 3280 AppID - ok
    11:51:19.0145 3280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    11:51:19.0167 3280 AppIDSvc - ok
    11:51:19.0171 3280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    11:51:19.0193 3280 Appinfo - ok
    11:51:19.0197 3280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    11:51:19.0205 3280 arc - ok
    11:51:19.0209 3280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    11:51:19.0217 3280 arcsas - ok
    11:51:19.0221 3280 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    11:51:19.0227 3280 AsIO - ok
    11:51:19.0231 3280 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
    11:51:19.0241 3280 asmthub3 - ok
    11:51:19.0248 3280 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
    11:51:19.0260 3280 asmtxhci - ok
    11:51:19.0263 3280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    11:51:19.0285 3280 AsyncMac - ok
    11:51:19.0288 3280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    11:51:19.0296 3280 atapi - ok
    11:51:19.0300 3280 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    11:51:19.0310 3280 AtiHDAudioService - ok
    11:51:19.0313 3280 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    11:51:19.0319 3280 AtiPcie - ok
    11:51:19.0327 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    11:51:19.0353 3280 AudioEndpointBuilder - ok
    11:51:19.0361 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    11:51:19.0386 3280 AudioSrv - ok
    11:51:19.0390 3280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    11:51:19.0409 3280 AxInstSV - ok
    11:51:19.0416 3280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    11:51:19.0428 3280 b06bdrv - ok
    11:51:19.0434 3280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:51:19.0445 3280 b57nd60a - ok
    11:51:19.0450 3280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    11:51:19.0460 3280 BDESVC - ok
    11:51:19.0463 3280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    11:51:19.0485 3280 Beep - ok
    11:51:19.0494 3280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    11:51:19.0521 3280 BFE - ok
    11:51:19.0536 3280 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
    11:51:19.0555 3280 BHDrvx64 - ok
    11:51:19.0566 3280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    11:51:19.0594 3280 BITS - ok
    11:51:19.0598 3280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    11:51:19.0607 3280 blbdrive - ok
    11:51:19.0611 3280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    11:51:19.0620 3280 bowser - ok
    11:51:19.0623 3280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    11:51:19.0633 3280 BrFiltLo - ok
    11:51:19.0636 3280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    11:51:19.0646 3280 BrFiltUp - ok
    11:51:19.0650 3280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    11:51:19.0659 3280 Browser - ok
    11:51:19.0664 3280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    11:51:19.0677 3280 Brserid - ok
    11:51:19.0680 3280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    11:51:19.0691 3280 BrSerWdm - ok
    11:51:19.0694 3280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:51:19.0704 3280 BrUsbMdm - ok
    11:51:19.0707 3280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    11:51:19.0715 3280 BrUsbSer - ok
    11:51:19.0719 3280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    11:51:19.0729 3280 BTHMODEM - ok
    11:51:19.0734 3280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    11:51:19.0757 3280 bthserv - ok
    11:51:19.0763 3280 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys
    11:51:19.0770 3280 ccSet_N360 - ok
    11:51:19.0774 3280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    11:51:19.0796 3280 cdfs - ok
    11:51:19.0800 3280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    11:51:19.0810 3280 cdrom - ok
    11:51:19.0814 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    11:51:19.0836 3280 CertPropSvc - ok
    11:51:19.0839 3280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    11:51:19.0850 3280 circlass - ok
    11:51:19.0855 3280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    11:51:19.0867 3280 CLFS - ok
    11:51:19.0874 3280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:51:19.0882 3280 clr_optimization_v2.0.50727_32 - ok
    11:51:19.0887 3280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:51:19.0896 3280 clr_optimization_v2.0.50727_64 - ok
    11:51:19.0902 3280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:51:19.0912 3280 clr_optimization_v4.0.30319_32 - ok
    11:51:19.0919 3280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:51:19.0926 3280 clr_optimization_v4.0.30319_64 - ok
    11:51:19.0930 3280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    11:51:19.0939 3280 CmBatt - ok
    11:51:19.0942 3280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    11:51:19.0950 3280 cmdide - ok
    11:51:19.0957 3280 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
    11:51:19.0973 3280 CNG - ok
    11:51:19.0976 3280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    11:51:19.0984 3280 Compbatt - ok
    11:51:19.0987 3280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    11:51:19.0998 3280 CompositeBus - ok
    11:51:20.0004 3280 COMSysApp - ok
    11:51:20.0009 3280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    11:51:20.0017 3280 crcdisk - ok
    11:51:20.0023 3280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    11:51:20.0053 3280 CryptSvc - ok
    11:51:20.0082 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    11:51:20.0108 3280 DcomLaunch - ok
    11:51:20.0115 3280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    11:51:20.0139 3280 defragsvc - ok
    11:51:20.0143 3280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    11:51:20.0165 3280 DfsC - ok
    11:51:20.0171 3280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    11:51:20.0183 3280 Dhcp - ok
    11:51:20.0186 3280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    11:51:20.0208 3280 discache - ok
    11:51:20.0212 3280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    11:51:20.0219 3280 Disk - ok
    11:51:20.0224 3280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    11:51:20.0234 3280 Dnscache - ok
    11:51:20.0240 3280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    11:51:20.0263 3280 dot3svc - ok
    11:51:20.0267 3280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    11:51:20.0290 3280 DPS - ok
    11:51:20.0293 3280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    11:51:20.0306 3280 drmkaud - ok
    11:51:20.0317 3280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    11:51:20.0332 3280 DXGKrnl - ok
    11:51:20.0336 3280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    11:51:20.0359 3280 EapHost - ok
    11:51:20.0384 3280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    11:51:20.0421 3280 ebdrv - ok
    11:51:20.0429 3280 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    11:51:20.0441 3280 eeCtrl - ok
    11:51:20.0445 3280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    11:51:20.0454 3280 EFS - ok
    11:51:20.0463 3280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    11:51:20.0480 3280 ehRecvr - ok
    11:51:20.0483 3280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    11:51:20.0493 3280 ehSched - ok
    11:51:20.0500 3280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    11:51:20.0513 3280 elxstor - ok
    11:51:20.0517 3280 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    11:51:20.0524 3280 EraserUtilRebootDrv - ok
    11:51:20.0527 3280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    11:51:20.0535 3280 ErrDev - ok
    11:51:20.0545 3280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    11:51:20.0569 3280 EventSystem - ok
    11:51:20.0575 3280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    11:51:20.0598 3280 exfat - ok
    11:51:20.0602 3280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    11:51:20.0626 3280 fastfat - ok
    11:51:20.0634 3280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    11:51:20.0649 3280 Fax - ok
    11:51:20.0653 3280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    11:51:20.0661 3280 fdc - ok
    11:51:20.0664 3280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    11:51:20.0686 3280 fdPHost - ok
    11:51:20.0689 3280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    11:51:20.0711 3280 FDResPub - ok
    11:51:20.0715 3280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    11:51:20.0722 3280 FileInfo - ok
    11:51:20.0725 3280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    11:51:20.0748 3280 Filetrace - ok
    11:51:20.0751 3280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    11:51:20.0760 3280 flpydisk - ok
    11:51:20.0765 3280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    11:51:20.0776 3280 FltMgr - ok
    11:51:20.0788 3280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    11:51:20.0806 3280 FontCache - ok
    11:51:20.0810 3280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:51:20.0817 3280 FontCache3.0.0.0 - ok
    11:51:20.0821 3280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    11:51:20.0829 3280 FsDepends - ok
    11:51:20.0832 3280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    11:51:20.0840 3280 Fs_Rec - ok
    11:51:20.0845 3280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    11:51:20.0856 3280 fvevol - ok
    11:51:20.0860 3280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    11:51:20.0868 3280 gagp30kx - ok
    11:51:20.0878 3280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    11:51:20.0905 3280 gpsvc - ok
    11:51:20.0909 3280 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    11:51:20.0918 3280 gusvc - ok
    11:51:20.0921 3280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    11:51:20.0931 3280 hcw85cir - ok
    11:51:20.0937 3280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    11:51:20.0949 3280 HdAudAddService - ok
    11:51:20.0953 3280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:51:20.0964 3280 HDAudBus - ok
    11:51:20.0967 3280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    11:51:20.0977 3280 HidBatt - ok
    11:51:20.0980 3280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    11:51:20.0991 3280 HidBth - ok
    11:51:20.0994 3280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    11:51:21.0005 3280 HidIr - ok
    11:51:21.0008 3280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    11:51:21.0030 3280 hidserv - ok
    11:51:21.0034 3280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    11:51:21.0043 3280 HidUsb - ok
    11:51:21.0046 3280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    11:51:21.0069 3280 hkmsvc - ok
    11:51:21.0074 3280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    11:51:21.0084 3280 HomeGroupListener - ok
    11:51:21.0088 3280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    11:51:21.0098 3280 HomeGroupProvider - ok
    11:51:21.0102 3280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    11:51:21.0110 3280 HpSAMD - ok
    11:51:21.0119 3280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    11:51:21.0146 3280 HTTP - ok
    11:51:21.0150 3280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    11:51:21.0157 3280 hwpolicy - ok
    11:51:21.0160 3280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    11:51:21.0169 3280 i8042prt - ok
    11:51:21.0179 3280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    11:51:21.0191 3280 iaStorV - ok
    11:51:21.0200 3280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:51:21.0217 3280 idsvc - ok
    11:51:21.0224 3280 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130130.001\IDSvia64.sys
    11:51:21.0235 3280 IDSVia64 - ok
    11:51:21.0238 3280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    11:51:21.0247 3280 iirsp - ok
    11:51:21.0256 3280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    11:51:21.0284 3280 IKEEXT - ok
    11:51:21.0289 3280 IntcAzAudAddService - ok
    11:51:21.0292 3280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    11:51:21.0300 3280 intelide - ok
    11:51:21.0304 3280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    11:51:21.0313 3280 intelppm - ok
    11:51:21.0317 3280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    11:51:21.0340 3280 IPBusEnum - ok
    11:51:21.0344 3280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:51:21.0365 3280 IpFilterDriver - ok
    11:51:21.0373 3280 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    11:51:21.0387 3280 iphlpsvc - ok
    11:51:21.0391 3280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    11:51:21.0400 3280 IPMIDRV - ok
    11:51:21.0404 3280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    11:51:21.0426 3280 IPNAT - ok
    11:51:21.0430 3280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    11:51:21.0441 3280 IRENUM - ok
    11:51:21.0444 3280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    11:51:21.0452 3280 isapnp - ok
    11:51:21.0457 3280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    11:51:21.0467 3280 iScsiPrt - ok
    11:51:21.0470 3280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    11:51:21.0478 3280 kbdclass - ok
    11:51:21.0481 3280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    11:51:21.0490 3280 kbdhid - ok
    11:51:21.0493 3280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    11:51:21.0501 3280 KeyIso - ok
    11:51:21.0506 3280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    11:51:21.0514 3280 KSecDD - ok
    11:51:21.0519 3280 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    11:51:21.0528 3280 KSecPkg - ok
    11:51:21.0531 3280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    11:51:21.0553 3280 ksthunk - ok
    11:51:21.0558 3280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    11:51:21.0584 3280 KtmRm - ok
    11:51:21.0589 3280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    11:51:21.0612 3280 LanmanServer - ok
    11:51:21.0616 3280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    11:51:21.0638 3280 LanmanWorkstation - ok
    11:51:21.0646 3280 [ 95EC0CB52692894E050CFC3573ABC3B2 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    11:51:21.0657 3280 LBTServ - ok
    11:51:21.0663 3280 [ 4838EA42D5BBE1CA6BEE9BBA35E8D2E5 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
    11:51:21.0670 3280 LEqdUsb - ok
    11:51:21.0673 3280 [ 6F63F8A7FF6D4671973619BCF821B2F5 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
    11:51:21.0680 3280 LHidEqd - ok
    11:51:21.0683 3280 [ E536A1D8502D0CA79B928CAB9EAEB807 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    11:51:21.0690 3280 LHidFilt - ok
    11:51:21.0694 3280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    11:51:21.0716 3280 lltdio - ok
    11:51:21.0721 3280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    11:51:21.0745 3280 lltdsvc - ok
    11:51:21.0748 3280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    11:51:21.0770 3280 lmhosts - ok
    11:51:21.0774 3280 [ 2E6D0110DACC769AE478ADE6C2572E37 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    11:51:21.0781 3280 LMouFilt - ok
    11:51:21.0785 3280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    11:51:21.0794 3280 LSI_FC - ok
    11:51:21.0798 3280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    11:51:21.0809 3280 LSI_SAS - ok
    11:51:21.0813 3280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    11:51:21.0821 3280 LSI_SAS2 - ok
    11:51:21.0824 3280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    11:51:21.0833 3280 LSI_SCSI - ok
    11:51:21.0837 3280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    11:51:21.0859 3280 luafv - ok
    11:51:21.0863 3280 [ E63D9C01BF354657CF77A8DF3109BEE4 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
    11:51:21.0872 3280 LUsbFilt - ok
    11:51:21.0875 3280 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    11:51:21.0882 3280 MBAMProtector - ok
    11:51:21.0888 3280 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    11:51:21.0898 3280 MBAMScheduler - ok
    11:51:21.0906 3280 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    11:51:21.0919 3280 MBAMService - ok
    11:51:21.0922 3280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    11:51:21.0932 3280 Mcx2Svc - ok
    11:51:21.0938 3280 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    11:51:21.0944 3280 MDM ( UnsignedFile.Multi.Generic ) - warning
    11:51:21.0944 3280 MDM - detected UnsignedFile.Multi.Generic (1)
    11:51:21.0948 3280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    11:51:21.0956 3280 megasas - ok
    11:51:21.0961 3280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    11:51:21.0972 3280 MegaSR - ok
    11:51:21.0978 3280 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    11:51:21.0985 3280 Microsoft Office Groove Audit Service - ok
    11:51:21.0989 3280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    11:51:22.0011 3280 MMCSS - ok
    11:51:22.0014 3280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    11:51:22.0036 3280 Modem - ok
    11:51:22.0040 3280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    11:51:22.0049 3280 monitor - ok
    11:51:22.0053 3280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    11:51:22.0060 3280 mouclass - ok
    11:51:22.0063 3280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    11:51:22.0072 3280 mouhid - ok
    11:51:22.0076 3280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    11:51:22.0084 3280 mountmgr - ok
    11:51:22.0087 3280 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    11:51:22.0099 3280 MozillaMaintenance - ok
    11:51:22.0103 3280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    11:51:22.0113 3280 mpio - ok
    11:51:22.0117 3280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    11:51:22.0140 3280 mpsdrv - ok
    11:51:22.0150 3280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    11:51:22.0179 3280 MpsSvc - ok
    11:51:22.0183 3280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    11:51:22.0195 3280 MRxDAV - ok
    11:51:22.0200 3280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:51:22.0209 3280 mrxsmb - ok
    11:51:22.0215 3280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:51:22.0224 3280 mrxsmb10 - ok
    11:51:22.0228 3280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:51:22.0237 3280 mrxsmb20 - ok
    11:51:22.0240 3280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    11:51:22.0248 3280 msahci - ok
    11:51:22.0252 3280 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    11:51:22.0260 3280 MSCamSvc - ok
    11:51:22.0264 3280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    11:51:22.0273 3280 msdsm - ok
    11:51:22.0277 3280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    11:51:22.0288 3280 MSDTC - ok
    11:51:22.0293 3280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    11:51:22.0315 3280 Msfs - ok
    11:51:22.0318 3280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    11:51:22.0340 3280 mshidkmdf - ok
    11:51:22.0343 3280 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
    11:51:22.0350 3280 MSHUSBVideo - ok
    11:51:22.0353 3280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    11:51:22.0360 3280 msisadrv - ok
    11:51:22.0364 3280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    11:51:22.0388 3280 MSiSCSI - ok
    11:51:22.0391 3280 msiserver - ok
    11:51:22.0394 3280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    11:51:22.0416 3280 MSKSSRV - ok
    11:51:22.0419 3280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    11:51:22.0441 3280 MSPCLOCK - ok
    11:51:22.0444 3280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    11:51:22.0466 3280 MSPQM - ok
    11:51:22.0471 3280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    11:51:22.0483 3280 MsRPC - ok
    11:51:22.0487 3280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    11:51:22.0495 3280 mssmbios - ok
    11:51:22.0498 3280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    11:51:22.0520 3280 MSTEE - ok
    11:51:22.0523 3280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    11:51:22.0531 3280 MTConfig - ok
    11:51:22.0534 3280 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    11:51:22.0541 3280 MTsensor - ok
    11:51:22.0544 3280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    11:51:22.0552 3280 Mup - ok
    11:51:22.0559 3280 [ 4BA84C832E0741A294C4444556DFE993 ] N360 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
    11:51:22.0568 3280 N360 - ok
    11:51:22.0574 3280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    11:51:22.0599 3280 napagent - ok
    11:51:22.0605 3280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    11:51:22.0619 3280 NativeWifiP - ok
    11:51:22.0623 3280 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130130.033\ENG64.SYS
    11:51:22.0631 3280 NAVENG - ok
    11:51:22.0649 3280 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130130.033\EX64.SYS
    11:51:22.0673 3280 NAVEX15 - ok
    11:51:22.0685 3280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    11:51:22.0703 3280 NDIS - ok
    11:51:22.0707 3280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    11:51:22.0729 3280 NdisCap - ok
    11:51:22.0732 3280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    11:51:22.0754 3280 NdisTapi - ok
    11:51:22.0757 3280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    11:51:22.0778 3280 Ndisuio - ok
    11:51:22.0783 3280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    11:51:22.0805 3280 NdisWan - ok
    11:51:22.0809 3280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    11:51:22.0830 3280 NDProxy - ok
    11:51:22.0833 3280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    11:51:22.0855 3280 NetBIOS - ok
    11:51:22.0860 3280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    11:51:22.0883 3280 NetBT - ok
    11:51:22.0886 3280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    11:51:22.0894 3280 Netlogon - ok
    11:51:22.0900 3280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    11:51:22.0926 3280 Netman - ok
    11:51:22.0933 3280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    11:51:22.0958 3280 netprofm - ok
    11:51:22.0967 3280 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    11:51:22.0983 3280 netr28x - ok
    11:51:22.0986 3280 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:51:22.0994 3280 NetTcpPortSharing - ok
    11:51:22.0998 3280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    11:51:23.0006 3280 nfrd960 - ok
    11:51:23.0012 3280 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    11:51:23.0022 3280 NlaSvc - ok
    11:51:23.0028 3280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    11:51:23.0051 3280 Npfs - ok
    11:51:23.0055 3280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    11:51:23.0077 3280 nsi - ok
    11:51:23.0080 3280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    11:51:23.0102 3280 nsiproxy - ok
    11:51:23.0118 3280 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    11:51:23.0144 3280 Ntfs - ok
    11:51:23.0148 3280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    11:51:23.0169 3280 Null - ok
    11:51:23.0177 3280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    11:51:23.0186 3280 nvraid - ok
    11:51:23.0191 3280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    11:51:23.0200 3280 nvstor - ok
    11:51:23.0204 3280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    11:51:23.0213 3280 nv_agp - ok
    11:51:23.0220 3280 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:51:23.0232 3280 odserv - ok
    11:51:23.0235 3280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    11:51:23.0244 3280 ohci1394 - ok
    11:51:23.0249 3280 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:51:23.0257 3280 ose - ok
    11:51:23.0265 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    11:51:23.0277 3280 p2pimsvc - ok
    11:51:23.0284 3280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    11:51:23.0295 3280 p2psvc - ok
    11:51:23.0299 3280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    11:51:23.0308 3280 Parport - ok
    11:51:23.0312 3280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    11:51:23.0320 3280 partmgr - ok
    11:51:23.0324 3280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    11:51:23.0337 3280 PcaSvc - ok
    11:51:23.0341 3280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    11:51:23.0351 3280 pci - ok
    11:51:23.0354 3280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    11:51:23.0361 3280 pciide - ok
    11:51:23.0366 3280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    11:51:23.0376 3280 pcmcia - ok
    11:51:23.0379 3280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    11:51:23.0387 3280 pcw - ok
    11:51:23.0394 3280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    11:51:23.0422 3280 PEAUTH - ok
    11:51:23.0441 3280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    11:51:23.0451 3280 PerfHost - ok
    11:51:23.0467 3280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    11:51:23.0501 3280 pla - ok
    11:51:23.0509 3280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    11:51:23.0521 3280 PlugPlay - ok
    11:51:23.0524 3280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    11:51:23.0533 3280 PNRPAutoReg - ok
    11:51:23.0538 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    11:51:23.0548 3280 PNRPsvc - ok
    11:51:23.0555 3280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    11:51:23.0581 3280 PolicyAgent - ok
    11:51:23.0587 3280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    11:51:23.0610 3280 Power - ok
    11:51:23.0614 3280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    11:51:23.0636 3280 PptpMiniport - ok
    11:51:23.0640 3280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    11:51:23.0651 3280 Processor - ok
    11:51:23.0656 3280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    11:51:23.0667 3280 ProfSvc - ok
    11:51:23.0670 3280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    11:51:23.0678 3280 ProtectedStorage - ok
    11:51:23.0681 3280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    11:51:23.0703 3280 Psched - ok
    11:51:23.0717 3280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    11:51:23.0742 3280 ql2300 - ok
    11:51:23.0746 3280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    11:51:23.0755 3280 ql40xx - ok
    11:51:23.0760 3280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    11:51:23.0773 3280 QWAVE - ok
    11:51:23.0776 3280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    11:51:23.0788 3280 QWAVEdrv - ok
    11:51:23.0791 3280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    11:51:23.0813 3280 RasAcd - ok
    11:51:23.0816 3280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:51:23.0838 3280 RasAgileVpn - ok
    11:51:23.0841 3280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    11:51:23.0864 3280 RasAuto - ok
    11:51:23.0868 3280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:51:23.0891 3280 Rasl2tp - ok
    11:51:23.0896 3280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    11:51:23.0921 3280 RasMan - ok
    11:51:23.0925 3280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    11:51:23.0947 3280 RasPppoe - ok
    11:51:23.0951 3280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    11:51:23.0974 3280 RasSstp - ok
    11:51:23.0979 3280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    11:51:24.0003 3280 rdbss - ok
    11:51:24.0006 3280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    11:51:24.0017 3280 rdpbus - ok
    11:51:24.0020 3280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:51:24.0043 3280 RDPCDD - ok
    11:51:24.0047 3280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    11:51:24.0069 3280 RDPENCDD - ok
    11:51:24.0074 3280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    11:51:24.0095 3280 RDPREFMP - ok
    11:51:24.0100 3280 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    11:51:24.0109 3280 RdpVideoMiniport - ok
    11:51:24.0114 3280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    11:51:24.0124 3280 RDPWD - ok
    11:51:24.0128 3280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    11:51:24.0138 3280 rdyboost - ok
    11:51:24.0141 3280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    11:51:24.0165 3280 RemoteAccess - ok
    11:51:24.0169 3280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    11:51:24.0192 3280 RemoteRegistry - ok
    11:51:24.0196 3280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    11:51:24.0218 3280 RpcEptMapper - ok
    11:51:24.0221 3280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    11:51:24.0229 3280 RpcLocator - ok
    11:51:24.0236 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    11:51:24.0260 3280 RpcSs - ok
    11:51:24.0264 3280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    11:51:24.0287 3280 rspndr - ok
    11:51:24.0296 3280 [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:51:24.0308 3280 RTL8167 - ok
    11:51:24.0312 3280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    11:51:24.0319 3280 SamSs - ok
    11:51:24.0323 3280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    11:51:24.0332 3280 sbp2port - ok
    11:51:24.0337 3280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    11:51:24.0361 3280 SCardSvr - ok
    11:51:24.0365 3280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    11:51:24.0387 3280 scfilter - ok
    11:51:24.0398 3280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    11:51:24.0429 3280 Schedule - ok
    11:51:24.0433 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    11:51:24.0455 3280 SCPolicySvc - ok
    11:51:24.0460 3280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    11:51:24.0470 3280 SDRSVC - ok
    11:51:24.0474 3280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    11:51:24.0496 3280 secdrv - ok
    11:51:24.0500 3280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    11:51:24.0521 3280 seclogon - ok
    11:51:24.0524 3280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    11:51:24.0547 3280 SENS - ok
    11:51:24.0550 3280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    11:51:24.0560 3280 SensrSvc - ok
    11:51:24.0563 3280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    11:51:24.0571 3280 Serenum - ok
    11:51:24.0575 3280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    11:51:24.0585 3280 Serial - ok
    11:51:24.0588 3280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    11:51:24.0596 3280 sermouse - ok
    11:51:24.0604 3280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    11:51:24.0627 3280 SessionEnv - ok
    11:51:24.0630 3280 [ 18A4EB256E35A6DD233C4D005835879A ] SetupARService C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
    11:51:24.0633 3280 SetupARService ( UnsignedFile.Multi.Generic ) - warning
    11:51:24.0633 3280 SetupARService - detected UnsignedFile.Multi.Generic (1)
    11:51:24.0636 3280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    11:51:24.0646 3280 sffdisk - ok
    11:51:24.0649 3280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    11:51:24.0659 3280 sffp_mmc - ok
    11:51:24.0662 3280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    11:51:24.0672 3280 sffp_sd - ok
    11:51:24.0675 3280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    11:51:24.0683 3280 sfloppy - ok
    11:51:24.0689 3280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    11:51:24.0714 3280 SharedAccess - ok
    11:51:24.0720 3280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    11:51:24.0744 3280 ShellHWDetection - ok
    11:51:24.0748 3280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    11:51:24.0756 3280 SiSRaid2 - ok
    11:51:24.0759 3280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    11:51:24.0768 3280 SiSRaid4 - ok
    11:51:24.0771 3280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    11:51:24.0794 3280 Smb - ok
    11:51:24.0802 3280 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
    11:51:24.0812 3280 snapman - ok
    11:51:24.0815 3280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    11:51:24.0824 3280 SNMPTRAP - ok
    11:51:24.0827 3280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    11:51:24.0834 3280 spldr - ok
    11:51:24.0842 3280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    11:51:24.0856 3280 Spooler - ok
    11:51:24.0883 3280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    11:51:24.0936 3280 sppsvc - ok
    11:51:24.0941 3280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    11:51:24.0964 3280 sppuinotify - ok
    11:51:24.0974 3280 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS
    11:51:24.0987 3280 SRTSP - ok
    11:51:24.0991 3280 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS
    11:51:24.0997 3280 SRTSPX - ok
    11:51:25.0004 3280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    11:51:25.0017 3280 srv - ok
    11:51:25.0024 3280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    11:51:25.0035 3280 srv2 - ok
    11:51:25.0040 3280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    11:51:25.0050 3280 srvnet - ok
    11:51:25.0054 3280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    11:51:25.0078 3280 SSDPSRV - ok
    11:51:25.0081 3280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    11:51:25.0104 3280 SstpSvc - ok
    11:51:25.0108 3280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    11:51:25.0116 3280 stexstor - ok
    11:51:25.0123 3280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    11:51:25.0140 3280 stisvc - ok
    11:51:25.0143 3280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    11:51:25.0151 3280 swenum - ok
    11:51:25.0158 3280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    11:51:25.0185 3280 swprv - ok
    11:51:25.0193 3280 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS
    11:51:25.0204 3280 SymDS - ok
    11:51:25.0217 3280 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS
    11:51:25.0236 3280 SymEFA - ok
    11:51:25.0241 3280 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    11:51:25.0248 3280 SymEvent - ok
    11:51:25.0251 3280 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
    11:51:25.0258 3280 SymIM - ok
    11:51:25.0263 3280 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS
    11:51:25.0270 3280 SymIRON - ok
    11:51:25.0278 3280 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS
    11:51:25.0287 3280 SymNetS - ok
    11:51:25.0304 3280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    11:51:25.0331 3280 SysMain - ok
    11:51:25.0335 3280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    11:51:25.0348 3280 TabletInputService - ok
    11:51:25.0354 3280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    11:51:25.0378 3280 TapiSrv - ok
    11:51:25.0382 3280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    11:51:25.0403 3280 TBS - ok
    11:51:25.0421 3280 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    11:51:25.0450 3280 Tcpip - ok
    11:51:25.0468 3280 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    11:51:25.0491 3280 TCPIP6 - ok
    11:51:25.0496 3280 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    11:51:25.0505 3280 tcpipreg - ok
    11:51:25.0509 3280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    11:51:25.0518 3280 TDPIPE - ok
    11:51:25.0530 3280 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
    11:51:25.0550 3280 tdrpman273 - ok
    11:51:25.0554 3280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    11:51:25.0562 3280 TDTCP - ok
    11:51:25.0566 3280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    11:51:25.0587 3280 tdx - ok
    11:51:25.0591 3280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    11:51:25.0599 3280 TermDD - ok
    11:51:25.0607 3280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    11:51:25.0635 3280 TermService - ok
    11:51:25.0638 3280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    11:51:25.0650 3280 Themes - ok
    11:51:25.0653 3280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    11:51:25.0675 3280 THREADORDER - ok
    11:51:25.0686 3280 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
    11:51:25.0703 3280 timounter - ok
    11:51:25.0708 3280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    11:51:25.0730 3280 TrkWks - ok
    11:51:25.0735 3280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    11:51:25.0758 3280 TrustedInstaller - ok
    11:51:25.0762 3280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:51:25.0783 3280 tssecsrv - ok
    11:51:25.0787 3280 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    11:51:25.0796 3280 TsUsbFlt - ok
    11:51:25.0800 3280 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    11:51:25.0809 3280 TsUsbGD - ok
    11:51:25.0814 3280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    11:51:25.0837 3280 tunnel - ok
    11:51:25.0840 3280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    11:51:25.0849 3280 uagp35 - ok
    11:51:25.0857 3280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    11:51:25.0881 3280 udfs - ok
    11:51:25.0887 3280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    11:51:25.0896 3280 UI0Detect - ok
    11:51:25.0900 3280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    11:51:25.0908 3280 uliagpkx - ok
    11:51:25.0911 3280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    11:51:25.0920 3280 umbus - ok
    11:51:25.0923 3280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    11:51:25.0934 3280 UmPass - ok
    11:51:25.0940 3280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    11:51:25.0965 3280 upnphost - ok
    11:51:25.0969 3280 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    11:51:25.0980 3280 usbaudio - ok
    11:51:25.0983 3280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    11:51:25.0993 3280 usbccgp - ok
    11:51:25.0996 3280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    11:51:26.0007 3280 usbcir - ok
    11:51:26.0010 3280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    11:51:26.0019 3280 usbehci - ok
    11:51:26.0026 3280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    11:51:26.0038 3280 usbhub - ok
    11:51:26.0042 3280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    11:51:26.0050 3280 usbohci - ok
    11:51:26.0054 3280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    11:51:26.0064 3280 usbprint - ok
    11:51:26.0067 3280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:51:26.0077 3280 USBSTOR - ok
    11:51:26.0080 3280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    11:51:26.0089 3280 usbuhci - ok
    11:51:26.0093 3280 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    11:51:26.0104 3280 usbvideo - ok
    11:51:26.0108 3280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    11:51:26.0131 3280 UxSms - ok
    11:51:26.0134 3280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    11:51:26.0142 3280 VaultSvc - ok
    11:51:26.0145 3280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    11:51:26.0153 3280 vdrvroot - ok
    11:51:26.0160 3280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    11:51:26.0186 3280 vds - ok
    11:51:26.0190 3280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    11:51:26.0199 3280 vga - ok
    11:51:26.0202 3280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    11:51:26.0224 3280 VgaSave - ok
    11:51:26.0230 3280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    11:51:26.0240 3280 vhdmp - ok
    11:51:26.0243 3280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    11:51:26.0251 3280 viaide - ok
    11:51:26.0254 3280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    11:51:26.0262 3280 volmgr - ok
    11:51:26.0268 3280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    11:51:26.0280 3280 volmgrx - ok
    11:51:26.0285 3280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    11:51:26.0296 3280 volsnap - ok
    11:51:26.0300 3280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    11:51:26.0310 3280 vsmraid - ok
    11:51:26.0323 3280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    11:51:26.0359 3280 VSS - ok
    11:51:26.0363 3280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    11:51:26.0373 3280 vwifibus - ok
    11:51:26.0377 3280 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    11:51:26.0388 3280 vwififlt - ok
    11:51:26.0394 3280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    11:51:26.0420 3280 W32Time - ok
    11:51:26.0424 3280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    11:51:26.0433 3280 WacomPen - ok
    11:51:26.0437 3280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    11:51:26.0458 3280 WANARP - ok
    11:51:26.0461 3280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    11:51:26.0482 3280 Wanarpv6 - ok
    11:51:26.0495 3280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    11:51:26.0517 3280 WatAdminSvc - ok
    11:51:26.0530 3280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    11:51:26.0553 3280 wbengine - ok
    11:51:26.0558 3280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    11:51:26.0571 3280 WbioSrvc - ok
    11:51:26.0577 3280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    11:51:26.0592 3280 wcncsvc - ok
    11:51:26.0595 3280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    11:51:26.0604 3280 WcsPlugInService - ok
    11:51:26.0608 3280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    11:51:26.0616 3280 Wd - ok
    11:51:26.0625 3280 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    11:51:26.0643 3280 Wdf01000 - ok
    11:51:26.0647 3280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    11:51:26.0671 3280 WdiServiceHost - ok
    11:51:26.0674 3280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    11:51:26.0685 3280 WdiSystemHost - ok
    11:51:26.0690 3280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    11:51:26.0704 3280 WebClient - ok
    11:51:26.0709 3280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    11:51:26.0734 3280 Wecsvc - ok
    11:51:26.0738 3280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    11:51:26.0760 3280 wercplsupport - ok
    11:51:26.0764 3280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    11:51:26.0786 3280 WerSvc - ok
    11:51:26.0789 3280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    11:51:26.0811 3280 WfpLwf - ok
    11:51:26.0813 3280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    11:51:26.0821 3280 WIMMount - ok
    11:51:26.0824 3280 WinDefend - ok
    11:51:26.0828 3280 WinHttpAutoProxySvc - ok
    11:51:26.0835 3280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    11:51:26.0859 3280 Winmgmt - ok
    11:51:26.0876 3280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    11:51:26.0916 3280 WinRM - ok
    11:51:26.0929 3280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    11:51:26.0948 3280 Wlansvc - ok
    11:51:26.0952 3280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    11:51:26.0960 3280 WmiAcpi - ok
    11:51:26.0965 3280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    11:51:26.0976 3280 wmiApSrv - ok
    11:51:26.0979 3280 WMPNetworkSvc - ok
    11:51:26.0982 3280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    11:51:26.0991 3280 WPCSvc - ok
    11:51:26.0995 3280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    11:51:27.0005 3280 WPDBusEnum - ok
    11:51:27.0009 3280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    11:51:27.0031 3280 ws2ifsl - ok
    11:51:27.0036 3280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    11:51:27.0049 3280 wscsvc - ok
    11:51:27.0051 3280 WSearch - ok
    11:51:27.0073 3280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    11:51:27.0108 3280 wuauserv - ok
    11:51:27.0113 3280 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    11:51:27.0122 3280 WudfPf - ok
    11:51:27.0127 3280 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:51:27.0137 3280 WUDFRd - ok
    11:51:27.0141 3280 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    11:51:27.0151 3280 wudfsvc - ok
    11:51:27.0155 3280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    11:51:27.0169 3280 WwanSvc - ok
    11:51:27.0177 3280 ================ Scan global ===============================
    11:51:27.0179 3280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    11:51:27.0183 3280 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
    11:51:27.0189 3280 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
    11:51:27.0192 3280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    11:51:27.0197 3280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    11:51:27.0199 3280 [Global] - ok
    11:51:27.0200 3280 ================ Scan MBR ==================================
    11:51:27.0201 3280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    11:51:27.0265 3280 \Device\Harddisk0\DR0 - ok
    11:51:27.0290 3280 [ F46767AE2998EA7510CA3750ADFC1357 ] \Device\Harddisk1\DR1
    11:51:27.0443 3280 \Device\Harddisk1\DR1 - ok
    11:51:27.0465 3280 [ 4976D4A7A40B83FC7F06EE4BDD84EB9B ] \Device\Harddisk2\DR2
    11:51:27.0467 3280 \Device\Harddisk2\DR2 - ok
    11:51:27.0470 3280 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
    11:51:27.0472 3280 \Device\Harddisk3\DR3 - ok
    11:51:27.0472 3280 ================ Scan VBR ==================================
    11:51:27.0474 3280 [ 59EFC286123616AC2B7E56D0E0266D48 ] \Device\Harddisk0\DR0\Partition1
    11:51:27.0475 3280 \Device\Harddisk0\DR0\Partition1 - ok
    11:51:27.0477 3280 [ 1D72EC859811FBC25332DF277E0C1E58 ] \Device\Harddisk0\DR0\Partition2
    11:51:27.0478 3280 \Device\Harddisk0\DR0\Partition2 - ok
    11:51:27.0480 3280 [ E0807A22874F7B39596BFCEB3118D58A ] \Device\Harddisk1\DR1\Partition1
    11:51:27.0481 3280 \Device\Harddisk1\DR1\Partition1 - ok
    11:51:27.0483 3280 [ 85E098C30CA81C35E55A2F3098EA39BD ] \Device\Harddisk3\DR3\Partition1
    11:51:27.0484 3280 \Device\Harddisk3\DR3\Partition1 - ok
    11:51:27.0485 3280 ============================================================
    11:51:27.0485 3280 Scan finished
    11:51:27.0485 3280 ============================================================
    11:51:27.0490 5388 Detected object count: 4
    11:51:27.0490 5388 Actual detected object count: 4
    11:52:57.0261 5388 ADVService ( UnsignedFile.Multi.Generic ) - skipped by user
    11:52:57.0261 5388 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:52:57.0262 5388 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
    11:52:57.0262 5388 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:52:57.0264 5388 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
    11:52:57.0264 5388 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:52:57.0266 5388 SetupARService ( UnsignedFile.Multi.Generic ) - skipped by user
    11:52:57.0266 5388 SetupARService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:53:27.0752 5152 ============================================================
    11:53:27.0752 5152 Scan started
    11:53:27.0752 5152 Mode: Manual; SigCheck;
    11:53:27.0752 5152 ============================================================
    11:53:27.0842 5152 ================ Scan system memory ========================
    11:53:27.0842 5152 System memory - ok
    11:53:27.0842 5152 ================ Scan services =============================
    11:53:27.0876 5152 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    11:53:27.0888 5152 1394ohci - ok
    11:53:27.0894 5152 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    11:53:27.0905 5152 ACPI - ok
    11:53:27.0907 5152 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    11:53:27.0916 5152 AcpiPmi - ok
    11:53:27.0930 5152 [ AD1EE24224F770E598794ECABA26E8F3 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    11:53:27.0945 5152 AcrSch2Svc - ok
    11:53:27.0949 5152 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:53:27.0956 5152 AdobeARMservice - ok
    11:53:27.0976 5152 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:53:27.0984 5152 AdobeFlashPlayerUpdateSvc - ok
    11:53:27.0991 5152 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    11:53:28.0003 5152 adp94xx - ok
    11:53:28.0009 5152 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    11:53:28.0019 5152 adpahci - ok
    11:53:28.0023 5152 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    11:53:28.0032 5152 adpu320 - ok
    11:53:28.0037 5152 [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    11:53:28.0041 5152 ADVService ( UnsignedFile.Multi.Generic ) - warning
    11:53:28.0041 5152 ADVService - detected UnsignedFile.Multi.Generic (1)
    11:53:28.0045 5152 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    11:53:28.0066 5152 AeLookupSvc - ok
    11:53:28.0071 5152 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
    11:53:28.0079 5152 afcdp - ok
    11:53:28.0104 5152 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    11:53:28.0138 5152 afcdpsrv - ok
    11:53:28.0146 5152 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    11:53:28.0157 5152 AFD - ok
    11:53:28.0161 5152 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    11:53:28.0168 5152 agp440 - ok
    11:53:28.0172 5152 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    11:53:28.0180 5152 ALG - ok
    11:53:28.0183 5152 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    11:53:28.0190 5152 aliide - ok
    11:53:28.0195 5152 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    11:53:28.0207 5152 AMD External Events Utility - ok
    11:53:28.0210 5152 AMD FUEL Service - ok
    11:53:28.0213 5152 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    11:53:28.0220 5152 amdide - ok
    11:53:28.0223 5152 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    11:53:28.0231 5152 AmdK8 - ok
    11:53:28.0306 5152 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    11:53:28.0389 5152 amdkmdag - ok
    11:53:28.0401 5152 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    11:53:28.0413 5152 amdkmdap - ok
    11:53:28.0417 5152 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    11:53:28.0425 5152 AmdPPM - ok
    11:53:28.0429 5152 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    11:53:28.0437 5152 amdsata - ok
    11:53:28.0441 5152 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    11:53:28.0450 5152 amdsbs - ok
    11:53:28.0453 5152 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    11:53:28.0460 5152 amdxata - ok
    11:53:28.0464 5152 [ B9C95291F5EA1072CEC2BA690E07F29F ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    11:53:28.0467 5152 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
    11:53:28.0467 5152 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
    11:53:28.0470 5152 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    11:53:28.0476 5152 AODDriver4.2 - ok
    11:53:28.0480 5152 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
    11:53:28.0486 5152 APC Data Service - ok
    11:53:28.0494 5152 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
    11:53:28.0505 5152 APC UPS Service - ok
    11:53:28.0509 5152 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    11:53:28.0529 5152 AppID - ok
    11:53:28.0532 5152 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    11:53:28.0554 5152 AppIDSvc - ok
    11:53:28.0558 5152 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    11:53:28.0578 5152 Appinfo - ok
    11:53:28.0582 5152 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    11:53:28.0590 5152 arc - ok
    11:53:28.0594 5152 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    11:53:28.0602 5152 arcsas - ok
    11:53:28.0606 5152 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    11:53:28.0612 5152 AsIO - ok
    11:53:28.0616 5152 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
    11:53:28.0625 5152 asmthub3 - ok
    11:53:28.0631 5152 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
    11:53:28.0643 5152 asmtxhci - ok
    11:53:28.0647 5152 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    11:53:28.0669 5152 AsyncMac - ok
    11:53:28.0672 5152 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    11:53:28.0680 5152 atapi - ok
    11:53:28.0685 5152 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    11:53:28.0693 5152 AtiHDAudioService - ok
    11:53:28.0696 5152 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    11:53:28.0702 5152 AtiPcie - ok
    11:53:28.0711 5152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    11:53:28.0735 5152 AudioEndpointBuilder - ok
    11:53:28.0742 5152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    11:53:28.0767 5152 AudioSrv - ok
    11:53:28.0770 5152 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    11:53:28.0781 5152 AxInstSV - ok
    11:53:28.0788 5152 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    11:53:28.0798 5152 b06bdrv - ok
    11:53:28.0803 5152 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:53:28.0812 5152 b57nd60a - ok
    11:53:28.0817 5152 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    11:53:28.0825 5152 BDESVC - ok
    11:53:28.0828 5152 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    11:53:28.0849 5152 Beep - ok
    11:53:28.0857 5152 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    11:53:28.0881 5152 BFE - ok
    11:53:28.0897 5152 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
    11:53:28.0915 5152 BHDrvx64 - ok
    11:53:28.0926 5152 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    11:53:28.0952 5152 BITS - ok
    11:53:28.0955 5152 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    11:53:28.0963 5152 blbdrive - ok
    11:53:28.0966 5152 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    11:53:28.0974 5152 bowser - ok
    11:53:28.0977 5152 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    11:53:28.0986 5152 BrFiltLo - ok
    11:53:28.0988 5152 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    11:53:28.0997 5152 BrFiltUp - ok
    11:53:29.0001 5152 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    11:53:29.0009 5152 Browser - ok
    11:53:29.0014 5152 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    11:53:29.0025 5152 Brserid - ok
    11:53:29.0029 5152 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    11:53:29.0041 5152 BrSerWdm - ok
    11:53:29.0044 5152 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:53:29.0053 5152 BrUsbMdm - ok
    11:53:29.0056 5152 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    11:53:29.0063 5152 BrUsbSer - ok
    11:53:29.0067 5152 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    11:53:29.0076 5152 BTHMODEM - ok
    11:53:29.0081 5152 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    11:53:29.0102 5152 bthserv - ok
    11:53:29.0108 5152 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys
    11:53:29.0115 5152 ccSet_N360 - ok
    11:53:29.0118 5152 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    11:53:29.0140 5152 cdfs - ok
    11:53:29.0144 5152 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    11:53:29.0152 5152 cdrom - ok
    11:53:29.0156 5152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    11:53:29.0177 5152 CertPropSvc - ok
    11:53:29.0180 5152 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    11:53:29.0189 5152 circlass - ok
    11:53:29.0195 5152 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    11:53:29.0205 5152 CLFS - ok
    11:53:29.0212 5152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:53:29.0219 5152 clr_optimization_v2.0.50727_32 - ok
    11:53:29.0224 5152 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:53:29.0231 5152 clr_optimization_v2.0.50727_64 - ok
    11:53:29.0237 5152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:53:29.0245 5152 clr_optimization_v4.0.30319_32 - ok
    11:53:29.0251 5152 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:53:29.0258 5152 clr_optimization_v4.0.30319_64 - ok
    11:53:29.0261 5152 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    11:53:29.0269 5152 CmBatt - ok
    11:53:29.0272 5152 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    11:53:29.0279 5152 cmdide - ok
    11:53:29.0287 5152 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
    11:53:29.0301 5152 CNG - ok
    11:53:29.0305 5152 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    11:53:29.0312 5152 Compbatt - ok
    11:53:29.0315 5152 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    11:53:29.0324 5152 CompositeBus - ok
    11:53:29.0327 5152 COMSysApp - ok
    11:53:29.0331 5152 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    11:53:29.0338 5152 crcdisk - ok
    11:53:29.0344 5152 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    11:53:29.0352 5152 CryptSvc - ok
    11:53:29.0360 5152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    11:53:29.0384 5152 DcomLaunch - ok
    11:53:29.0389 5152 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    11:53:29.0412 5152 defragsvc - ok
    11:53:29.0416 5152 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    11:53:29.0436 5152 DfsC - ok
    11:53:29.0442 5152 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    11:53:29.0451 5152 Dhcp - ok
    11:53:29.0454 5152 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    11:53:29.0475 5152 discache - ok
    11:53:29.0479 5152 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    11:53:29.0486 5152 Disk - ok
    11:53:29.0491 5152 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    11:53:29.0499 5152 Dnscache - ok
    11:53:29.0504 5152 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    11:53:29.0525 5152 dot3svc - ok
    11:53:29.0530 5152 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    11:53:29.0551 5152 DPS - ok
    11:53:29.0554 5152 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    11:53:29.0563 5152 drmkaud - ok
    11:53:29.0574 5152 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    11:53:29.0590 5152 DXGKrnl - ok
    11:53:29.0594 5152 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    11:53:29.0615 5152 EapHost - ok
    11:53:29.0640 5152 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    11:53:29.0669 5152 ebdrv - ok
    11:53:29.0677 5152 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    11:53:29.0687 5152 eeCtrl - ok
    11:53:29.0690 5152 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    11:53:29.0698 5152 EFS - ok
    11:53:29.0707 5152 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    11:53:29.0719 5152 ehRecvr - ok
    11:53:29.0723 5152 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    11:53:29.0731 5152 ehSched - ok
    11:53:29.0738 5152 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    11:53:29.0750 5152 elxstor - ok
    11:53:29.0754 5152 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    11:53:29.0761 5152 EraserUtilRebootDrv - ok
    11:53:29.0764 5152 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    11:53:29.0771 5152 ErrDev - ok
    11:53:29.0780 5152 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    11:53:29.0803 5152 EventSystem - ok
    11:53:29.0808 5152 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    11:53:29.0830 5152 exfat - ok
    11:53:29.0835 5152 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    11:53:29.0856 5152 fastfat - ok
    11:53:29.0865 5152 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    11:53:29.0877 5152 Fax - ok
    11:53:29.0880 5152 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    11:53:29.0888 5152 fdc - ok
    11:53:29.0891 5152 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    11:53:29.0912 5152 fdPHost - ok
    11:53:29.0915 5152 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    11:53:29.0937 5152 FDResPub - ok
    11:53:29.0940 5152 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    11:53:29.0948 5152 FileInfo - ok
    11:53:29.0951 5152 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    11:53:29.0972 5152 Filetrace - ok
    11:53:29.0975 5152 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    11:53:29.0982 5152 flpydisk - ok
    11:53:29.0987 5152 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    11:53:29.0997 5152 FltMgr - ok
    11:53:30.0009 5152 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    11:53:30.0042 5152 FontCache - ok
    11:53:30.0046 5152 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:53:30.0053 5152 FontCache3.0.0.0 - ok
    11:53:30.0057 5152 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    11:53:30.0066 5152 FsDepends - ok
    11:53:30.0070 5152 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    11:53:30.0077 5152 Fs_Rec - ok
    11:53:30.0101 5152 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    11:53:30.0115 5152 fvevol - ok
    11:53:30.0120 5152 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    11:53:30.0128 5152 gagp30kx - ok
    11:53:30.0139 5152 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    11:53:30.0164 5152 gpsvc - ok
    11:53:30.0168 5152 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    11:53:30.0176 5152 gusvc - ok
    11:53:30.0179 5152 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    11:53:30.0186 5152 hcw85cir - ok
    11:53:30.0192 5152 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    11:53:30.0204 5152 HdAudAddService - ok
    11:53:30.0208 5152 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:53:30.0218 5152 HDAudBus - ok
    11:53:30.0221 5152 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    11:53:30.0228 5152 HidBatt - ok
    11:53:30.0232 5152 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    11:53:30.0242 5152 HidBth - ok
    11:53:30.0245 5152 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    11:53:30.0254 5152 HidIr - ok
    11:53:30.0257 5152 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    11:53:30.0279 5152 hidserv - ok
    11:53:30.0282 5152 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    11:53:30.0290 5152 HidUsb - ok
    11:53:30.0293 5152 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    11:53:30.0314 5152 hkmsvc - ok
    11:53:30.0319 5152 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    11:53:30.0327 5152 HomeGroupListener - ok
    11:53:30.0333 5152 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    11:53:30.0342 5152 HomeGroupProvider - ok
    11:53:30.0345 5152 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    11:53:30.0353 5152 HpSAMD - ok
    11:53:30.0361 5152 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    11:53:30.0386 5152 HTTP - ok
    11:53:30.0389 5152 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    11:53:30.0396 5152 hwpolicy - ok
    11:53:30.0400 5152 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    11:53:30.0408 5152 i8042prt - ok
    11:53:30.0415 5152 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    11:53:30.0425 5152 iaStorV - ok
    11:53:30.0435 5152 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:53:30.0448 5152 idsvc - ok
    11:53:30.0456 5152 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130130.001\IDSvia64.sys
    11:53:30.0468 5152 IDSVia64 - ok
    11:53:30.0472 5152 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    11:53:30.0479 5152 iirsp - ok
    11:53:30.0489 5152 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    11:53:30.0514 5152 IKEEXT - ok
    11:53:30.0519 5152 IntcAzAudAddService - ok
    11:53:30.0522 5152 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    11:53:30.0529 5152 intelide - ok
    11:53:30.0532 5152 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    11:53:30.0540 5152 intelppm - ok
    11:53:30.0544 5152 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    11:53:30.0565 5152 IPBusEnum - ok
    11:53:30.0569 5152 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:53:30.0589 5152 IpFilterDriver - ok
    11:53:30.0598 5152 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    11:53:30.0608 5152 iphlpsvc - ok
    11:53:30.0612 5152 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    11:53:30.0620 5152 IPMIDRV - ok
    11:53:30.0623 5152 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    11:53:30.0645 5152 IPNAT - ok
    11:53:30.0648 5152 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    11:53:30.0658 5152 IRENUM - ok
    11:53:30.0661 5152 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    11:53:30.0669 5152 isapnp - ok
    11:53:30.0674 5152 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    11:53:30.0683 5152 iScsiPrt - ok
    11:53:30.0686 5152 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    11:53:30.0694 5152 kbdclass - ok
    11:53:30.0697 5152 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    11:53:30.0704 5152 kbdhid - ok
    11:53:30.0707 5152 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    11:53:30.0715 5152 KeyIso - ok
    11:53:30.0718 5152 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    11:53:30.0726 5152 KSecDD - ok
    11:53:30.0731 5152 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    11:53:30.0739 5152 KSecPkg - ok
    11:53:30.0742 5152 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    11:53:30.0763 5152 ksthunk - ok
    11:53:30.0769 5152 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    11:53:30.0792 5152 KtmRm - ok
    11:53:30.0797 5152 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    11:53:30.0819 5152 LanmanServer - ok
    11:53:30.0823 5152 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    11:53:30.0844 5152 LanmanWorkstation - ok
    11:53:30.0852 5152 [ 95EC0CB52692894E050CFC3573ABC3B2 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    11:53:30.0861 5152 LBTServ - ok
    11:53:30.0866 5152 [ 4838EA42D5BBE1CA6BEE9BBA35E8D2E5 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
    11:53:30.0873 5152 LEqdUsb - ok
    11:53:30.0876 5152 [ 6F63F8A7FF6D4671973619BCF821B2F5 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
    11:53:30.0883 5152 LHidEqd - ok
    11:53:30.0887 5152 [ E536A1D8502D0CA79B928CAB9EAEB807 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    11:53:30.0894 5152 LHidFilt - ok
    11:53:30.0899 5152 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    11:53:30.0920 5152 lltdio - ok
    11:53:30.0925 5152 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    11:53:30.0948 5152 lltdsvc - ok
    11:53:30.0952 5152 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    11:53:30.0973 5152 lmhosts - ok
    11:53:30.0976 5152 [ 2E6D0110DACC769AE478ADE6C2572E37 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    11:53:30.0983 5152 LMouFilt - ok
    11:53:30.0988 5152 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    11:53:30.0996 5152 LSI_FC - ok
    11:53:31.0000 5152 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    11:53:31.0008 5152 LSI_SAS - ok
    11:53:31.0011 5152 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    11:53:31.0019 5152 LSI_SAS2 - ok
    11:53:31.0023 5152 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    11:53:31.0033 5152 LSI_SCSI - ok
    11:53:31.0036 5152 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    11:53:31.0058 5152 luafv - ok
    11:53:31.0061 5152 [ E63D9C01BF354657CF77A8DF3109BEE4 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
    11:53:31.0068 5152 LUsbFilt - ok
    11:53:31.0071 5152 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    11:53:31.0077 5152 MBAMProtector - ok
    11:53:31.0084 5152 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    11:53:31.0092 5152 MBAMScheduler - ok
    11:53:31.0101 5152 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    11:53:31.0112 5152 MBAMService - ok
    11:53:31.0115 5152 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    11:53:31.0124 5152 Mcx2Svc - ok
    11:53:31.0130 5152 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    11:53:31.0136 5152 MDM ( UnsignedFile.Multi.Generic ) - warning
    11:53:31.0136 5152 MDM - detected UnsignedFile.Multi.Generic (1)
    11:53:31.0139 5152 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    11:53:31.0146 5152 megasas - ok
    11:53:31.0151 5152 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    11:53:31.0161 5152 MegaSR - ok
    11:53:31.0167 5152 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    11:53:31.0176 5152 Microsoft Office Groove Audit Service - ok
    11:53:31.0179 5152 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    11:53:31.0201 5152 MMCSS - ok
    11:53:31.0204 5152 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    11:53:31.0225 5152 Modem - ok
    11:53:31.0228 5152 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    11:53:31.0237 5152 monitor - ok
    11:53:31.0240 5152 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    11:53:31.0248 5152 mouclass - ok
    11:53:31.0251 5152 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    11:53:31.0258 5152 mouhid - ok
    11:53:31.0262 5152 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    11:53:31.0270 5152 mountmgr - ok
    11:53:31.0274 5152 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    11:53:31.0282 5152 MozillaMaintenance - ok
    11:53:31.0286 5152 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    11:53:31.0294 5152 mpio - ok
    11:53:31.0297 5152 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    11:53:31.0319 5152 mpsdrv - ok
    11:53:31.0329 5152 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    11:53:31.0355 5152 MpsSvc - ok
    11:53:31.0359 5152 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    11:53:31.0370 5152 MRxDAV - ok
    11:53:31.0374 5152 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:53:31.0382 5152 mrxsmb - ok
    11:53:31.0387 5152 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:53:31.0396 5152 mrxsmb10 - ok
    11:53:31.0400 5152 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:53:31.0408 5152 mrxsmb20 - ok
    11:53:31.0411 5152 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    11:53:31.0418 5152 msahci - ok
    11:53:31.0423 5152 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    11:53:31.0430 5152 MSCamSvc - ok
    11:53:31.0434 5152 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    11:53:31.0442 5152 msdsm - ok
    11:53:31.0446 5152 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    11:53:31.0455 5152 MSDTC - ok
    11:53:31.0461 5152 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    11:53:31.0482 5152 Msfs - ok
    11:53:31.0485 5152 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    11:53:31.0505 5152 mshidkmdf - ok
    11:53:31.0509 5152 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
    11:53:31.0515 5152 MSHUSBVideo - ok
    11:53:31.0518 5152 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    11:53:31.0525 5152 msisadrv - ok
    11:53:31.0530 5152 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    11:53:31.0552 5152 MSiSCSI - ok
    11:53:31.0554 5152 msiserver - ok
    11:53:31.0558 5152 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    11:53:31.0579 5152 MSKSSRV - ok
    11:53:31.0582 5152 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    11:53:31.0603 5152 MSPCLOCK - ok
    11:53:31.0606 5152 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    11:53:31.0627 5152 MSPQM - ok
    11:53:31.0633 5152 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    11:53:31.0643 5152 MsRPC - ok
    11:53:31.0647 5152 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    11:53:31.0655 5152 mssmbios - ok
    11:53:31.0658 5152 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    11:53:31.0679 5152 MSTEE - ok
    11:53:31.0682 5152 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    11:53:31.0689 5152 MTConfig - ok
    11:53:31.0692 5152 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    11:53:31.0699 5152 MTsensor - ok
    11:53:31.0702 5152 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    11:53:31.0709 5152 Mup - ok
    11:53:31.0717 5152 [ 4BA84C832E0741A294C4444556DFE993 ] N360 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
    11:53:31.0724 5152 N360 - ok
    11:53:31.0730 5152 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    11:53:31.0754 5152 napagent - ok
    11:53:31.0760 5152 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    11:53:31.0772 5152 NativeWifiP - ok
    11:53:31.0776 5152 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130130.033\ENG64.SYS
    11:53:31.0784 5152 NAVENG - ok
    11:53:31.0801 5152 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130130.033\EX64.SYS
    11:53:31.0825 5152 NAVEX15 - ok
    11:53:31.0837 5152 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    11:53:31.0852 5152 NDIS - ok
    11:53:31.0856 5152 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    11:53:31.0877 5152 NdisCap - ok
    11:53:31.0880 5152 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    11:53:31.0901 5152 NdisTapi - ok
    11:53:31.0904 5152 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    11:53:31.0924 5152 Ndisuio - ok
    11:53:31.0929 5152 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    11:53:31.0950 5152 NdisWan - ok
    11:53:31.0953 5152 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    11:53:31.0974 5152 NDProxy - ok
    11:53:31.0977 5152 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    11:53:31.0998 5152 NetBIOS - ok
    11:53:32.0003 5152 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    11:53:32.0024 5152 NetBT - ok
    11:53:32.0028 5152 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    11:53:32.0038 5152 Netlogon - ok
    11:53:32.0043 5152 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    11:53:32.0067 5152 Netman - ok
    11:53:32.0075 5152 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    11:53:32.0099 5152 netprofm - ok
    11:53:32.0109 5152 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    11:53:32.0120 5152 netr28x - ok
    11:53:32.0123 5152 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:53:32.0130 5152 NetTcpPortSharing - ok
    11:53:32.0134 5152 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    11:53:32.0141 5152 nfrd960 - ok
    11:53:32.0146 5152 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    11:53:32.0156 5152 NlaSvc - ok
    11:53:32.0159 5152 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    11:53:32.0180 5152 Npfs - ok
    11:53:32.0184 5152 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    11:53:32.0205 5152 nsi - ok
    11:53:32.0210 5152 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    11:53:32.0231 5152 nsiproxy - ok
    11:53:32.0248 5152 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    11:53:32.0270 5152 Ntfs - ok
    11:53:32.0273 5152 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    11:53:32.0294 5152 Null - ok
    11:53:32.0298 5152 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    11:53:32.0306 5152 nvraid - ok
    11:53:32.0311 5152 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    11:53:32.0319 5152 nvstor - ok
    11:53:32.0323 5152 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    11:53:32.0331 5152 nv_agp - ok
    11:53:32.0338 5152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:53:32.0348 5152 odserv - ok
    11:53:32.0352 5152 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    11:53:32.0360 5152 ohci1394 - ok
    11:53:32.0364 5152 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:53:32.0371 5152 ose - ok
    11:53:32.0378 5152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    11:53:32.0388 5152 p2pimsvc - ok
    11:53:32.0394 5152 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    11:53:32.0405 5152 p2psvc - ok
    11:53:32.0408 5152 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    11:53:32.0416 5152 Parport - ok
    11:53:32.0420 5152 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    11:53:32.0428 5152 partmgr - ok
    11:53:32.0432 5152 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    11:53:32.0444 5152 PcaSvc - ok
    11:53:32.0448 5152 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    11:53:32.0457 5152 pci - ok
    11:53:32.0460 5152 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    11:53:32.0467 5152 pciide - ok
    11:53:32.0472 5152 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    11:53:32.0480 5152 pcmcia - ok
    11:53:32.0484 5152 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    11:53:32.0491 5152 pcw - ok
    11:53:32.0499 5152 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    11:53:32.0524 5152 PEAUTH - ok
    11:53:32.0543 5152 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    11:53:32.0551 5152 PerfHost - ok
    11:53:32.0569 5152 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    11:53:32.0598 5152 pla - ok
    11:53:32.0604 5152 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    11:53:32.0615 5152 PlugPlay - ok
    11:53:32.0619 5152 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    11:53:32.0626 5152 PNRPAutoReg - ok
    11:53:32.0631 5152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    11:53:32.0641 5152 PNRPsvc - ok
    11:53:32.0648 5152 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    11:53:32.0673 5152 PolicyAgent - ok
    11:53:32.0679 5152 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    11:53:32.0703 5152 Power - ok
    11:53:32.0707 5152 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    11:53:32.0727 5152 PptpMiniport - ok
    11:53:32.0730 5152 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    11:53:32.0738 5152 Processor - ok
    11:53:32.0743 5152 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    11:53:32.0752 5152 ProfSvc - ok
    11:53:32.0755 5152 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    11:53:32.0762 5152 ProtectedStorage - ok
    11:53:32.0766 5152 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    11:53:32.0787 5152 Psched - ok
    11:53:32.0800 5152 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    11:53:32.0820 5152 ql2300 - ok
    11:53:32.0824 5152 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    11:53:32.0833 5152 ql40xx - ok
    11:53:32.0838 5152 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    11:53:32.0850 5152 QWAVE - ok
    11:53:32.0853 5152 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    11:53:32.0863 5152 QWAVEdrv - ok
    11:53:32.0867 5152 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    11:53:32.0888 5152 RasAcd - ok
    11:53:32.0891 5152 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:53:32.0912 5152 RasAgileVpn - ok
    11:53:32.0916 5152 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    11:53:32.0938 5152 RasAuto - ok
    11:53:32.0942 5152 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:53:32.0962 5152 Rasl2tp - ok
    11:53:32.0968 5152 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    11:53:32.0990 5152 RasMan - ok
    11:53:32.0994 5152 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    11:53:33.0015 5152 RasPppoe - ok
    11:53:33.0019 5152 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    11:53:33.0041 5152 RasSstp - ok
    11:53:33.0048 5152 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    11:53:33.0069 5152 rdbss - ok
    11:53:33.0072 5152 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    11:53:33.0082 5152 rdpbus - ok
    11:53:33.0084 5152 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:53:33.0105 5152 RDPCDD - ok
    11:53:33.0110 5152 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    11:53:33.0131 5152 RDPENCDD - ok
    11:53:33.0135 5152 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    11:53:33.0156 5152 RDPREFMP - ok
    11:53:33.0160 5152 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    11:53:33.0168 5152 RdpVideoMiniport - ok
    11:53:33.0174 5152 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    11:53:33.0183 5152 RDPWD - ok
    11:53:33.0188 5152 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    11:53:33.0197 5152 rdyboost - ok
    11:53:33.0200 5152 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    11:53:33.0223 5152 RemoteAccess - ok
    11:53:33.0227 5152 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    11:53:33.0249 5152 RemoteRegistry - ok
    11:53:33.0253 5152 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    11:53:33.0274 5152 RpcEptMapper - ok
    11:53:33.0277 5152 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    11:53:33.0285 5152 RpcLocator - ok
    11:53:33.0292 5152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    11:53:33.0316 5152 RpcSs - ok
    11:53:33.0320 5152 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    11:53:33.0341 5152 rspndr - ok
    11:53:33.0350 5152 [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:53:33.0361 5152 RTL8167 - ok
    11:53:33.0365 5152 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    11:53:33.0373 5152 SamSs - ok
    11:53:33.0376 5152 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    11:53:33.0384 5152 sbp2port - ok
    11:53:33.0388 5152 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    11:53:33.0411 5152 SCardSvr - ok
    11:53:33.0414 5152 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    11:53:33.0434 5152 scfilter - ok
    11:53:33.0445 5152 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    11:53:33.0473 5152 Schedule - ok
    11:53:33.0476 5152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    11:53:33.0496 5152 SCPolicySvc - ok
    11:53:33.0501 5152 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    11:53:33.0509 5152 SDRSVC - ok
    11:53:33.0512 5152 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    11:53:33.0533 5152 secdrv - ok
    11:53:33.0537 5152 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    11:53:33.0557 5152 seclogon - ok
    11:53:33.0561 5152 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    11:53:33.0583 5152 SENS - ok
    11:53:33.0586 5152 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    11:53:33.0593 5152 SensrSvc - ok
    11:53:33.0596 5152 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    11:53:33.0604 5152 Serenum - ok
    11:53:33.0608 5152 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    11:53:33.0615 5152 Serial - ok
    11:53:33.0618 5152 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    11:53:33.0626 5152 sermouse - ok
    11:53:33.0633 5152 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    11:53:33.0655 5152 SessionEnv - ok
    11:53:33.0658 5152 [ 18A4EB256E35A6DD233C4D005835879A ] SetupARService C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
    11:53:33.0661 5152 SetupARService ( UnsignedFile.Multi.Generic ) - warning
    11:53:33.0661 5152 SetupARService - detected UnsignedFile.Multi.Generic (1)
    11:53:33.0664 5152 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    11:53:33.0672 5152 sffdisk - ok
    11:53:33.0675 5152 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    11:53:33.0684 5152 sffp_mmc - ok
    11:53:33.0687 5152 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    11:53:33.0696 5152 sffp_sd - ok
    11:53:33.0699 5152 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    11:53:33.0707 5152 sfloppy - ok
    11:53:33.0712 5152 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    11:53:33.0736 5152 SharedAccess - ok
    11:53:33.0742 5152 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    11:53:33.0764 5152 ShellHWDetection - ok
    11:53:33.0768 5152 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    11:53:33.0776 5152 SiSRaid2 - ok
    11:53:33.0779 5152 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    11:53:33.0787 5152 SiSRaid4 - ok
    11:53:33.0791 5152 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    11:53:33.0812 5152 Smb - ok
    11:53:33.0821 5152 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
    11:53:33.0829 5152 snapman - ok
    11:53:33.0832 5152 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    11:53:33.0841 5152 SNMPTRAP - ok
    11:53:33.0844 5152 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    11:53:33.0851 5152 spldr - ok
    11:53:33.0859 5152 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    11:53:33.0870 5152 Spooler - ok
    11:53:33.0897 5152 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    11:53:33.0940 5152 sppsvc - ok
    11:53:33.0945 5152 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    11:53:33.0966 5152 sppuinotify - ok
    11:53:33.0977 5152 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS
    11:53:33.0989 5152 SRTSP - ok
    11:53:33.0993 5152 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS
    11:53:33.0999 5152 SRTSPX - ok
    11:53:34.0006 5152 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    11:53:34.0016 5152 srv - ok
    11:53:34.0023 5152 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    11:53:34.0034 5152 srv2 - ok
    11:53:34.0039 5152 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    11:53:34.0047 5152 srvnet - ok
    11:53:34.0051 5152 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    11:53:34.0074 5152 SSDPSRV - ok
    11:53:34.0078 5152 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    11:53:34.0099 5152 SstpSvc - ok
    11:53:34.0103 5152 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    11:53:34.0110 5152 stexstor - ok
    11:53:34.0118 5152 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    11:53:34.0133 5152 stisvc - ok
    11:53:34.0136 5152 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    11:53:34.0143 5152 swenum - ok
    11:53:34.0150 5152 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    11:53:34.0175 5152 swprv - ok
    11:53:34.0183 5152 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS
    11:53:34.0193 5152 SymDS - ok
    11:53:34.0205 5152 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS
    11:53:34.0220 5152 SymEFA - ok
    11:53:34.0225 5152 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    11:53:34.0233 5152 SymEvent - ok
    11:53:34.0236 5152 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
    11:53:34.0243 5152 SymIM - ok
    11:53:34.0248 5152 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS
    11:53:34.0255 5152 SymIRON - ok
    11:53:34.0262 5152 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS
    11:53:34.0272 5152 SymNetS - ok
    11:53:34.0288 5152 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    11:53:34.0311 5152 SysMain - ok
    11:53:34.0315 5152 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    11:53:34.0327 5152 TabletInputService - ok
    11:53:34.0332 5152 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    11:53:34.0355 5152 TapiSrv - ok
    11:53:34.0358 5152 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    11:53:34.0380 5152 TBS - ok
    11:53:34.0397 5152 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    11:53:34.0421 5152 Tcpip - ok
    11:53:34.0438 5152 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    11:53:34.0461 5152 TCPIP6 - ok
    11:53:34.0467 5152 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    11:53:34.0474 5152 tcpipreg - ok
    11:53:34.0479 5152 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    11:53:34.0486 5152 TDPIPE - ok
    11:53:34.0498 5152 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
    11:53:34.0515 5152 tdrpman273 - ok
    11:53:34.0519 5152 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    11:53:34.0526 5152 TDTCP - ok
    11:53:34.0529 5152 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    11:53:34.0550 5152 tdx - ok
    11:53:34.0554 5152 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    11:53:34.0561 5152 TermDD - ok
    11:53:34.0570 5152 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    11:53:34.0595 5152 TermService - ok
    11:53:34.0598 5152 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    11:53:34.0610 5152 Themes - ok
    11:53:34.0613 5152 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    11:53:34.0634 5152 THREADORDER - ok
    11:53:34.0646 5152 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
    11:53:34.0659 5152 timounter - ok
    11:53:34.0664 5152 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    11:53:34.0686 5152 TrkWks - ok
    11:53:34.0690 5152 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    11:53:34.0711 5152 TrustedInstaller - ok
    11:53:34.0716 5152 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:53:34.0737 5152 tssecsrv - ok
    11:53:34.0740 5152 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    11:53:34.0748 5152 TsUsbFlt - ok
    11:53:34.0751 5152 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    11:53:34.0758 5152 TsUsbGD - ok
    11:53:34.0762 5152 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    11:53:34.0782 5152 tunnel - ok
    11:53:34.0786 5152 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    11:53:34.0793 5152 uagp35 - ok
    11:53:34.0799 5152 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    11:53:34.0821 5152 udfs - ok
    11:53:34.0827 5152 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    11:53:34.0836 5152 UI0Detect - ok
    11:53:34.0839 5152 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    11:53:34.0847 5152 uliagpkx - ok
    11:53:34.0850 5152 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    11:53:34.0857 5152 umbus - ok
    11:53:34.0860 5152 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    11:53:34.0868 5152 UmPass - ok
    11:53:34.0874 5152 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    11:53:34.0897 5152 upnphost - ok
    11:53:34.0901 5152 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    11:53:34.0911 5152 usbaudio - ok
    11:53:34.0915 5152 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    11:53:34.0922 5152 usbccgp - ok
    11:53:34.0926 5152 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    11:53:34.0935 5152 usbcir - ok
    11:53:34.0939 5152 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    11:53:34.0946 5152 usbehci - ok
    11:53:34.0952 5152 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    11:53:34.0961 5152 usbhub - ok
    11:53:34.0965 5152 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    11:53:34.0972 5152 usbohci - ok
    11:53:34.0975 5152 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    11:53:34.0984 5152 usbprint - ok
    11:53:34.0987 5152 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:53:34.0995 5152 USBSTOR - ok
    11:53:34.0999 5152 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    11:53:35.0006 5152 usbuhci - ok
    11:53:35.0011 5152 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    11:53:35.0022 5152 usbvideo - ok
    11:53:35.0026 5152 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    11:53:35.0048 5152 UxSms - ok
    11:53:35.0051 5152 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    11:53:35.0058 5152 VaultSvc - ok
    11:53:35.0062 5152 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    11:53:35.0069 5152 vdrvroot - ok
    11:53:35.0076 5152 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    11:53:35.0100 5152 vds - ok
    11:53:35.0104 5152 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    11:53:35.0113 5152 vga - ok
    11:53:35.0116 5152 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    11:53:35.0137 5152 VgaSave - ok
    11:53:35.0142 5152 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    11:53:35.0151 5152 vhdmp - ok
    11:53:35.0154 5152 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    11:53:35.0161 5152 viaide - ok
    11:53:35.0164 5152 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    11:53:35.0172 5152 volmgr - ok
    11:53:35.0182 5152 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    11:53:35.0192 5152 volmgrx - ok
    11:53:35.0198 5152 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    11:53:35.0207 5152 volsnap - ok
    11:53:35.0214 5152 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    11:53:35.0223 5152 vsmraid - ok
    11:53:35.0237 5152 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    11:53:35.0268 5152 VSS - ok
    11:53:35.0272 5152 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    11:53:35.0281 5152 vwifibus - ok
    11:53:35.0284 5152 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    11:53:35.0295 5152 vwififlt - ok
    11:53:35.0300 5152 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    11:53:35.0324 5152 W32Time - ok
    11:53:35.0329 5152 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    11:53:35.0337 5152 WacomPen - ok
    11:53:35.0340 5152 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    11:53:35.0360 5152 WANARP - ok
    11:53:35.0363 5152 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    11:53:35.0384 5152 Wanarpv6 - ok
    11:53:35.0397 5152 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    11:53:35.0415 5152 WatAdminSvc - ok
    11:53:35.0429 5152 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    11:53:35.0446 5152 wbengine - ok
    11:53:35.0452 5152 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    11:53:35.0464 5152 WbioSrvc - ok
    11:53:35.0469 5152 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    11:53:35.0482 5152 wcncsvc - ok
    11:53:35.0486 5152 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    11:53:35.0494 5152 WcsPlugInService - ok
    11:53:35.0497 5152 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    11:53:35.0504 5152 Wd - ok
    11:53:35.0514 5152 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    11:53:35.0529 5152 Wdf01000 - ok
    11:53:35.0532 5152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    11:53:35.0544 5152 WdiServiceHost - ok
    11:53:35.0547 5152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    11:53:35.0558 5152 WdiSystemHost - ok
    11:53:35.0563 5152 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    11:53:35.0575 5152 WebClient - ok
    11:53:35.0580 5152 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    11:53:35.0603 5152 Wecsvc - ok
    11:53:35.0607 5152 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    11:53:35.0629 5152 wercplsupport - ok
    11:53:35.0632 5152 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    11:53:35.0654 5152 WerSvc - ok
    11:53:35.0657 5152 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    11:53:35.0678 5152 WfpLwf - ok
    11:53:35.0681 5152 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    11:53:35.0688 5152 WIMMount - ok
    11:53:35.0691 5152 WinDefend - ok
    11:53:35.0695 5152 WinHttpAutoProxySvc - ok
    11:53:35.0703 5152 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    11:53:35.0725 5152 Winmgmt - ok
    11:53:35.0743 5152 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    11:53:35.0776 5152 WinRM - ok
    11:53:35.0789 5152 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    11:53:35.0806 5152 Wlansvc - ok
    11:53:35.0809 5152 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    11:53:35.0816 5152 WmiAcpi - ok
    11:53:35.0822 5152 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    11:53:35.0831 5152 wmiApSrv - ok
    11:53:35.0834 5152 WMPNetworkSvc - ok
    11:53:35.0838 5152 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    11:53:35.0846 5152 WPCSvc - ok
    11:53:35.0849 5152 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    11:53:35.0859 5152 WPDBusEnum - ok
    11:53:35.0862 5152 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    11:53:35.0883 5152 ws2ifsl - ok
    11:53:35.0887 5152 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    11:53:35.0899 5152 wscsvc - ok
    11:53:35.0902 5152 WSearch - ok
    11:53:35.0924 5152 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    11:53:35.0952 5152 wuauserv - ok
    11:53:35.0957 5152 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    11:53:35.0965 5152 WudfPf - ok
    11:53:35.0969 5152 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:53:35.0978 5152 WUDFRd - ok
    11:53:35.0981 5152 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    11:53:35.0990 5152 wudfsvc - ok
    11:53:35.0994 5152 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    11:53:36.0006 5152 WwanSvc - ok
    11:53:36.0011 5152 ================ Scan global ===============================
    11:53:36.0015 5152 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    11:53:36.0018 5152 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
    11:53:36.0023 5152 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
    11:53:36.0027 5152 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    11:53:36.0033 5152 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    11:53:36.0035 5152 [Global] - ok
    11:53:36.0035 5152 ================ Scan MBR ==================================
    11:53:36.0037 5152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    11:53:36.0099 5152 \Device\Harddisk0\DR0 - ok
    11:53:36.0101 5152 [ F46767AE2998EA7510CA3750ADFC1357 ] \Device\Harddisk1\DR1
    11:53:36.0210 5152 \Device\Harddisk1\DR1 - ok
    11:53:36.0212 5152 [ 4976D4A7A40B83FC7F06EE4BDD84EB9B ] \Device\Harddisk2\DR2
    11:53:36.0214 5152 \Device\Harddisk2\DR2 - ok
    11:53:36.0217 5152 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
    11:53:36.0219 5152 \Device\Harddisk3\DR3 - ok
    11:53:36.0219 5152 ================ Scan VBR ==================================
    11:53:36.0221 5152 [ 59EFC286123616AC2B7E56D0E0266D48 ] \Device\Harddisk0\DR0\Partition1
    11:53:36.0222 5152 \Device\Harddisk0\DR0\Partition1 - ok
    11:53:36.0224 5152 [ 1D72EC859811FBC25332DF277E0C1E58 ] \Device\Harddisk0\DR0\Partition2
    11:53:36.0225 5152 \Device\Harddisk0\DR0\Partition2 - ok
    11:53:36.0227 5152 [ E0807A22874F7B39596BFCEB3118D58A ] \Device\Harddisk1\DR1\Partition1
    11:53:36.0228 5152 \Device\Harddisk1\DR1\Partition1 - ok
    11:53:36.0230 5152 [ 85E098C30CA81C35E55A2F3098EA39BD ] \Device\Harddisk3\DR3\Partition1
    11:53:36.0231 5152 \Device\Harddisk3\DR3\Partition1 - ok
    11:53:36.0232 5152 ============================================================
    11:53:36.0232 5152 Scan finished
    11:53:36.0232 5152 ============================================================
    11:53:36.0237 5632 Detected object count: 4
    11:53:36.0237 5632 Actual detected object count: 4
    11:53:58.0693 5632 C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe - copied to quarantine
    11:53:58.0693 5632 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    11:53:58.0693 5632 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
    11:53:58.0693 5632 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:53:58.0702 5632 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe - copied to quarantine
    11:53:58.0702 5632 MDM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    11:53:58.0705 5632 C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe - copied to quarantine
    11:53:58.0706 5632 SetupARService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:01:25.0520 5108 Deinitialize success
     
  3. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    Still could not get to the site following the link to DDS.scr. We were able to download it to my laptop and saved it to a flash drive (newly formatted). However, it will still not produce the necessary 2 .txt files...Could not connect to that site nor follow the link in this forum to Bleeping Computers Site...the address in the address bar shows as:
    WW2.BleepingComputers.com. It is not the same page that I visited on my laptop and was able to retrieve. Each time we try to type in the address bar it appears we are being re-directed?

    Just an update on info - don't want to appear pushy. Thanks in advance!
     
  4. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    We are following the steps of a very recent post seemingly similar (with the exception of the DDS still :eek:) )and have produced the 2 following logs:

    Thank you. (y)

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-02-2013 03
    Ran by SYSTEM at 31-01-2013 21:40:23
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.)
    HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [394832 2011-09-22] (Acronis)
    HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b [5403776 2012-03-15] (
    ASUSTeK Computer Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
    HKLM-x32\...\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536760 2011-09-22] (Acronis)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5550984 2011-09-22] (Acronis)
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2012-06-28] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
    HKU\S&M Productions\...\Run: [RockMelt Update] "C:\Users\S&M Productions\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c [136336 2013-01-19] (RockMelt Inc.)
    HKU\S&M Productions\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
    ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
    ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
    Startup: C:\Users\S&M Productions\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

    ==================== Services (Whitelisted) ===================

    2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1113784 2011-09-22] (Acronis)
    2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com)
    2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-01-19] (Acronis)
    2 APC Data Service; "C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe" [21880 2012-01-24] (Schneider Electric)
    2 APC UPS Service; "C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe" [705912 2012-01-24] (Schneider Electric)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 N360; "C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.1.22\diMaster.dll" /prefetch:1 [535416 2012-12-05] (Symantec Corporation)
    2 SetupARService; "C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe" [24576 2013-01-19] (Realtek Semiconductor.)

    ==================== Drivers (Whitelisted) =====================

    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] ()
    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
    1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation)
    3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-18] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-18] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130130.001\IDSvia64.sys [513184 2013-01-18] (Symantec Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130131.007\ENG64.SYS [126192 2013-01-18] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130131.007\EX64.SYS [2087664 2013-01-18] (Symantec Corporation)
    3 SRTSP; C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS [37496 2012-09-06] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\N360x64\1402010.016\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\N360x64\1402010.016\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-01-19] (Symantec Corporation)
    1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2012-09-06] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)
    3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-01-31 21:39 - 2013-01-31 21:39 - 00000000 ____D C:\FRST
    2013-01-31 14:41 - 2013-01-31 14:41 - 00001330 ____A C:\AdwCleaner[S1].txt
    2013-01-31 14:41 - 2013-01-31 14:41 - 00001223 ____A C:\AdwCleaner[R2].txt
    2013-01-31 14:40 - 2013-01-31 14:40 - 00001163 ____A C:\AdwCleaner[R1].txt
    2013-01-31 14:26 - 2013-01-31 14:26 - 00000000 ____D C:\Program Files (x86)\CPUID
    2013-01-31 14:26 - 2012-02-14 10:49 - 00114176 ____A (CPUID) C:\Windows\SysWOW64\PCWizard.cpl
    2013-01-31 10:56 - 2013-01-31 10:56 - 00000000 ____D C:\Users\All Users\Yahoo!
    2013-01-31 09:53 - 2013-01-31 09:53 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-01-30 10:25 - 2013-01-30 10:25 - 00000000 ____D C:\Users\S&M Productions\dwhelper
    2013-01-29 04:53 - 2013-01-29 04:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2013-01-27 11:42 - 2013-01-27 11:42 - 00000000 ____D C:\Program Files (x86)\ConvertHelper
    2013-01-27 11:39 - 2013-01-27 11:39 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Macromedia
    2013-01-21 09:02 - 2013-01-21 09:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
    2013-01-21 09:00 - 2013-01-21 09:00 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2013-01-21 09:00 - 2013-01-21 09:00 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2013-01-21 08:59 - 2013-01-27 17:22 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Adobe
    2013-01-21 07:09 - 2013-01-21 07:09 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Mozilla
    2013-01-21 07:09 - 2013-01-21 07:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-01-20 19:30 - 2013-01-20 19:30 - 625483677 ____N C:\Windows\MEMORY.DMP
    2013-01-20 19:30 - 2013-01-20 19:30 - 00275736 ____A C:\Windows\Minidump\012013-24960-01.dmp
    2013-01-20 19:30 - 2013-01-20 19:30 - 00000000 ____D C:\Windows\Minidump
    2013-01-20 16:29 - 2012-09-06 18:05 - 00043680 ___RA (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys
    2013-01-20 14:39 - 2013-01-20 14:39 - 00308640 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-01-20 14:39 - 2013-01-20 14:39 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-01-20 14:39 - 2013-01-20 14:39 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-01-20 14:39 - 2013-01-20 14:39 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-01-20 14:39 - 2013-01-20 14:39 - 00000000 ____D C:\Windows\Sun
    2013-01-20 14:39 - 2013-01-20 14:39 - 00000000 ____D C:\Program Files\Java
    2013-01-20 14:34 - 2013-01-31 14:28 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\CrashDumps
    2013-01-20 14:34 - 2013-01-28 16:28 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Google
    2013-01-20 14:33 - 2013-01-28 16:28 - 00000000 ____D C:\Program Files (x86)\Google
    2013-01-20 14:33 - 2013-01-21 09:00 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-01-20 14:32 - 2013-01-27 17:23 - 00000000 ____D C:\Users\All Users\Adobe
    2013-01-20 12:56 - 2013-01-20 13:24 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy
    2013-01-20 12:56 - 2013-01-20 12:57 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\AccurateRip
    2013-01-20 12:56 - 2013-01-20 12:56 - 00001074 ____A C:\Users\Public\Desktop\Exact Audio Copy.lnk
    2013-01-20 12:56 - 2013-01-20 12:56 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\EAC
    2013-01-20 12:41 - 2013-01-20 12:42 - 00000000 ____D C:\Users\S&M Productions\.gimp-2.8
    2013-01-20 12:41 - 2013-01-20 12:41 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\gegl-0.2
    2013-01-20 12:40 - 2013-01-20 12:45 - 00000000 ____D C:\Program Files (x86)\EasyTAG
    2013-01-20 11:29 - 2013-01-21 20:26 - 00000000 ____D C:\Users\S&M Productions\Documents\My Kindle Content
    2013-01-20 11:29 - 2013-01-20 11:29 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Amazon
    2013-01-20 11:22 - 2013-01-20 11:22 - 00000000 ____D C:\Users\All Users\Amazon
    2013-01-20 11:22 - 2013-01-20 11:22 - 00000000 ____D C:\Program Files (x86)\Amazon
    2013-01-20 11:09 - 2013-01-20 11:10 - 00000000 ____D C:\Program Files (x86)\DVD Decrypter
    2013-01-20 11:09 - 2013-01-20 11:09 - 00001976 ____A C:\Users\S&M Productions\Desktop\DVD Decrypter.lnk
    2013-01-20 11:07 - 2013-01-20 11:07 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
    2013-01-20 11:01 - 2013-01-20 11:01 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2013-01-20 10:55 - 2013-01-20 10:55 - 00001101 ____A C:\Users\S&M Productions\Desktop\Music Files.lnk
    2013-01-20 10:27 - 2013-01-20 10:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-01-20 10:27 - 2013-01-20 10:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-01-20 10:27 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2013-01-20 10:27 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
    2013-01-20 10:27 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
    2013-01-20 10:27 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
    2013-01-20 10:27 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2013-01-20 10:27 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2013-01-20 10:27 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2013-01-20 10:27 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2013-01-20 10:27 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2013-01-20 10:27 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
    2013-01-20 10:27 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-01-20 10:27 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
    2013-01-20 10:27 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
    2013-01-20 10:27 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-01-20 10:27 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
    2013-01-20 10:27 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-01-20 10:27 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
    2013-01-20 10:27 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2013-01-20 10:27 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-01-20 10:27 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
    2013-01-20 10:27 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2013-01-20 10:27 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2013-01-20 10:27 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2013-01-20 10:27 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-01-20 10:27 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-01-20 10:26 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2013-01-20 10:26 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2013-01-20 10:26 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-01-20 10:26 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2013-01-20 10:26 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-01-20 10:26 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2013-01-20 10:26 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-01-20 10:26 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2013-01-20 10:26 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2013-01-20 10:26 - 2011-02-19 04:05 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2013-01-20 10:26 - 2011-02-19 04:04 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2013-01-20 10:26 - 2011-02-18 22:30 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2013-01-20 10:25 - 2013-01-31 19:25 - 00010669 ____A C:\Windows\setupact.log
    2013-01-20 10:25 - 2013-01-20 10:25 - 00000000 ____A C:\Windows\setuperr.log
    2013-01-20 10:18 - 2013-01-20 10:18 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2013-01-20 10:07 - 2013-01-20 10:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2013-01-20 10:07 - 2013-01-20 10:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2013-01-20 09:51 - 2013-01-20 10:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
    2013-01-20 09:51 - 2013-01-20 09:51 - 00000000 ____D C:\Windows\PCHEALTH
    2013-01-20 09:51 - 2013-01-20 09:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
    2013-01-20 09:50 - 2013-01-21 04:31 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2013-01-20 09:50 - 2013-01-21 04:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2013-01-20 09:50 - 2013-01-20 09:50 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Microsoft Help
    2013-01-20 09:50 - 2013-01-20 09:50 - 00000000 ____D C:\Program Files\Microsoft Office
    2013-01-20 09:50 - 2013-01-20 09:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2013-01-20 09:49 - 2013-01-20 09:49 - 00000000 __RHD C:\MSOCache
    2013-01-20 09:40 - 2013-01-20 09:43 - 00002560 __ASH C:\Users\S&M Productions\Documents\Thumbs.db
    2013-01-20 09:34 - 2013-01-20 09:34 - 00000000 ____D C:\Program Files (x86)\MozBackup
    2013-01-20 09:34 - 2013-01-16 11:57 - 00000392 ____A C:\Users\S&M Productions\Documents\indexfile.txt
    2013-01-20 09:33 - 2013-01-20 09:33 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\ImgBurn
    2013-01-20 09:33 - 2013-01-20 09:33 - 00000000 ____D C:\Program Files (x86)\ImgBurn
    2013-01-20 09:23 - 2013-01-20 09:23 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
    2013-01-20 09:10 - 2013-01-30 10:26 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\vlc
    2013-01-20 09:10 - 2013-01-20 09:10 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    2013-01-20 08:42 - 2013-01-20 08:51 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Winamp
    2013-01-20 08:42 - 2013-01-20 08:51 - 00000000 ____D C:\Program Files (x86)\Winamp
    2013-01-20 08:42 - 2013-01-20 08:42 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
    2013-01-20 08:42 - 2006-09-28 14:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2013-01-20 08:19 - 2013-01-20 08:19 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Yahoo!
    2013-01-20 08:17 - 2013-01-31 10:56 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2013-01-20 08:11 - 2013-01-22 05:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-01-20 08:11 - 2013-01-21 07:09 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Mozilla
    2013-01-20 08:11 - 2013-01-20 08:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2013-01-20 08:11 - 2013-01-20 08:11 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Thunderbird
    2013-01-20 08:11 - 2013-01-20 08:11 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Thunderbird
    2013-01-20 08:11 - 2013-01-20 08:11 - 00000000 ____D C:\Users\All Users\Mozilla
    2013-01-20 08:07 - 2013-01-20 14:31 - 00000000 ___DC C:\Users\S&M Productions\AppData\Local\MigWiz
    2013-01-20 07:53 - 2013-01-20 08:43 - 00000000 ____D C:\Users\S&M Productions\Documents\091030 CyberLink_files
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\Draft Results - Free Fantasy Football 2012 Fantasy Football - NFL.com_files
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\CyberLink CyberStore_files
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\CyberLink
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\BSN Files
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\Amazon MP3 Uploader
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\Amazon MP3
    2013-01-19 22:43 - 2013-01-19 22:43 - 00000000 _RSHD C:\acroldr
    2013-01-19 22:24 - 2013-01-19 22:41 - 00001269 ____A C:\Users\Public\Desktop\Acronis True Image.lnk
    2013-01-19 22:24 - 2013-01-19 22:38 - 00000000 ____D C:\Program Files (x86)\Acronis
    2013-01-19 22:24 - 2013-01-19 22:24 - 01263200 ____A (Acronis) C:\Windows\System32\Drivers\tdrpm273.sys
    2013-01-19 22:24 - 2013-01-19 22:24 - 00970336 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
    2013-01-19 22:24 - 2013-01-19 22:24 - 00285280 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
    2013-01-19 22:24 - 2013-01-19 22:24 - 00277088 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
    2013-01-19 22:20 - 2013-01-20 00:45 - 00000000 ____D C:\Users\All Users\Acronis
    2013-01-19 22:20 - 2013-01-19 22:41 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Acronis
    2013-01-19 21:28 - 2013-01-19 21:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-19 21:28 - 2013-01-19 21:28 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Malwarebytes
    2013-01-19 21:28 - 2013-01-19 21:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-19 21:28 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-01-19 21:19 - 2013-01-19 21:19 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-01-19 21:19 - 2013-01-19 21:19 - 00780192 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-01-19 21:19 - 2013-01-19 21:19 - 00261024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-01-19 21:19 - 2013-01-19 21:19 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-01-19 21:19 - 2013-01-19 21:19 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-01-19 21:19 - 2013-01-19 21:19 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-01-19 21:19 - 2013-01-19 21:19 - 00000000 ____D C:\Users\All Users\Sun
    2013-01-19 21:19 - 2013-01-19 21:19 - 00000000 ____D C:\Users\All Users\McAfee
    2013-01-19 21:19 - 2013-01-19 21:19 - 00000000 ____D C:\Program Files (x86)\Java
    2013-01-19 21:09 - 2013-01-19 21:09 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Leadertech
    2013-01-19 21:09 - 2013-01-19 21:09 - 00000000 ____D C:\Users\Public\Documents\Logishrd
    2013-01-19 21:08 - 2013-01-19 21:09 - 00000000 ____D C:\Users\All Users\Logitech
    2013-01-19 21:08 - 2013-01-19 21:08 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2013-01-19 21:08 - 2013-01-19 21:08 - 00009585 ____A C:\Windows\LDPINST.LOG
    2013-01-19 21:08 - 2013-01-19 21:08 - 00001276 ____A C:\Windows\LkmdfCoInst.log
    2013-01-19 21:07 - 2013-01-19 21:09 - 00000000 ____D C:\Users\All Users\Logishrd
    2013-01-19 21:07 - 2013-01-19 21:08 - 00000000 ____D C:\Program Files\Common Files\Logishrd
    2013-01-19 21:07 - 2013-01-19 21:07 - 00000000 ____D C:\Program Files\Logitech
    2013-01-19 21:06 - 2013-01-19 21:09 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Logitech
    2013-01-19 21:06 - 2013-01-19 21:06 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Logishrd
    2013-01-19 20:54 - 2013-01-20 14:39 - 01081760 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2013-01-19 20:54 - 2013-01-20 14:39 - 00960416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2013-01-19 20:46 - 2013-01-31 18:51 - 00000968 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1019132598-1382531263-2789852734-1001UA.job
    2013-01-19 20:46 - 2013-01-26 20:51 - 00000916 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1019132598-1382531263-2789852734-1001Core.job
    2013-01-19 20:46 - 2013-01-19 20:46 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\RockMelt
    2013-01-19 20:44 - 2013-01-31 18:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-19 20:44 - 2013-01-27 17:22 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Adobe
    2013-01-19 20:44 - 2013-01-27 11:39 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-19 20:44 - 2013-01-27 11:39 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-19 20:44 - 2013-01-19 20:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2013-01-19 20:44 - 2013-01-19 20:44 - 00000000 ____D C:\Windows\System32\Macromed
    2013-01-19 20:44 - 2013-01-19 20:44 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Macromedia
    2013-01-19 20:17 - 2013-01-19 20:17 - 00000000 ____D C:\Program Files (x86)\OI App Manager
    2013-01-19 19:50 - 2013-01-19 19:50 - 00000000 ____D C:\Program Files (x86)\APC
    2013-01-19 19:49 - 2013-01-19 19:49 - 13923704 ____A (Schneider Electric) C:\Users\S&M Productions\PCPE Setup.exe
    2013-01-19 19:49 - 2013-01-19 19:49 - 13338112 ____A C:\Users\S&M Productions\PCPE_3.0.1.msi
    2013-01-19 19:49 - 2013-01-19 19:49 - 01079808 ____A (Microsoft Corporation) C:\Users\S&M Productions\mfc80u.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00626688 ____A (Microsoft Corporation) C:\Users\S&M Productions\msvcr80.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021880 ____A (Schneider Electric) C:\Users\S&M Productions\grm_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021880 ____A (Schneider Electric) C:\Users\S&M Productions\fr_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021368 ____A (Schneider Electric) C:\Users\S&M Productions\pt_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021368 ____A (Schneider Electric) C:\Users\S&M Productions\it_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021368 ____A (Schneider Electric) C:\Users\S&M Productions\es_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021368 ____A (Schneider Electric) C:\Users\S&M Productions\en_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00020856 ____A (Schneider Electric) C:\Users\S&M Productions\ru_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00020344 ____A (Schneider Electric) C:\Users\S&M Productions\jp_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00019832 ____A (Schneider Electric) C:\Users\S&M Productions\zh_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00018808 ____A C:\Users\S&M Productions\ResourceReader.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00000550 ____A C:\Users\S&M Productions\Microsoft.VC80.MFC.manifest
    2013-01-19 19:49 - 2013-01-19 19:49 - 00000522 ____A C:\Users\S&M Productions\Microsoft.VC80.CRT.manifest
    2013-01-19 19:49 - 2013-01-19 19:49 - 00000012 ____A C:\Users\S&M Productions\dotnetfolder.txt
    2013-01-19 19:14 - 2013-01-19 19:14 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
    2013-01-19 19:06 - 2013-01-19 19:06 - 00000000 ____D C:\Users\S&M Productions\Documents\Symantec
    2013-01-19 19:05 - 2013-01-23 04:12 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2013-01-19 19:05 - 2013-01-19 19:05 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2013-01-19 19:05 - 2013-01-19 19:05 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2013-01-19 19:05 - 2013-01-19 19:05 - 00000000 ____D C:\Program Files\Symantec
    2013-01-19 19:05 - 2013-01-19 19:05 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-01-19 19:05 - 2013-01-19 19:05 - 00000000 ____D C:\Program Files (x86)\Norton 360 Premier Edition
    2013-01-19 19:00 - 2013-01-19 19:06 - 00000000 ____D C:\Users\All Users\Norton
    2013-01-19 19:00 - 2013-01-19 19:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2013-01-19 18:35 - 2012-02-03 05:01 - 00677480 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
    2013-01-19 18:35 - 2012-02-03 05:01 - 00107552 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
    2013-01-19 18:35 - 2012-02-03 05:01 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
    2013-01-19 18:33 - 2013-01-19 18:33 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\ATI
    2013-01-19 18:33 - 2013-01-19 18:33 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\ATI
    2013-01-19 18:33 - 2013-01-19 18:33 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\AMD
    2013-01-19 18:33 - 2013-01-19 18:33 - 00000000 ____D C:\Users\All Users\ATI
    2013-01-19 18:29 - 2013-01-20 12:45 - 00108816 ____A C:\Users\S&M Productions\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-01-19 18:27 - 2011-03-24 19:29 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
    2013-01-19 18:27 - 2011-03-24 19:29 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
    2013-01-19 18:27 - 2011-03-24 19:29 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
    2013-01-19 18:27 - 2011-03-24 19:29 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
    2013-01-19 18:27 - 2011-03-24 19:29 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
    2013-01-19 18:27 - 2011-03-24 19:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
    2013-01-19 18:27 - 2011-03-24 19:28 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
    2013-01-19 18:27 - 2011-03-10 22:41 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
    2013-01-19 18:27 - 2011-03-10 22:41 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
    2013-01-19 18:27 - 2011-03-10 22:41 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
    2013-01-19 18:27 - 2011-03-10 22:41 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
    2013-01-19 18:27 - 2011-03-10 22:41 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
    2013-01-19 18:27 - 2011-03-10 22:41 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
    2013-01-19 18:27 - 2011-03-10 22:33 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
    2013-01-19 18:27 - 2011-03-10 22:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
    2013-01-19 18:27 - 2011-03-10 21:33 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2013-01-19 18:27 - 2011-03-10 21:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
    2013-01-19 18:27 - 2011-03-10 20:37 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
    2013-01-19 18:22 - 2013-01-19 18:22 - 00000000 ____A C:\Windows\ativpsrm.bin
    2013-01-19 18:16 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2013-01-19 18:16 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2013-01-19 18:16 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2013-01-19 18:16 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2013-01-19 18:15 - 2012-12-16 15:31 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-01-19 18:12 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2013-01-19 18:12 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2013-01-19 18:12 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2013-01-19 18:12 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2013-01-19 18:12 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2013-01-19 18:12 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2013-01-19 18:12 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2013-01-19 18:12 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2013-01-19 18:12 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2013-01-19 18:12 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2013-01-19 18:12 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2013-01-19 18:12 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2013-01-19 18:12 - 2010-09-30 02:41 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
    2013-01-19 18:12 - 2010-09-29 22:47 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2013-01-19 18:11 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2013-01-19 18:11 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2013-01-19 18:11 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2013-01-19 18:11 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2013-01-19 18:11 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2013-01-19 18:10 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
    2013-01-19 18:10 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
    2013-01-19 18:10 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2013-01-19 18:10 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2013-01-19 18:10 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
    2013-01-19 18:10 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
    2013-01-19 18:10 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
    2013-01-19 18:10 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
    2013-01-19 18:10 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
    2013-01-19 18:10 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
    2013-01-19 18:10 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
    2013-01-19 18:10 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
    2013-01-19 18:10 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
    2013-01-19 18:10 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
    2013-01-19 18:10 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
    2013-01-19 18:10 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
    2013-01-19 18:10 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
    2013-01-19 18:10 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2013-01-19 18:10 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2013-01-19 18:10 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-01-19 18:10 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-01-19 18:10 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2013-01-19 18:10 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2013-01-19 18:10 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-01-19 18:10 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2013-01-19 18:10 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
    2013-01-19 18:10 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2013-01-19 18:10 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2013-01-19 18:10 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2013-01-19 18:10 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2013-01-19 18:10 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2013-01-19 18:10 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2013-01-19 18:10 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2013-01-19 18:10 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2013-01-19 18:10 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-01-19 18:10 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-01-19 18:10 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-01-19 18:10 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2013-01-19 18:10 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-01-19 18:10 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2013-01-19 18:10 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-01-19 18:10 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-01-19 18:10 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2013-01-19 18:10 - 2012-01-04 02:44 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
    2013-01-19 18:10 - 2012-01-04 00:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
    2013-01-19 18:10 - 2011-07-08 18:46 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
    2013-01-19 18:10 - 2011-06-15 21:49 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
    2013-01-19 18:10 - 2011-06-15 20:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
    2013-01-19 18:10 - 2011-05-03 21:25 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
    2013-01-19 18:10 - 2011-05-03 21:22 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
    2013-01-19 18:10 - 2011-05-03 21:22 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
    2013-01-19 18:10 - 2011-05-03 21:22 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
    2013-01-19 18:10 - 2011-05-03 21:22 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
    2013-01-19 18:10 - 2011-05-03 21:22 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
    2013-01-19 18:10 - 2011-05-03 21:19 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
    2013-01-19 18:10 - 2011-05-03 21:19 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
    2013-01-19 18:10 - 2011-05-03 21:19 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
    2013-01-19 18:10 - 2011-05-03 20:34 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2013-01-19 18:10 - 2011-05-03 20:32 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2013-01-19 18:10 - 2011-05-03 20:32 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2013-01-19 18:10 - 2011-05-03 20:32 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2013-01-19 18:10 - 2011-05-03 20:32 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2013-01-19 18:10 - 2011-05-03 20:32 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2013-01-19 18:10 - 2011-05-03 20:28 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2013-01-19 18:10 - 2011-05-03 20:28 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2013-01-19 18:10 - 2011-05-03 20:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2013-01-19 18:10 - 2011-04-26 18:40 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
    2013-01-19 18:10 - 2011-04-26 18:39 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
    2013-01-19 18:10 - 2011-04-08 22:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
    2013-01-19 18:10 - 2011-04-08 21:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2013-01-19 18:10 - 2010-12-23 02:42 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
    2013-01-19 18:10 - 2010-12-23 02:42 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
    2013-01-19 18:10 - 2010-12-23 02:36 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
    2013-01-19 18:10 - 2010-12-22 21:54 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
    2013-01-19 18:10 - 2010-12-22 21:54 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
    2013-01-19 18:10 - 2010-12-22 21:50 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
    2013-01-19 18:09 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-01-19 18:09 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-01-19 18:09 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-01-19 18:09 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-01-19 18:09 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-01-19 18:09 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-01-19 18:09 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-01-19 18:09 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-01-19 18:09 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-01-19 18:09 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-01-19 18:09 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-01-19 18:09 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-01-19 18:09 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-01-19 18:09 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-01-19 18:09 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
    2013-01-19 18:09 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
    2013-01-19 18:09 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-01-19 18:09 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-01-19 18:09 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
    2013-01-19 18:09 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2013-01-19 18:09 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-01-19 18:09 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-01-19 18:09 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-01-19 18:09 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-01-19 18:09 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-01-19 18:09 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-01-19 18:09 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-01-19 18:09 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-01-19 18:09 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
    2013-01-19 18:09 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
    2013-01-19 18:09 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2013-01-19 18:09 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2013-01-19 18:09 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2013-01-19 18:09 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2013-01-19 18:09 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-01-19 18:09 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-01-19 18:09 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-01-19 18:09 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2013-01-19 18:09 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-01-19 18:09 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-01-19 18:09 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2013-01-19 18:09 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2013-01-19 18:09 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2013-01-19 18:09 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2013-01-19 18:09 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-01-19 18:09 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-01-19 18:09 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-01-19 18:09 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-01-19 18:09 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-01-19 18:09 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-01-19 18:09 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2013-01-19 18:09 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2013-01-19 18:09 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2013-01-19 18:09 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2013-01-19 18:09 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2013-01-19 18:09 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2013-01-19 18:09 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2013-01-19 18:09 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2013-01-19 18:09 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-01-19 18:09 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-01-19 18:09 - 2011-12-29 22:26 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
    2013-01-19 18:09 - 2011-12-29 21:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
    2013-01-19 18:09 - 2011-12-27 19:59 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
    2013-01-19 18:09 - 2011-11-16 22:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
    2013-01-19 18:09 - 2011-11-16 22:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2013-01-19 18:09 - 2011-11-16 22:35 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2013-01-19 18:09 - 2011-11-16 22:35 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2013-01-19 18:09 - 2011-11-16 22:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2013-01-19 18:09 - 2011-11-16 21:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2013-01-19 18:09 - 2011-10-25 21:25 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
    2013-01-19 18:09 - 2011-10-25 21:21 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2013-01-19 18:09 - 2011-10-25 20:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2013-01-19 18:09 - 2011-08-26 21:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2013-01-19 18:09 - 2011-08-26 21:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
    2013-01-19 18:09 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2013-01-19 18:09 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
    2013-01-19 18:09 - 2011-08-16 21:26 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
    2013-01-19 18:09 - 2011-08-16 21:25 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
    2013-01-19 18:09 - 2011-08-16 20:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
    2013-01-19 18:09 - 2011-08-16 20:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
    2013-01-19 18:09 - 2011-06-15 02:02 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
    2013-01-19 18:09 - 2011-06-15 02:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
    2013-01-19 18:09 - 2011-06-15 02:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
    2013-01-19 18:09 - 2011-06-15 02:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
    2013-01-19 18:09 - 2011-06-15 00:55 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
    2013-01-19 18:09 - 2011-06-15 00:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
    2013-01-19 18:09 - 2011-06-15 00:55 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
    2013-01-19 18:09 - 2011-06-15 00:55 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
    2013-01-19 18:09 - 2011-06-15 00:55 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
    2013-01-19 18:09 - 2011-05-24 03:42 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
    2013-01-19 18:09 - 2011-05-24 02:40 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
    2013-01-19 18:09 - 2011-05-24 02:40 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
    2013-01-19 18:09 - 2011-05-24 02:39 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
    2013-01-19 18:09 - 2011-05-24 02:37 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
    2013-01-19 18:09 - 2011-04-28 19:06 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
    2013-01-19 18:09 - 2011-04-28 19:05 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2013-01-19 18:09 - 2011-04-28 19:05 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2013-01-19 18:09 - 2011-04-22 14:15 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
    2013-01-19 18:09 - 2011-03-12 04:08 - 01465344 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
    2013-01-19 18:09 - 2011-03-12 03:23 - 00870912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2013-01-19 18:09 - 2011-03-10 22:34 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
    2013-01-19 18:09 - 2011-03-10 22:34 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
    2013-01-19 18:09 - 2011-03-10 21:33 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
    2013-01-19 18:09 - 2011-03-10 21:33 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
    2013-01-19 18:09 - 2011-03-02 22:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
    2013-01-19 18:09 - 2011-03-02 22:24 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
    2013-01-19 18:09 - 2011-03-02 22:21 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
    2013-01-19 18:09 - 2011-03-02 21:38 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
    2013-01-19 18:09 - 2011-03-02 21:36 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
    2013-01-19 18:09 - 2011-02-24 22:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
    2013-01-19 18:09 - 2011-02-24 21:30 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2013-01-19 18:09 - 2011-02-23 22:15 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2013-01-19 18:09 - 2011-02-23 21:38 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-01-19 18:09 - 2011-02-05 09:10 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
    2013-01-19 18:09 - 2011-02-05 09:10 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
    2013-01-19 18:09 - 2011-02-05 09:10 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
    2013-01-19 18:09 - 2011-02-05 09:10 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
    2013-01-19 18:09 - 2011-02-05 09:06 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
    2013-01-19 18:09 - 2011-02-05 09:06 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2013-01-19 18:09 - 2011-02-05 09:06 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2013-01-19 18:09 - 2011-01-17 03:09 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2013-01-19 18:09 - 2011-01-16 21:47 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2013-01-19 18:09 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2013-01-19 18:09 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2013-01-19 18:08 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2013-01-19 18:08 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2013-01-19 18:08 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2013-01-19 18:08 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2013-01-19 18:08 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2013-01-19 18:08 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2013-01-19 18:08 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2013-01-19 18:07 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2013-01-19 18:07 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2013-01-19 18:07 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2013-01-19 18:07 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2013-01-19 18:07 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2013-01-19 18:07 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2013-01-19 18:07 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
    2013-01-19 18:07 - 2011-11-19 06:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
    2013-01-19 18:07 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2013-01-19 18:07 - 2011-11-16 22:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-01-19 18:07 - 2011-11-16 21:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-01-19 18:07 - 2011-10-14 22:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2013-01-19 18:07 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2013-01-19 18:07 - 2011-05-02 21:29 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
    2013-01-19 18:07 - 2011-05-02 20:30 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2013-01-19 18:07 - 2011-02-22 20:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
    2013-01-19 18:07 - 2011-02-18 02:51 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    2013-01-19 18:07 - 2011-02-17 21:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
    2013-01-19 18:07 - 2011-02-12 03:34 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Users\All Users\AMD
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2013-01-19 17:58 - 2013-01-19 17:58 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\DAEMON Tools Pro
    2013-01-19 17:58 - 2013-01-19 17:58 - 00000000 ____D C:\Users\All Users\DAEMON Tools Pro
    2013-01-19 17:56 - 2013-01-20 11:21 - 00000000 ____D C:\Windows\Downloaded Installations
    2013-01-19 17:56 - 2013-01-19 17:56 - 00000000 ____D C:\Program Files (x86)\AMD
    2013-01-19 17:53 - 2013-01-20 11:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-01-19 17:53 - 2013-01-19 18:36 - 00000000 ____D C:\Program Files (x86)\ASUS
    2013-01-19 17:53 - 2010-12-28 03:19 - 00028672 ___RA (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
    2013-01-19 17:53 - 2008-01-04 11:34 - 00011832 ____A C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
    2013-01-19 17:53 - 2008-01-04 11:34 - 00010216 ____A C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
    2013-01-19 17:52 - 2013-01-19 17:52 - 00007704 ____A C:\Windows\DPINST.LOG
    2013-01-19 17:52 - 2013-01-19 17:52 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
    2013-01-19 17:48 - 2013-01-19 18:35 - 00000000 ____D C:\Program Files (x86)\Realtek
    2013-01-19 17:44 - 2013-01-19 17:44 - 00000000 ____D C:\Program Files\Realtek
    2013-01-19 17:44 - 2011-12-12 19:01 - 01698408 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2013-01-19 17:43 - 2010-05-19 23:30 - 00016440 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\Drivers\AtiPcie.sys
    2013-01-19 17:42 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files\ATI Technologies
    2013-01-19 17:42 - 2013-01-19 17:42 - 00000000 ____D C:\Program Files\ATI
    2013-01-19 17:40 - 2013-01-19 18:34 - 00039544 ____A C:\Windows\Ascd_tmp.ini
    2013-01-19 17:40 - 2013-01-19 18:34 - 00001769 ____A C:\Windows\Language_trs.ini
    2013-01-19 17:09 - 2013-01-19 17:10 - 00003747 ____A C:\Windows\IE9_main.log
    2013-01-19 17:09 - 2013-01-19 17:09 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2013-01-19 17:09 - 2013-01-19 17:09 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2013-01-19 17:09 - 2013-01-19 17:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-01-19 17:09 - 2013-01-19 17:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-01-19 17:09 - 2013-01-19 17:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-01-19 17:09 - 2013-01-19 17:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-01-19 17:09 - 2013-01-19 17:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2013-01-19 17:09 - 2013-01-19 17:09 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-01-19 17:09 - 2013-01-19 17:09 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2013-01-19 17:09 - 2013-01-19 17:09 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2013-01-19 17:09 - 2013-01-19 17:09 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2013-01-19 17:07 - 2013-01-19 17:07 - 00002029 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
    2013-01-19 17:06 - 2013-01-19 17:06 - 00000000 ____D C:\Program Files\Microsoft LifeCam
    2013-01-19 17:06 - 2013-01-19 17:06 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
    2013-01-19 17:06 - 2009-09-04 15:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2013-01-19 17:06 - 2009-09-04 15:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2013-01-19 16:58 - 2012-02-16 22:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
    2013-01-19 16:58 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
    2013-01-19 16:58 - 2012-02-16 20:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
    2013-01-19 16:55 - 2013-01-31 12:07 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\VirtualStore
    2013-01-19 16:55 - 2013-01-30 10:25 - 00000000 ____D C:\users\S&M Productions
    2013-01-19 16:55 - 2013-01-19 16:55 - 00000020 ___SH C:\Users\S&M Productions\ntuser.ini
    2013-01-19 16:55 - 2013-01-19 16:55 - 00000000 __SHD C:\Recovery
    2013-01-19 16:55 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2013-01-19 16:55 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2013-01-19 16:55 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2013-01-19 16:55 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2013-01-19 16:55 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2013-01-19 16:55 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2013-01-19 16:55 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2013-01-19 16:55 - 2012-06-02 13:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2013-01-19 16:55 - 2012-06-02 13:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2013-01-19 16:54 - 2013-01-31 19:24 - 01668882 ____A C:\Windows\WindowsUpdate.log
    2013-01-19 06:49 - 2013-01-19 06:49 - 00001355 ____A C:\Windows\TSSysprep.log
    2013-01-19 06:46 - 2013-01-19 16:55 - 00000000 ____D C:\Windows\Panther

    ==================== One Month Modified Files and Folders =======

    2013-01-31 21:39 - 2013-01-31 21:39 - 00000000 ____D C:\FRST
    2013-01-31 19:25 - 2013-01-20 10:25 - 00010669 ____A C:\Windows\setupact.log
    2013-01-31 19:25 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-31 19:24 - 2013-01-19 16:54 - 01668882 ____A C:\Windows\WindowsUpdate.log
    2013-01-31 19:15 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-31 18:51 - 2013-01-19 20:46 - 00000968 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1019132598-1382531263-2789852734-1001UA.job
    2013-01-31 18:42 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-31 18:42 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-31 18:36 - 2013-01-19 20:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-31 15:21 - 2010-11-20 19:47 - 00415204 ____A C:\Windows\PFRO.log
    2013-01-31 14:41 - 2013-01-31 14:41 - 00001330 ____A C:\AdwCleaner[S1].txt
    2013-01-31 14:41 - 2013-01-31 14:41 - 00001223 ____A C:\AdwCleaner[R2].txt
    2013-01-31 14:40 - 2013-01-31 14:40 - 00001163 ____A C:\AdwCleaner[R1].txt
    2013-01-31 14:28 - 2013-01-20 14:34 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\CrashDumps
    2013-01-31 14:27 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-01-31 14:26 - 2013-01-31 14:26 - 00000000 ____D C:\Program Files (x86)\CPUID
    2013-01-31 12:07 - 2013-01-19 16:55 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\VirtualStore
    2013-01-31 10:56 - 2013-01-31 10:56 - 00000000 ____D C:\Users\All Users\Yahoo!
    2013-01-31 10:56 - 2013-01-20 08:17 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2013-01-31 09:53 - 2013-01-31 09:53 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-01-30 10:26 - 2013-01-20 09:10 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\vlc
    2013-01-30 10:25 - 2013-01-30 10:25 - 00000000 ____D C:\Users\S&M Productions\dwhelper
    2013-01-30 10:25 - 2013-01-19 16:55 - 00000000 ____D C:\users\S&M Productions
    2013-01-29 04:53 - 2013-01-29 04:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2013-01-28 16:28 - 2013-01-20 14:34 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Google
    2013-01-28 16:28 - 2013-01-20 14:33 - 00000000 ____D C:\Program Files (x86)\Google
    2013-01-27 17:23 - 2013-01-20 14:32 - 00000000 ____D C:\Users\All Users\Adobe
    2013-01-27 17:22 - 2013-01-21 08:59 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Adobe
    2013-01-27 17:22 - 2013-01-19 20:44 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Adobe
    2013-01-27 11:42 - 2013-01-27 11:42 - 00000000 ____D C:\Program Files (x86)\ConvertHelper
    2013-01-27 11:39 - 2013-01-27 11:39 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Macromedia
    2013-01-27 11:39 - 2013-01-19 20:44 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-27 11:39 - 2013-01-19 20:44 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-26 20:51 - 2013-01-19 20:46 - 00000916 ____A C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1019132598-1382531263-2789852734-1001Core.job
    2013-01-23 16:04 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
    2013-01-23 04:12 - 2013-01-19 19:05 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2013-01-22 05:32 - 2013-01-20 08:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-01-21 20:26 - 2013-01-20 11:29 - 00000000 ____D C:\Users\S&M Productions\Documents\My Kindle Content
    2013-01-21 09:02 - 2013-01-21 09:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
    2013-01-21 09:00 - 2013-01-21 09:00 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2013-01-21 09:00 - 2013-01-21 09:00 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2013-01-21 09:00 - 2013-01-20 14:33 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-01-21 07:09 - 2013-01-21 07:09 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Mozilla
    2013-01-21 07:09 - 2013-01-21 07:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-01-21 07:09 - 2013-01-20 08:11 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Mozilla
    2013-01-21 04:31 - 2013-01-20 09:50 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2013-01-21 04:29 - 2013-01-20 09:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2013-01-21 04:27 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2013-01-20 19:30 - 2013-01-20 19:30 - 625483677 ____N C:\Windows\MEMORY.DMP
    2013-01-20 19:30 - 2013-01-20 19:30 - 00275736 ____A C:\Windows\Minidump\012013-24960-01.dmp
    2013-01-20 19:30 - 2013-01-20 19:30 - 00000000 ____D C:\Windows\Minidump
    2013-01-20 14:39 - 2013-01-20 14:39 - 00308640 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-01-20 14:39 - 2013-01-20 14:39 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-01-20 14:39 - 2013-01-20 14:39 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-01-20 14:39 - 2013-01-20 14:39 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-01-20 14:39 - 2013-01-20 14:39 - 00000000 ____D C:\Windows\Sun
    2013-01-20 14:39 - 2013-01-20 14:39 - 00000000 ____D C:\Program Files\Java
    2013-01-20 14:39 - 2013-01-19 20:54 - 01081760 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2013-01-20 14:39 - 2013-01-19 20:54 - 00960416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2013-01-20 14:31 - 2013-01-20 08:07 - 00000000 ___DC C:\Users\S&M Productions\AppData\Local\MigWiz
    2013-01-20 13:24 - 2013-01-20 12:56 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy
    2013-01-20 12:57 - 2013-01-20 12:56 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\AccurateRip
    2013-01-20 12:56 - 2013-01-20 12:56 - 00001074 ____A C:\Users\Public\Desktop\Exact Audio Copy.lnk
    2013-01-20 12:56 - 2013-01-20 12:56 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\EAC
    2013-01-20 12:45 - 2013-01-20 12:40 - 00000000 ____D C:\Program Files (x86)\EasyTAG
    2013-01-20 12:45 - 2013-01-19 18:29 - 00108816 ____A C:\Users\S&M Productions\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-01-20 12:45 - 2009-07-13 20:45 - 00413992 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-20 12:42 - 2013-01-20 12:41 - 00000000 ____D C:\Users\S&M Productions\.gimp-2.8
    2013-01-20 12:41 - 2013-01-20 12:41 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\gegl-0.2
    2013-01-20 12:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-01-20 11:29 - 2013-01-20 11:29 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Amazon
    2013-01-20 11:22 - 2013-01-20 11:22 - 00000000 ____D C:\Users\All Users\Amazon
    2013-01-20 11:22 - 2013-01-20 11:22 - 00000000 ____D C:\Program Files (x86)\Amazon
    2013-01-20 11:22 - 2013-01-19 17:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-01-20 11:21 - 2013-01-19 17:56 - 00000000 ____D C:\Windows\Downloaded Installations
    2013-01-20 11:10 - 2013-01-20 11:09 - 00000000 ____D C:\Program Files (x86)\DVD Decrypter
    2013-01-20 11:09 - 2013-01-20 11:09 - 00001976 ____A C:\Users\S&M Productions\Desktop\DVD Decrypter.lnk
    2013-01-20 11:07 - 2013-01-20 11:07 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
    2013-01-20 11:01 - 2013-01-20 11:01 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2013-01-20 10:55 - 2013-01-20 10:55 - 00001101 ____A C:\Users\S&M Productions\Desktop\Music Files.lnk
    2013-01-20 10:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-01-20 10:27 - 2013-01-20 10:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-01-20 10:27 - 2013-01-20 10:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-01-20 10:25 - 2013-01-20 10:25 - 00000000 ____A C:\Windows\setuperr.log
    2013-01-20 10:18 - 2013-01-20 10:18 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2013-01-20 10:12 - 2013-01-20 09:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
    2013-01-20 10:07 - 2013-01-20 10:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2013-01-20 10:07 - 2013-01-20 10:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2013-01-20 09:51 - 2013-01-20 09:51 - 00000000 ____D C:\Windows\PCHEALTH
    2013-01-20 09:51 - 2013-01-20 09:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
    2013-01-20 09:51 - 2011-04-12 00:28 - 00000000 ____D C:\Windows\ShellNew
    2013-01-20 09:51 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2013-01-20 09:51 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2013-01-20 09:50 - 2013-01-20 09:50 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Microsoft Help
    2013-01-20 09:50 - 2013-01-20 09:50 - 00000000 ____D C:\Program Files\Microsoft Office
    2013-01-20 09:50 - 2013-01-20 09:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2013-01-20 09:49 - 2013-01-20 09:49 - 00000000 __RHD C:\MSOCache
    2013-01-20 09:43 - 2013-01-20 09:40 - 00002560 __ASH C:\Users\S&M Productions\Documents\Thumbs.db
    2013-01-20 09:34 - 2013-01-20 09:34 - 00000000 ____D C:\Program Files (x86)\MozBackup
    2013-01-20 09:33 - 2013-01-20 09:33 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\ImgBurn
    2013-01-20 09:33 - 2013-01-20 09:33 - 00000000 ____D C:\Program Files (x86)\ImgBurn
    2013-01-20 09:23 - 2013-01-20 09:23 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
    2013-01-20 09:10 - 2013-01-20 09:10 - 00000000 ____D C:\Program Files (x86)\VideoLAN
    2013-01-20 08:51 - 2013-01-20 08:42 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Winamp
    2013-01-20 08:51 - 2013-01-20 08:42 - 00000000 ____D C:\Program Files (x86)\Winamp
    2013-01-20 08:43 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\091030 CyberLink_files
    2013-01-20 08:42 - 2013-01-20 08:42 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
    2013-01-20 08:19 - 2013-01-20 08:19 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Yahoo!
    2013-01-20 08:12 - 2013-01-20 08:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2013-01-20 08:11 - 2013-01-20 08:11 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Thunderbird
    2013-01-20 08:11 - 2013-01-20 08:11 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\Thunderbird
    2013-01-20 08:11 - 2013-01-20 08:11 - 00000000 ____D C:\Users\All Users\Mozilla
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\Draft Results - Free Fantasy Football 2012 Fantasy Football - NFL.com_files
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\CyberLink CyberStore_files
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\CyberLink
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\BSN Files
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\Amazon MP3 Uploader
    2013-01-20 07:53 - 2013-01-20 07:53 - 00000000 ____D C:\Users\S&M Productions\Documents\Amazon MP3
    2013-01-20 00:45 - 2013-01-19 22:20 - 00000000 ____D C:\Users\All Users\Acronis
    2013-01-19 22:43 - 2013-01-19 22:43 - 00000000 _RSHD C:\acroldr
    2013-01-19 22:41 - 2013-01-19 22:24 - 00001269 ____A C:\Users\Public\Desktop\Acronis True Image.lnk
    2013-01-19 22:41 - 2013-01-19 22:20 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Acronis
    2013-01-19 22:38 - 2013-01-19 22:24 - 00000000 ____D C:\Program Files (x86)\Acronis
    2013-01-19 22:24 - 2013-01-19 22:24 - 01263200 ____A (Acronis) C:\Windows\System32\Drivers\tdrpm273.sys
    2013-01-19 22:24 - 2013-01-19 22:24 - 00970336 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
    2013-01-19 22:24 - 2013-01-19 22:24 - 00285280 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
    2013-01-19 22:24 - 2013-01-19 22:24 - 00277088 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
    2013-01-19 21:29 - 2013-01-19 21:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-19 21:28 - 2013-01-19 21:28 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Malwarebytes
    2013-01-19 21:28 - 2013-01-19 21:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-19 21:19 - 2013-01-19 21:19 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-01-19 21:19 - 2013-01-19 21:19 - 00780192 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-01-19 21:19 - 2013-01-19 21:19 - 00261024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-01-19 21:19 - 2013-01-19 21:19 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-01-19 21:19 - 2013-01-19 21:19 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-01-19 21:19 - 2013-01-19 21:19 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-01-19 21:19 - 2013-01-19 21:19 - 00000000 ____D C:\Users\All Users\Sun
    2013-01-19 21:19 - 2013-01-19 21:19 - 00000000 ____D C:\Users\All Users\McAfee
    2013-01-19 21:19 - 2013-01-19 21:19 - 00000000 ____D C:\Program Files (x86)\Java
    2013-01-19 21:09 - 2013-01-19 21:09 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Leadertech
    2013-01-19 21:09 - 2013-01-19 21:09 - 00000000 ____D C:\Users\Public\Documents\Logishrd
    2013-01-19 21:09 - 2013-01-19 21:08 - 00000000 ____D C:\Users\All Users\Logitech
    2013-01-19 21:09 - 2013-01-19 21:07 - 00000000 ____D C:\Users\All Users\Logishrd
    2013-01-19 21:09 - 2013-01-19 21:06 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Logitech
    2013-01-19 21:08 - 2013-01-19 21:08 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2013-01-19 21:08 - 2013-01-19 21:08 - 00009585 ____A C:\Windows\LDPINST.LOG
    2013-01-19 21:08 - 2013-01-19 21:08 - 00001276 ____A C:\Windows\LkmdfCoInst.log
    2013-01-19 21:08 - 2013-01-19 21:07 - 00000000 ____D C:\Program Files\Common Files\Logishrd
    2013-01-19 21:07 - 2013-01-19 21:07 - 00000000 ____D C:\Program Files\Logitech
    2013-01-19 21:06 - 2013-01-19 21:06 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Logishrd
    2013-01-19 20:46 - 2013-01-19 20:46 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\RockMelt
    2013-01-19 20:44 - 2013-01-19 20:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2013-01-19 20:44 - 2013-01-19 20:44 - 00000000 ____D C:\Windows\System32\Macromed
    2013-01-19 20:44 - 2013-01-19 20:44 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\Macromedia
    2013-01-19 20:17 - 2013-01-19 20:17 - 00000000 ____D C:\Program Files (x86)\OI App Manager
    2013-01-19 19:50 - 2013-01-19 19:50 - 00000000 ____D C:\Program Files (x86)\APC
    2013-01-19 19:49 - 2013-01-19 19:49 - 13923704 ____A (Schneider Electric) C:\Users\S&M Productions\PCPE Setup.exe
    2013-01-19 19:49 - 2013-01-19 19:49 - 13338112 ____A C:\Users\S&M Productions\PCPE_3.0.1.msi
    2013-01-19 19:49 - 2013-01-19 19:49 - 01079808 ____A (Microsoft Corporation) C:\Users\S&M Productions\mfc80u.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00626688 ____A (Microsoft Corporation) C:\Users\S&M Productions\msvcr80.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021880 ____A (Schneider Electric) C:\Users\S&M Productions\grm_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021880 ____A (Schneider Electric) C:\Users\S&M Productions\fr_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021368 ____A (Schneider Electric) C:\Users\S&M Productions\pt_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021368 ____A (Schneider Electric) C:\Users\S&M Productions\it_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021368 ____A (Schneider Electric) C:\Users\S&M Productions\es_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00021368 ____A (Schneider Electric) C:\Users\S&M Productions\en_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00020856 ____A (Schneider Electric) C:\Users\S&M Productions\ru_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00020344 ____A (Schneider Electric) C:\Users\S&M Productions\jp_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00019832 ____A (Schneider Electric) C:\Users\S&M Productions\zh_res.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00018808 ____A C:\Users\S&M Productions\ResourceReader.dll
    2013-01-19 19:49 - 2013-01-19 19:49 - 00000550 ____A C:\Users\S&M Productions\Microsoft.VC80.MFC.manifest
    2013-01-19 19:49 - 2013-01-19 19:49 - 00000522 ____A C:\Users\S&M Productions\Microsoft.VC80.CRT.manifest
    2013-01-19 19:49 - 2013-01-19 19:49 - 00000012 ____A C:\Users\S&M Productions\dotnetfolder.txt
    2013-01-19 19:14 - 2013-01-19 19:14 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
    2013-01-19 19:06 - 2013-01-19 19:06 - 00000000 ____D C:\Users\S&M Productions\Documents\Symantec
    2013-01-19 19:06 - 2013-01-19 19:00 - 00000000 ____D C:\Users\All Users\Norton
    2013-01-19 19:05 - 2013-01-19 19:05 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2013-01-19 19:05 - 2013-01-19 19:05 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2013-01-19 19:05 - 2013-01-19 19:05 - 00000000 ____D C:\Program Files\Symantec
    2013-01-19 19:05 - 2013-01-19 19:05 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-01-19 19:05 - 2013-01-19 19:05 - 00000000 ____D C:\Program Files (x86)\Norton 360 Premier Edition
    2013-01-19 19:00 - 2013-01-19 19:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2013-01-19 18:36 - 2013-01-19 17:53 - 00000000 ____D C:\Program Files (x86)\ASUS
    2013-01-19 18:35 - 2013-01-19 17:48 - 00000000 ____D C:\Program Files (x86)\Realtek
    2013-01-19 18:34 - 2013-01-19 17:40 - 00039544 ____A C:\Windows\Ascd_tmp.ini
    2013-01-19 18:34 - 2013-01-19 17:40 - 00001769 ____A C:\Windows\Language_trs.ini
    2013-01-19 18:33 - 2013-01-19 18:33 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\ATI
    2013-01-19 18:33 - 2013-01-19 18:33 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\ATI
    2013-01-19 18:33 - 2013-01-19 18:33 - 00000000 ____D C:\Users\S&M Productions\AppData\Local\AMD
    2013-01-19 18:33 - 2013-01-19 18:33 - 00000000 ____D C:\Users\All Users\ATI
    2013-01-19 18:22 - 2013-01-19 18:22 - 00000000 ____A C:\Windows\ativpsrm.bin
    2013-01-19 18:21 - 2011-04-12 00:28 - 00000000 ____D C:\Program Files\Windows Journal
    2013-01-19 18:21 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Users\All Users\AMD
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2013-01-19 18:05 - 2013-01-19 18:05 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2013-01-19 18:05 - 2013-01-19 17:42 - 00000000 ____D C:\Program Files\ATI Technologies
    2013-01-19 17:58 - 2013-01-19 17:58 - 00000000 ____D C:\Users\S&M Productions\AppData\Roaming\DAEMON Tools Pro
    2013-01-19 17:58 - 2013-01-19 17:58 - 00000000 ____D C:\Users\All Users\DAEMON Tools Pro
    2013-01-19 17:56 - 2013-01-19 17:56 - 00000000 ____D C:\Program Files (x86)\AMD
    2013-01-19 17:52 - 2013-01-19 17:52 - 00007704 ____A C:\Windows\DPINST.LOG
    2013-01-19 17:52 - 2013-01-19 17:52 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
    2013-01-19 17:44 - 2013-01-19 17:44 - 00000000 ____D C:\Program Files\Realtek
    2013-01-19 17:42 - 2013-01-19 17:42 - 00000000 ____D C:\Program Files\ATI
    2013-01-19 17:10 - 2013-01-19 17:09 - 00003747 ____A C:\Windows\IE9_main.log
    2013-01-19 17:09 - 2013-01-19 17:09 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2013-01-19 17:09 - 2013-01-19 17:09 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2013-01-19 17:09 - 2013-01-19 17:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-01-19 17:09 - 2013-01-19 17:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-01-19 17:09 - 2013-01-19 17:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-01-19 17:09 - 2013-01-19 17:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-01-19 17:09 - 2013-01-19 17:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2013-01-19 17:09 - 2013-01-19 17:09 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-01-19 17:09 - 2013-01-19 17:09 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2013-01-19 17:09 - 2013-01-19 17:09 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2013-01-19 17:09 - 2013-01-19 17:09 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-01-19 17:09 - 2013-01-19 17:09 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-01-19 17:09 - 2013-01-19 17:09 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2013-01-19 17:07 - 2013-01-19 17:07 - 00002029 ____A C:\Users\Public\Desktop\Microsoft LifeCam.lnk
    2013-01-19 17:06 - 2013-01-19 17:06 - 00000000 ____D C:\Program Files\Microsoft LifeCam
    2013-01-19 17:06 - 2013-01-19 17:06 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
    2013-01-19 16:55 - 2013-01-19 16:55 - 00000020 ___SH C:\Users\S&M Productions\ntuser.ini
    2013-01-19 16:55 - 2013-01-19 16:55 - 00000000 __SHD C:\Recovery
    2013-01-19 16:55 - 2013-01-19 06:46 - 00000000 ____D C:\Windows\Panther
    2013-01-19 16:55 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
    2013-01-19 16:55 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
    2013-01-19 16:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
    2013-01-19 06:49 - 2013-01-19 06:49 - 00001355 ____A C:\Windows\TSSysprep.log
    2013-01-19 06:49 - 2009-07-13 20:46 - 00002790 ____A C:\Windows\DtcInstall.log
    2013-01-19 06:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
    2013-01-19 06:46 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
    2013-01-19 06:46 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
    2013-01-16 11:57 - 2013-01-20 09:34 - 00000392 ____A C:\Users\S&M Productions\Documents\indexfile.txt

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-01-25 04:18:11
    Restore point made on: 2013-01-25 04:40:09
    Restore point made on: 2013-01-25 04:41:08
    Restore point made on: 2013-01-26 16:27:23
    Restore point made on: 2013-01-28 10:24:51
    Restore point made on: 2013-01-31 10:05:32
    Restore point made on: 2013-01-31 10:06:07
    Restore point made on: 2013-01-31 10:53:11
    Restore point made on: 2013-01-31 15:18:32
    Restore point made on: 2013-01-31 15:19:08

    ==================== Memory info ===========================

    Percentage of memory in use: 6%
    Total physical RAM: 16382.97 MB
    Available physical RAM: 15249.3 MB
    Total Pagefile: 16381.17 MB
    Available Pagefile: 15242.86 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:119.14 GB) (Free:92.02 GB) NTFS
    2 Drive d: (Music Files) (Fixed) (Total:698.63 GB) (Free:621.83 GB) NTFS
    4 Drive g: (Video & Picture Files) (Fixed) (Total:931.51 GB) (Free:821.02 GB) NTFS
    5 Drive h: () (Removable) (Total:1.86 GB) (Free:1.82 GB) NTFS
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 119 GB 0 B
    Disk 1 Online 698 GB 0 B
    Disk 2 Online 931 GB 1024 KB *
    Disk 3 Online 1907 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 66626DD9

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 119 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 119 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 1684C2E0

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 698 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D Music Files NTFS Partition 698 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Disk ID: CB5BD2B2

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Dynamic Data 931 GB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 42
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Partitions of Disk 3:
    ===============

    Disk ID: 00000000

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1907 MB 64 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H NTFS Removable 1907 MB Healthy

    =========================================================

    Last Boot: 2013-01-24 07:44

    ==================== End Of Log =============================

    with Services searched:

    Farbar Recovery Scan Tool (x64) Version: 01-02-2013 03
    Ran by SYSTEM at 2013-01-31 21:44:26
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======

    Thank you!
     
  5. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    Had a 2 hour delay to work due to weather so Mike and I attempted the DDS.scr procedure again.

    Saved to Desktop in Internet Explorer (which this morning the Home Page has now been changed)

    Double clicked to run DSS.scr and a DOS window popped up with green text.

    Another box popped up advising of the operation in progress.

    Next, a box pops up advising that the 2 logs will be created and saved on desktop...

    Waited over 30 minutes (not knowing how long the process should actually take). Still no log files and PC freezes. This would be our 6th attempt at this. :confused:

    Thanks in advance. Again, we understand great volunteers assist here...just trying to get the info for your viewing!!!

    ~Susan & Mike ~
     
  6. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    My brother visited last month and used my laptop while here going to the VA. My laptop has been running horribly since then.

    Redirects in Google and Internet Explorer
    Mouse / keyboard issues - not typing first character, does not backspace or back arrow in browser not working
    Very sluggish

    I could not get the DDS to run and am wondering if it is due to the SSD drive that we replaced the original hard drive out with.

    Please need some guidance on getting back to running normal. Thanks so much!

    Here are some logs to view.

    HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:41:58 PM, on 2/4/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Users\S&M Productions\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?qsrc=14137
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: CrossriderApp0021804 - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\coIEPlg.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    O4 - HKCU\..\Run: [Google Update] "C:\Users\S&M Productions\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\S&M Productions\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
    --
    End of file - 6543 bytes


    Ark.txt Scan:

    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-04 15:16:17
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000069 ATA_____ rev.040H 59.63GB
    Running: gmer.exe; Driver: C:\Users\S&MPRO~1\AppData\Local\Temp\pfdiakod.sys

    ---- System - GMER 2.0 ----
    SSDT 88239AC0 ZwAlertResumeThread
    SSDT 88239BA0 ZwAlertThread
    SSDT 8821F120 ZwAllocateVirtualMemory
    SSDT 87A42198 ZwAlpcConnectPort
    SSDT 881FD898 ZwAssignProcessToJobObject
    SSDT 866F8E38 ZwCreateMutant
    SSDT 881FD5B8 ZwCreateSymbolicLinkObject
    SSDT 87AE8238 ZwCreateThread
    SSDT 881FD6A8 ZwCreateThreadEx
    SSDT 881FD958 ZwDebugActiveProcess
    SSDT 88215120 ZwDuplicateObject
    SSDT 8822F120 ZwFreeVirtualMemory
    SSDT 866F8F28 ZwImpersonateAnonymousToken
    SSDT 882399E0 ZwImpersonateThread
    SSDT 87A475F0 ZwLoadDriver
    SSDT 88234110 ZwMapViewOfSection
    SSDT 866F8D58 ZwOpenEvent
    SSDT 881E5120 ZwOpenProcess
    SSDT 8821A130 ZwOpenProcessToken
    SSDT 866F8B98 ZwOpenSection
    SSDT 881EB120 ZwOpenThread
    SSDT 881FD7A8 ZwProtectVirtualMemory
    SSDT 88239E90 ZwResumeThread
    SSDT 881F7B18 ZwSetContextThread
    SSDT 866F78E8 ZwSetInformationProcess
    SSDT 866F8A50 ZwSetSystemInformation
    SSDT 866F8C78 ZwSuspendProcess
    SSDT 88239F70 ZwSuspendThread
    SSDT 87852C60 ZwTerminateProcess
    SSDT 881F7A38 ZwTerminateThread
    SSDT 88237110 ZwUnmapViewOfSection
    SSDT 88226120 ZwWriteVirtualMemory
    ---- Kernel code sections - GMER 2.0 ----
    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8284BA49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828854D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 8288C510 8 Bytes [C0, 9A, 23, 88, A0, 9B, 23, ...]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8288C528 4 Bytes [20, F1, 21, 88]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 8288C534 4 Bytes [98, 21, A4, 87]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8288C588 4 Bytes [98, D8, 1F, 88]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 8288C604 4 Bytes [38, 8E, 6F, 86]
    .text ...
    .text user32.dll!RecordShutdownReason + 372 778706C2 7 Bytes [E9, 69, 02, 98, 88, EB, F9] {JMP 0x8898026e; JMP 0x0}
    .text sechost.dll!LsaLookupGetDomainInfo 76D34D57 7 Bytes [E9, B4, B4, 4B, 89, EB, F9] {JMP 0x894bb4b9; JMP 0x0}
    .text sechost.dll!SetServiceObjectSecurity + CE 76D3524F 7 Bytes [E9, 84, B1, 4B, 89, EB, F9] {JMP 0x894bb189; JMP 0x0}
    .text sechost.dll!ChangeServiceConfigA + 17C 76D353D0 7 Bytes [E9, AF, B2, 4B, 89, EB, F9] {JMP 0x894bb2b4; JMP 0x0}
    .text sechost.dll!ChangeServiceConfig2W + 95 76D35677 7 Bytes [E9, 40, AE, 4B, 89, EB, F9] {JMP 0x894bae45; JMP 0x0}
    .text sechost.dll!CreateServiceA + 21E 76D3589A 7 Bytes [E9, 8D, A8, 4B, 89, EB, F9] {JMP 0x894ba892; JMP 0x0}
    .text sechost.dll!CreateServiceW + 17E 76D35A1D 7 Bytes [E9, 2A, AE, 4B, 89, EB, F9] {JMP 0x894bae2f; JMP 0x0}
    .text sechost.dll!QueryServiceConfigW + 172 76D35C9B 7 Bytes [E9, 00, A9, 4B, 89, EB, F9] {JMP 0x894ba905; JMP 0x0}
    .text sechost.dll!ControlServiceExA + E7 76D35D87 7 Bytes [E9, DC, A9, 4B, 89, EB, F9] {JMP 0x894ba9e1; JMP 0x0}
    .text sechost.dll!I_ScValidatePnPService + 5A9 76D37146 7 Bytes [E9, FD, 8E, 4B, 89, EB, F9] {JMP 0x894b8f02; JMP 0x0}
    .text sechost.dll!I_ScBroadcastServiceControlMessage + 7B 76D37240 7 Bytes [E9, AF, 90, 4B, 89, EB, F9] {JMP 0x894b90b4; JMP 0x0}
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Winamp\winampa.exe[668] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0002004C
    .text C:\Program Files\Winamp\winampa.exe[668] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 00240930
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0002004C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1564] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 00100930
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1684] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 00A8004C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1684] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 00AA0930
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1728] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0010004C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1728] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 00120930
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1752] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0002004C
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1752] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 002E0930
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1884] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 00A8004C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1884] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 00AA0930
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0002004C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 00300AF4
    .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2268] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0033004C
    .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2268] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 00350930
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2484] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0002004C
    .text C:\Users\S&M Productions\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe[2484] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 001A0930
    .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2764] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0002004C
    .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2764] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 002F0930
    .text C:\Users\S&M Productions\Desktop\gmer.exe[3324] ntdll.dll!NtTerminateThread 77B968D8 5 Bytes JMP 0002004C
    .text C:\Users\S&M Productions\Desktop\gmer.exe[3324] USER32.dll!RecordShutdownReason + 372 778706C2 7 Bytes JMP 001F0930
    ---- User IAT/EAT - GMER 2.0 ----
    IAT C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2708] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C1FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2708] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C1FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2708] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C1FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2708] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C1FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2708] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C1FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2708] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75C1FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    ---- EOF - GMER 2.0 ----

    AdwCleaner Scan:

    # AdwCleaner v2.110 - Logfile created 02/04/2013 at 11:54:08
    # Updated 03/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : S&M Productions - MALSKL-LAPTOPA
    # Boot Mode : Normal
    # Running from : C:\Users\S&M Productions\Desktop\AdwCleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\Program Files\Coupon Companion Plugin
    Folder Found : C:\Users\S&M Productions\AppData\Local\Coupon Companion Plugin
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Found : HKU\S-1-5-21-2735301868-114186544-2551974254-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?qsrc=14137
    -\\ Google Chrome v24.0.1312.57
    File : C:\Users\S&M Productions\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found [l.18] : urls_to_restore_on_startup = [ "hxxp://www.ask.com/" ]
    Found [l.1983] : urls_to_restore_on_startup = [ "hxxp://www.ask.com/" ]
    *************************
    AdwCleaner[R1].txt - [3573 octets] - [04/02/2013 10:30:40]
    AdwCleaner[R2].txt - [3633 octets] - [04/02/2013 10:35:25]
    AdwCleaner[R3].txt - [3693 octets] - [04/02/2013 10:40:09]
    AdwCleaner[R4].txt - [3753 octets] - [04/02/2013 10:44:29]
    AdwCleaner[R5].txt - [3684 octets] - [04/02/2013 11:54:08]
    ########## EOF - C:\AdwCleaner[R5].txt - [3744 octets] ##########


    Un_install List from HiJackThis:

    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.5)
    Coupon Companion Plugin
    eReg
    Google Chrome
    Google Update Helper
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    Java 7 Update 11
    Logitech SetPoint 6.51
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Norton 360 Premier Edition
    Revo Uninstaller 1.94
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Synaptics Pointing Device Driver
    System Requirements Lab for Intel
    TOSHIBA Hardware Setup
    TOSHIBA Supervisor Password
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 2.0.1
    Winamp



    I had started a thread on my husbands computer last week but understand that you all volunteer here. Any assistance would be greatly appreciated.

    Take Care!

    Susan
     
  7. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    P.S. Old Man Flu has had a grip on me so if I did not do anything correctly, please let me know!


    Thought this might be helpful:

    MGADiagnostic:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-6XRF2-3D8JW-3TMT9
    Windows Product Key Hash: 1n4h1Y28BinO8J2ly0m/HCOPQTc=
    Windows Product ID: 00359-112-7173244-85536
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {E989726E-BC3E-425C-941C-FAC1FE3E1C80}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Users\S&M Productions\AppData\Local\RockMelt\Application\rockmelt.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E989726E-BC3E-425C-941C-FAC1FE3E1C80}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3TMT9</PKey><PID>00359-112-7173244-85536</PID><PIDType>5</PIDType><SID>S-1-5-21-2735301868-114186544-2551974254</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L305</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>2.20</Version><SMBIOSVersion major="2" minor="4"/><Date>20091209000000.000000+000</Date></BIOS><HWID>E6863A07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65969</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, RETAIL channel
    Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00170-112-717324-00-1033-7600.0000-1092012
    Installation ID: 022193944423320310710072485475235823146220212845168161
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3TMT9
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 2/4/2013 6:58:12 PM
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 1:25:2013 22:02
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:

    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEAeqiuXbq1Rm6u7yT2xlH2TMA2bGAqhQ==
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC TOSINV TOSINV00
    FACP TOSINV TOSINV00
    HPET TOSINV TOSINV00
    BOOT TOSINV TOSINV00
    MCFG TOSINV TOSINV00
    ASF! TOSINV TOSINV00
    SLIC TOSINV TOSINV00
    SSDT PmRef CpuPm
     
  8. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
    Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz, x64 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 2939 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1341 Mb
    Hard Drives: C: Total - 60954 MB, Free - 39425 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: Norton 360 Premier Edition, Updated and Enabled
     
  9. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    Using Revo Uninstaller I was able to remove the File/Folder: Coupon Companion Plug In.

    During removal it also removed 28 Registry Items. The following were BOLDED:

    Coupon Companion Plug In_RASAI32
    Coupon Companion Plug In_RASMNCS
    Coupon Companion InternalInstaller_RASAPI32
    Coupon Companion InternalInstaller_RASMANCS

    I re-ran HiJackThis and the enteries for that were no longer in the scan log. AwdCleaner did not see them anylonger either.

    I still see that Crossrider thing in the registry. I have not cured/deleted anything at this point in Adwcleaner or done any fixed with HiJackThis.

    Thank you ~ Thank you
     
  10. colorsflashn

    colorsflashn Thread Starter

    Joined:
    Jan 20, 2013
    Messages:
    1,085
    Finding assistance in another forum...working on the 3rd of 5 computers in our Network. Thanks anyway;)
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087737

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice