Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zeroaccess.inf4 ............desporate for some help with this


  • This topic is locked This topic is locked
11 replies to this topic

#1 light190

light190

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 June 2013 - 02:14 AM

Hello, recently my machine has come down with a case of 

zeroaccess.inf4

I Apparently it steals my browsing history, it also ads extensions to browsers and redirects links. virus remove software that i have tried has failed and i cant find anything that shouldn't be on my machine or spot anything running that seams out of place. I saw another post about zeroaccesess today but didnt want to risk trying a solution that wasn't for me. Ive had allot of pc issues recently and cant afford anymore. Would be very grateful for some help, keen for a response 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 10 June 2013 - 03:43 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:
  • Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
  • Click Upload.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 light190

light190
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 June 2013 - 04:58 AM

Hi Marius,

First i should say before you responded i did do a scan with combo fix and my browsers are acting normally now, also when i tried to attach the Gmer.txt, the computer blue screened so i posted the txt last in the post bebeth this one, i hope thats ok

 

here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013
Ran by Floyd (administrator) on 10-06-2013 19:23:24
Running from C:\Users\Floyd\AppData\Local\Opera\Opera\temporary_downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
(ASUS) C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHook64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ZTE Corporation) C:\Program Files\Pre-Paid Telstra WIFI 4G\DeviceMonitor_x64.exe
() C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
() C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe
() C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe
(Dropbox, Inc.) C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
(TP-LINK TECHNOLOGIES CO., LTD.) C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
() C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe [432640 2012-01-23] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-01-23] (Saitek)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [THPanel] "C:\Program Files (x86)\Thunder Master\THPanel.exe" /A [2049904 2012-11-26] (Palit Microsystems Ltd.)
HKCU\...\Run: [CancelAutoPlay] C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe [68096 2012-03-01] ()
HKCU\...\Run: [MediaInfo] C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe [410112 2013-05-27] ()
HKLM-x32\...\Run: [jswtrayutil] "C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe" [36949 2008-05-12] (TP-LINK TECHNOLOGIES CO., LTD.)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2245120 2009-07-24] (VIA)
HKLM-x32\...\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-05-10] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [611968 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [887936 2009-12-28] ()
HKLM-x32\...\Run: [Turbo Key] "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe" [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Floyd\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKU\UpdatusUser\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3111744 2012-04-26] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKU\UpdatusUser\...\Run: [Pinnacle Game Profiler] "C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe" -atboottime [x]
Startup: C:\Users\Floyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Floyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk
ShortcutTarget: RivaTuner.lnk -> C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {585CF756-62D0-474A-B6ED-1B04E7A7A1D9} URL = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
SearchScopes: HKCU - {6FD9D30A-8042-4d3d-89FB-278768F510BE} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\TmBpIe64.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\TmBpIe32.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\TmBpIe64.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\TmBpIe32.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Unity Player) - C:\Users\Floyd\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Floyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Floyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Floyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Floyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Floyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Norton Identity Protection) - C:\Users\Floyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0
CHR Extension: (Gmail) - C:\Users\Floyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2012-04-20] (ASUSTeK Computer Inc.)
R2 DeviceMonitor_MF91; C:\Program Files\Pre-Paid Telstra WIFI 4G\DeviceMonitor_x64.exe [234008 2012-03-29] (ZTE Corporation)
R2 JSWHwBtn; C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe [16384 2008-02-29] ()
S3 jswpsapi; C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
R2 mi-raysat_3dsmax2011_32; C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [86016 2010-03-10] ()
R2 mi-raysat_3dsmax2011_64; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [86016 2010-03-10] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [143928 2012-10-11] (Symantec Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-03-05] (Overwolf Ltd)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-10] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad [x]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-04-20] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-04-20] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2012-04-20] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2012-04-20] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [168096 2012-10-04] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-29] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-10-17] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130607.001\IDSvia64.sys [513184 2013-06-07] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130607.001\IDSvia64.sys [513184 2013-06-07] (Symantec Corporation)
S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2012-03-12] (HandSet Incorporated)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2012-04-20] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130607.018\ENG64.SYS [126040 2013-06-08] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130607.018\ENG64.SYS [126040 2013-06-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130607.018\EX64.SYS [2098776 2013-06-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130607.018\EX64.SYS [2098776 2013-06-08] (Symantec Corporation)
R3 SaiK0CFA; C:\Windows\System32\DRIVERS\SaiK0CFA.sys [183104 2011-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24640 2012-01-24] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52160 2012-01-24] (Saitek)
R3 SaiU0CFA; C:\Windows\System32\DRIVERS\SaiU0CFA.sys [47168 2011-09-20] (Saitek)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1402000.013\SRTSP64.SYS [776864 2012-10-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS [37496 2012-09-07] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1402000.013\SYMDS64.SYS [493216 2012-10-04] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1402000.013\SYMEFA64.SYS [1133216 2012-10-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [224416 2012-09-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1402000.013\SYMNETS.SYS [432800 2012-09-07] (Symantec Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [106000 2012-07-12] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-07-12] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-06-19] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76672 2012-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-03] (Trend Micro Inc.)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 zgdcat; C:\Windows\System32\DRIVERS\zgdcat.sys [130200 2012-03-12] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\System32\DRIVERS\zgdcdiag.sys [130200 2012-03-12] (ZTE Incorporated)
S3 zgdcnet; C:\Windows\System32\DRIVERS\zgdcnet.sys [169496 2012-03-12] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 EIO64; system32\DRIVERS\EIO64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-10 19:23 - 2013-06-10 19:23 - 00000000 ____D C:\FRST
2013-06-10 18:35 - 2013-06-10 18:35 - 00031053 ____A C:\ComboFix.txt
2013-06-10 17:54 - 2013-06-10 17:54 - 00000000 ____D C:\Windows\ERUNT
2013-06-10 17:53 - 2013-06-10 17:53 - 00000000 ____D C:\JRT
2013-06-10 17:46 - 2013-06-10 17:46 - 00006929 ____A C:\AdwCleaner[S1].txt
2013-06-10 17:46 - 2013-06-10 17:46 - 00000172 ____A C:\Windows\DeleteOnReboot.bat
2013-06-10 17:45 - 2013-06-10 17:45 - 00006992 ____A C:\AdwCleaner[R1].txt
2013-06-10 17:03 - 2013-06-10 17:03 - 00688992 ____R (Swearware) C:\Users\Floyd\Desktop\dds.scr
2013-06-10 17:01 - 2013-06-10 17:19 - 56610558 ____A C:\Users\Floyd\Desktop\[rickyl][utw-vivid]_suisei_no_gargantia_-_10.mkv
2013-06-08 13:11 - 2013-06-10 18:36 - 00000000 ____D C:\Qoobox
2013-06-08 13:11 - 2011-06-26 16:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-08 13:11 - 2010-11-08 03:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-08 13:11 - 2009-04-20 14:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-08 13:11 - 2000-08-31 10:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-08 13:11 - 2000-08-31 10:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-08 13:11 - 2000-08-31 10:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-08 13:11 - 2000-08-31 10:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-08 13:11 - 2000-08-31 10:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-08 13:10 - 2013-06-10 18:31 - 00000000 ____D C:\Windows\erdnt
2013-06-08 11:57 - 2013-06-08 11:57 - 00019667 ____A C:\Users\Floyd\Desktop\[kat.ph]mark.of.the.ninja.v1.0.multi6.cracked.theta.torrent
2013-06-08 11:23 - 2013-06-10 19:15 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 11:23 - 2013-06-10 18:28 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 11:23 - 2013-06-08 11:27 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-08 11:10 - 2013-06-10 10:18 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-06-08 10:57 - 2013-06-08 10:57 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-08 10:57 - 2013-06-08 10:57 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-08 10:57 - 2013-06-08 10:57 - 00000000 ____D C:\Program Files\Symantec
2013-06-08 10:57 - 2013-06-08 10:57 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-08 10:56 - 2013-06-08 10:56 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-08 10:56 - 2013-06-08 10:56 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-06-07 23:46 - 2013-06-07 23:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-07 21:56 - 2013-06-07 21:56 - 00000000 ____D C:\Users\Floyd\AppData\Local\Allegorithmic
2013-06-07 21:56 - 2013-06-07 21:56 - 00000000 ____D C:\ProgramData\Allegorithmic
2013-06-07 21:55 - 2013-06-07 21:55 - 00000000 ____D C:\Program Files (x86)\Allegorithmic
2013-06-07 21:13 - 2013-06-07 21:16 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\qBittorrent
2013-06-07 21:13 - 2013-06-07 21:13 - 00000000 ____D C:\Users\Floyd\AppData\Local\qBittorrent
2013-06-03 21:07 - 2013-06-03 21:07 - 00000000 ____D C:\Users\Floyd\Documents\4A Games
2013-06-03 20:55 - 2013-06-03 20:55 - 00000000 ____D C:\Users\Floyd\AppData\Local\CrashDumps
2013-06-03 20:54 - 2013-06-03 20:54 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-06-03 20:48 - 2013-06-03 20:57 - 00000000 ____D C:\Users\Floyd\AppData\Local\Overwolf
2013-06-02 23:59 - 2013-06-02 23:59 - 00000000 ____D C:\Users\Floyd\AppData\Local\4A Games
2013-06-02 23:57 - 2013-06-02 23:57 - 00000000 ____D C:\ProgramData\RELOADED
2013-06-02 23:31 - 2013-06-02 23:56 - 00000000 ____D C:\Program Files (x86)\Metro Last Light
2013-06-02 23:25 - 2013-06-02 23:31 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\MediaInfo
2013-06-02 23:25 - 2013-06-02 23:25 - 00000000 ____D C:\Users\Floyd\AppData\Local\MediaInfo
2013-05-30 14:40 - 2013-05-30 14:40 - 00000000 ____D C:\Users\Floyd\Documents\Inventor Server x64 Direct Connect
2013-05-30 14:16 - 2013-05-30 14:16 - 02745256 ____A (Microsoft Corporation) C:\Users\Floyd\Documents\vcredist_x86.exe
2013-05-30 14:10 - 2013-05-30 14:11 - 04286744 ____A (Microsoft Corporation) C:\Users\Floyd\Documents\vcredist_x64.exe
2013-05-30 14:07 - 2013-05-30 14:07 - 06656424 ____A (Microsoft Corporation) C:\Users\Floyd\Documents\vcredist_IA64.exe
2013-05-30 13:52 - 2013-05-30 14:26 - 00035026 ____A C:\Windows\DirectX.log
2013-05-30 13:10 - 2013-06-10 19:15 - 00003382 ____A C:\Windows\setupact.log
2013-05-30 13:10 - 2013-06-10 18:29 - 00643130 ____A C:\Windows\PFRO.log
2013-05-30 13:10 - 2013-06-03 23:18 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2013-05-30 13:10 - 2013-05-30 13:10 - 00000000 ____A C:\Windows\setuperr.log
2013-05-30 12:38 - 2013-05-30 12:39 - 00000000 ____D C:\Program Files\CCleaner
2013-05-27 23:26 - 2013-06-03 23:18 - 00004140 ____A C:\Windows\DCEBOOT.RST
2013-05-27 00:31 - 2013-04-05 16:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-27 00:31 - 2013-04-05 16:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-27 00:31 - 2013-04-05 16:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-27 00:31 - 2013-04-05 16:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-27 00:31 - 2013-04-05 16:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-27 00:31 - 2013-04-05 16:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-27 00:31 - 2013-04-05 16:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-27 00:31 - 2013-04-05 16:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-27 00:31 - 2013-04-05 16:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-27 00:31 - 2013-04-05 16:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-27 00:31 - 2013-04-05 15:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-27 00:31 - 2013-04-05 15:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-27 00:31 - 2013-04-05 15:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-27 00:31 - 2013-04-05 15:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-27 00:31 - 2013-04-05 15:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-27 00:31 - 2013-04-05 15:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-27 00:31 - 2013-04-05 15:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-27 00:31 - 2013-04-05 15:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-27 00:31 - 2013-04-05 14:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-27 00:31 - 2013-04-05 14:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-27 00:31 - 2013-04-05 13:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-27 00:31 - 2013-04-05 13:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-27 00:30 - 2013-04-05 16:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-27 00:30 - 2013-04-05 16:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-27 00:30 - 2013-04-05 16:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-27 00:30 - 2013-04-05 16:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-27 00:30 - 2013-04-05 15:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-27 00:30 - 2013-04-05 15:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-27 00:30 - 2013-04-05 15:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-27 00:30 - 2013-04-05 15:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-27 00:30 - 2013-04-05 15:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-26 16:24 - 2013-05-26 16:24 - 00000000 ____D C:\Users\Floyd\Desktop\privoxy-3.0.21
2013-05-26 16:18 - 2013-05-26 16:18 - 00000000 ____D C:\Users\Floyd\AppData\Local\Mozilla
2013-05-26 16:17 - 2013-05-26 22:44 - 00000000 ____D C:\Users\Floyd\Desktop\Tor Browser
2013-05-25 12:21 - 2013-05-25 12:21 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-25 12:21 - 2013-05-25 12:21 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-25 12:21 - 2013-05-25 12:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-25 12:21 - 2013-05-25 12:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-25 12:21 - 2013-05-25 12:21 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-25 12:21 - 2013-05-25 12:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-25 12:21 - 2013-05-25 12:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-25 12:21 - 2013-05-25 12:21 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-25 12:21 - 2013-05-25 12:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-25 11:59 - 2013-05-25 11:59 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-24 22:40 - 2013-05-29 23:19 - 00000000 ____D C:\Users\Floyd\Documents\New Unity Project 1
2013-05-24 20:11 - 2013-06-05 23:10 - 00234544 ____A C:\Windows\RegBootClean64.exe
2013-05-22 22:30 - 2013-05-22 22:30 - 00000000 ____D C:\TMRescueDisk
2013-05-19 16:01 - 2012-05-03 05:27 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2013-05-19 16:00 - 2012-07-12 20:29 - 00173504 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-05-19 16:00 - 2012-07-12 20:29 - 00106000 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
2013-05-19 16:00 - 2012-07-12 20:29 - 00076672 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
2013-05-19 16:00 - 2012-06-19 14:44 - 00046392 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\TMEBC64.sys
2013-05-19 15:58 - 2013-05-19 15:58 - 00000059 ____A C:\Windows\System32\SupportTool.exe.bat
2013-05-19 15:55 - 2013-05-19 15:55 - 00000584 ____A C:\Windows\System32\TmInstall.log
2013-05-19 15:49 - 2012-05-03 05:25 - 00232464 ____A (Trend Micro Inc.) C:\Windows\TmNSCIns.dll
2013-05-19 15:49 - 2012-05-03 05:24 - 00525792 ____A (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2013-05-19 15:27 - 2013-05-19 15:27 - 00000036 ____A C:\Users\Floyd\AppData\Local\housecall.guid.cache
2013-05-19 13:45 - 2013-05-22 22:20 - 00000000 ____D C:\Users\Floyd\Documents\New Unity Project
2013-05-19 12:19 - 2013-05-19 12:19 - 00000000 ____D C:\Users\Floyd\Documents\Over the Top Games
2013-05-19 01:10 - 2013-06-03 21:01 - 00000000 ____D C:\Users\Floyd\Documents\Proteus
2013-05-15 16:55 - 2013-04-10 16:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 16:55 - 2013-04-10 16:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 16:55 - 2013-02-27 16:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 16:55 - 2013-02-27 15:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 16:55 - 2013-02-27 15:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 16:55 - 2013-02-27 15:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 16:55 - 2013-02-27 15:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 16:55 - 2013-02-27 14:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 16:55 - 2013-02-27 14:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 16:55 - 2013-02-27 14:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 16:55 - 2011-02-03 21:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 16:54 - 2013-04-10 13:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 16:54 - 2013-03-19 15:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 16:54 - 2013-03-19 15:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-12 11:38 - 2013-05-12 11:38 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-12 11:38 - 2013-05-12 11:38 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-12 11:38 - 2013-05-12 11:38 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-12 11:38 - 2013-05-12 11:38 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-12 11:38 - 2013-05-12 11:38 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-12 11:38 - 2013-05-12 11:38 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-12 11:38 - 2013-05-12 11:38 - 00000000 ____D C:\Program Files\Java
2013-05-11 10:48 - 2013-05-11 10:48 - 00000000 ____D C:\Program Files\Nexus Mod Manager

==================== One Month Modified Files and Folders =======

2013-06-10 19:23 - 2013-06-10 19:23 - 00000000 ____D C:\FRST
2013-06-10 19:22 - 2009-07-14 14:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-10 19:22 - 2009-07-14 14:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-10 19:18 - 2012-11-18 17:50 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\Skype
2013-06-10 19:16 - 2012-11-15 18:48 - 00000000 ___RD C:\Users\Floyd\Dropbox
2013-06-10 19:16 - 2012-11-15 18:43 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\Dropbox
2013-06-10 19:15 - 2013-06-08 11:23 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-10 19:15 - 2013-05-30 13:10 - 00003382 ____A C:\Windows\setupact.log
2013-06-10 19:15 - 2013-03-29 13:11 - 00000105 ____A C:\Windows\DeviceMonitor_x64.exe.log
2013-06-10 19:15 - 2012-05-06 13:25 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-10 19:15 - 2012-04-20 18:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-10 19:15 - 2009-07-14 15:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-10 19:13 - 2012-04-21 10:31 - 01998487 ____A C:\Windows\WindowsUpdate.log
2013-06-10 19:01 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2013-06-10 18:38 - 2012-04-23 20:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-10 18:36 - 2013-06-08 13:11 - 00000000 ____D C:\Qoobox
2013-06-10 18:35 - 2013-06-10 18:35 - 00031053 ____A C:\ComboFix.txt
2013-06-10 18:31 - 2013-06-08 13:10 - 00000000 ____D C:\Windows\erdnt
2013-06-10 18:31 - 2009-07-14 12:34 - 00000215 ____A C:\Windows\system.ini
2013-06-10 18:30 - 2012-04-20 19:39 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-06-10 18:29 - 2013-05-30 13:10 - 00643130 ____A C:\Windows\PFRO.log
2013-06-10 18:28 - 2013-06-08 11:23 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-10 18:08 - 2009-07-14 15:08 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-10 17:54 - 2013-06-10 17:54 - 00000000 ____D C:\Windows\ERUNT
2013-06-10 17:53 - 2013-06-10 17:53 - 00000000 ____D C:\JRT
2013-06-10 17:46 - 2013-06-10 17:46 - 00006929 ____A C:\AdwCleaner[S1].txt
2013-06-10 17:46 - 2013-06-10 17:46 - 00000172 ____A C:\Windows\DeleteOnReboot.bat
2013-06-10 17:45 - 2013-06-10 17:45 - 00006992 ____A C:\AdwCleaner[R1].txt
2013-06-10 17:21 - 2012-12-23 22:54 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\uTorrent
2013-06-10 17:19 - 2013-06-10 17:01 - 56610558 ____A C:\Users\Floyd\Desktop\[rickyl][utw-vivid]_suisei_no_gargantia_-_10.mkv
2013-06-10 17:03 - 2013-06-10 17:03 - 00688992 ____R (Swearware) C:\Users\Floyd\Desktop\dds.scr
2013-06-10 16:09 - 2012-04-22 17:34 - 00000177 ____H C:\dvmexp.idx
2013-06-10 10:18 - 2013-06-08 11:10 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-06-08 14:36 - 2009-07-14 15:13 - 00887612 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-08 13:31 - 2009-07-14 13:20 - 00000000 __RHD C:\users\Default
2013-06-08 13:06 - 2013-05-06 23:04 - 00000000 ____D C:\Users\Floyd\Documents\major
2013-06-08 11:57 - 2013-06-08 11:57 - 00019667 ____A C:\Users\Floyd\Desktop\[kat.ph]mark.of.the.ninja.v1.0.multi6.cracked.theta.torrent
2013-06-08 11:27 - 2013-06-08 11:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-08 11:27 - 2012-04-20 19:22 - 00000000 ____D C:\Users\Floyd\AppData\Local\Google
2013-06-08 10:57 - 2013-06-08 10:57 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-06-08 10:57 - 2013-06-08 10:57 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-06-08 10:57 - 2013-06-08 10:57 - 00000000 ____D C:\Program Files\Symantec
2013-06-08 10:57 - 2013-06-08 10:57 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-06-08 10:56 - 2013-06-08 10:56 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-08 10:56 - 2013-06-08 10:56 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-06-08 10:56 - 2012-04-20 21:12 - 00000000 ____D C:\ProgramData\Norton
2013-06-07 23:46 - 2013-06-07 23:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-07 23:46 - 2012-04-20 19:40 - 00000000 ____D C:\ProgramData\Trend Micro
2013-06-07 21:56 - 2013-06-07 21:56 - 00000000 ____D C:\Users\Floyd\AppData\Local\Allegorithmic
2013-06-07 21:56 - 2013-06-07 21:56 - 00000000 ____D C:\ProgramData\Allegorithmic
2013-06-07 21:55 - 2013-06-07 21:55 - 00000000 ____D C:\Program Files (x86)\Allegorithmic
2013-06-07 21:16 - 2013-06-07 21:13 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\qBittorrent
2013-06-07 21:14 - 2012-04-22 19:13 - 00000000 ____D C:\Users\Floyd\Desktop\Stuff
2013-06-07 21:13 - 2013-06-07 21:13 - 00000000 ____D C:\Users\Floyd\AppData\Local\qBittorrent
2013-06-05 23:10 - 2013-05-24 20:11 - 00234544 ____A C:\Windows\RegBootClean64.exe
2013-06-03 23:18 - 2013-05-30 13:10 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2013-06-03 23:18 - 2013-05-27 23:26 - 00004140 ____A C:\Windows\DCEBOOT.RST
2013-06-03 21:07 - 2013-06-03 21:07 - 00000000 ____D C:\Users\Floyd\Documents\4A Games
2013-06-03 21:01 - 2013-05-19 01:10 - 00000000 ____D C:\Users\Floyd\Documents\Proteus
2013-06-03 20:57 - 2013-06-03 20:48 - 00000000 ____D C:\Users\Floyd\AppData\Local\Overwolf
2013-06-03 20:55 - 2013-06-03 20:55 - 00000000 ____D C:\Users\Floyd\AppData\Local\CrashDumps
2013-06-03 20:54 - 2013-06-03 20:54 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-06-03 15:36 - 2012-05-22 17:47 - 00022064 ____A C:\Windows\DCEBoot64.exe
2013-06-02 23:59 - 2013-06-02 23:59 - 00000000 ____D C:\Users\Floyd\AppData\Local\4A Games
2013-06-02 23:57 - 2013-06-02 23:57 - 00000000 ____D C:\ProgramData\RELOADED
2013-06-02 23:56 - 2013-06-02 23:31 - 00000000 ____D C:\Program Files (x86)\Metro Last Light
2013-06-02 23:31 - 2013-06-02 23:25 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\MediaInfo
2013-06-02 23:25 - 2013-06-02 23:25 - 00000000 ____D C:\Users\Floyd\AppData\Local\MediaInfo
2013-06-02 23:23 - 2012-04-29 13:52 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\DAEMON Tools Pro
2013-06-02 22:58 - 2012-04-22 19:25 - 00000000 ____D C:\Users\Floyd\Desktop\Games
2013-05-30 16:00 - 2012-04-29 17:04 - 00000000 ____D C:\Users\Floyd\AppData\Local\Autodesk
2013-05-30 16:00 - 2012-04-24 21:39 - 00000000 ____D C:\Users\Floyd\Documents\maya
2013-05-30 16:00 - 2012-04-24 21:22 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\Autodesk
2013-05-30 16:00 - 2012-04-24 21:22 - 00000000 ____D C:\ProgramData\Autodesk
2013-05-30 15:54 - 2012-11-18 17:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-30 15:54 - 2012-11-18 17:49 - 00000000 ____D C:\ProgramData\Skype
2013-05-30 14:40 - 2013-05-30 14:40 - 00000000 ____D C:\Users\Floyd\Documents\Inventor Server x64 Direct Connect
2013-05-30 14:39 - 2012-04-29 16:36 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-05-30 14:39 - 2012-04-24 21:30 - 00000000 ____D C:\Program Files (x86)\Autodesk
2013-05-30 14:37 - 2012-04-29 16:36 - 00000000 ____D C:\Program Files\Autodesk
2013-05-30 14:26 - 2013-05-30 13:52 - 00035026 ____A C:\Windows\DirectX.log
2013-05-30 14:16 - 2013-05-30 14:16 - 02745256 ____A (Microsoft Corporation) C:\Users\Floyd\Documents\vcredist_x86.exe
2013-05-30 14:11 - 2013-05-30 14:10 - 04286744 ____A (Microsoft Corporation) C:\Users\Floyd\Documents\vcredist_x64.exe
2013-05-30 14:07 - 2013-05-30 14:07 - 06656424 ____A (Microsoft Corporation) C:\Users\Floyd\Documents\vcredist_IA64.exe
2013-05-30 13:10 - 2013-05-30 13:10 - 00000000 ____A C:\Windows\setuperr.log
2013-05-30 13:08 - 2012-11-29 02:25 - 00000000 ____D C:\Users\Floyd\Documents\doc stuff
2013-05-30 12:55 - 2012-11-18 21:25 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\Media Player Classic
2013-05-30 12:55 - 2012-05-23 09:07 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\BitTorrent
2013-05-30 12:43 - 2012-04-21 11:27 - 00000000 ____D C:\Windows\Panther
2013-05-30 12:43 - 2012-04-21 10:34 - 00000000 ____D C:\Windows\Minidump
2013-05-30 12:39 - 2013-05-30 12:38 - 00000000 ____D C:\Program Files\CCleaner
2013-05-29 23:19 - 2013-05-24 22:40 - 00000000 ____D C:\Users\Floyd\Documents\New Unity Project 1
2013-05-26 22:44 - 2013-05-26 16:17 - 00000000 ____D C:\Users\Floyd\Desktop\Tor Browser
2013-05-26 16:24 - 2013-05-26 16:24 - 00000000 ____D C:\Users\Floyd\Desktop\privoxy-3.0.21
2013-05-26 16:18 - 2013-05-26 16:18 - 00000000 ____D C:\Users\Floyd\AppData\Local\Mozilla
2013-05-26 15:12 - 2013-05-05 20:09 - 00000000 ____D C:\Users\Floyd\AppData\Local\Skyrim
2013-05-26 11:59 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-26 11:59 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-26 11:59 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-26 11:59 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-26 11:59 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-25 12:21 - 2013-05-25 12:21 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-25 12:21 - 2013-05-25 12:21 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-25 12:21 - 2013-05-25 12:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-25 12:21 - 2013-05-25 12:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-25 12:21 - 2013-05-25 12:21 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-25 12:21 - 2013-05-25 12:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-25 12:21 - 2013-05-25 12:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-25 12:21 - 2013-05-25 12:21 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-25 12:21 - 2013-05-25 12:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-25 12:21 - 2013-05-25 12:21 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-25 12:21 - 2013-05-25 12:21 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-25 11:59 - 2013-05-25 11:59 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 11:59 - 2013-05-25 11:59 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-24 22:43 - 2012-04-23 22:01 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\Unity
2013-05-24 22:32 - 2012-04-23 21:58 - 00000000 ____D C:\Users\Floyd\AppData\Local\Unity
2013-05-24 22:32 - 2012-04-23 21:55 - 00000000 ____D C:\Program Files (x86)\Unity
2013-05-24 22:31 - 2012-04-23 21:57 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-05-24 20:06 - 2012-04-20 19:40 - 00000000 ____D C:\Users\Floyd\AppData\Local\Trend Micro
2013-05-22 22:30 - 2013-05-22 22:30 - 00000000 ____D C:\TMRescueDisk
2013-05-22 22:22 - 2012-04-20 17:41 - 00000000 ____D C:\users\Floyd
2013-05-22 22:21 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-05-22 22:20 - 2013-05-19 13:45 - 00000000 ____D C:\Users\Floyd\Documents\New Unity Project
2013-05-22 22:20 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2013-05-22 22:18 - 2012-04-20 20:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-22 18:38 - 2013-05-07 17:13 - 00000000 ____D C:\Users\Floyd\Documents\Nexus Mod Manager
2013-05-22 10:36 - 2011-07-20 04:21 - 00000000 __AHD C:\Users\Floyd\AppData\Local\S62L7Q2MWSXTmK
2013-05-22 10:36 - 2011-02-22 16:19 - 00000000 __AHD C:\Users\Floyd\AppData\Local\twcDqoFIoz4
2013-05-19 15:58 - 2013-05-19 15:58 - 00000059 ____A C:\Windows\System32\SupportTool.exe.bat
2013-05-19 15:55 - 2013-05-19 15:55 - 00000584 ____A C:\Windows\System32\TmInstall.log
2013-05-19 15:27 - 2013-05-19 15:27 - 00000036 ____A C:\Users\Floyd\AppData\Local\housecall.guid.cache
2013-05-19 12:19 - 2013-05-19 12:19 - 00000000 ____D C:\Users\Floyd\Documents\Over the Top Games
2013-05-18 14:06 - 2012-11-15 12:43 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-17 23:24 - 2012-04-29 20:09 - 00000000 ____D C:\Users\Floyd\AppData\Local\Microsoft Help
2013-05-16 23:00 - 2012-12-25 17:39 - 00000000 ____D C:\Users\Floyd\AppData\Roaming\Apple Computer
2013-05-16 23:00 - 2012-12-25 17:39 - 00000000 ____D C:\Users\Floyd\AppData\Local\Apple Computer
2013-05-16 22:39 - 2012-04-23 20:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-16 22:39 - 2012-04-23 20:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-16 22:18 - 2009-07-14 14:45 - 04972320 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 01:24 - 2012-04-29 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 01:22 - 2013-01-04 13:25 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-12 11:38 - 2013-05-12 11:38 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-12 11:38 - 2013-05-12 11:38 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-12 11:38 - 2013-05-12 11:38 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-12 11:38 - 2013-05-12 11:38 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-12 11:38 - 2013-05-12 11:38 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-12 11:38 - 2013-05-12 11:38 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-12 11:38 - 2013-05-12 11:38 - 00000000 ____D C:\Program Files\Java
2013-05-11 10:49 - 2013-05-07 17:13 - 00000000 ____D C:\Users\Floyd\AppData\Local\Black_Tree_Gaming
2013-05-11 10:48 - 2013-05-11 10:48 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-05-11 10:41 - 2012-04-22 19:31 - 00000000 ____D C:\Users\Floyd\Documents\My Games

ZeroAccess:
C:\Windows\Installer\{3c916ff6-81f6-61f4-f39d-4a626e0430a7}
C:\Windows\Installer\{3c916ff6-81f6-61f4-f39d-4a626e0430a7}\L
C:\Windows\Installer\{3c916ff6-81f6-61f4-f39d-4a626e0430a7}\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-05 16:41

==================== End Of Log ============================

 

and the addition

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2013
Ran by Floyd at 2013-06-10 19:24:05 Run:
Running from C:\Users\Floyd\AppData\Local\Opera\Opera\temporary_downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

????? (Version: 1.00.0000)
«The Witcher 2» 3.0 (Version: 3.0)
µTorrent (Version: 3.2.3.28705)
¹–ë‚̉S
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Media Player (Version: 1.8)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Aegisub 3.0.2 (Version: 3.0.2)
AI Suite (Version: 1.06.16)
Allegorithmic Substance Designer 3.x (Version: 3.5.1 build 12119 (2013-04-17))
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Archeblade
ASUS Ai Charger (Version: 1.00.06)
ASUSUpdate (Version: 7.18.03)
Audiosurf
Autodesk 3ds Max 2011 32-bit (Version: 13.0)
Autodesk 3ds Max 2011 32-bit Components (Version: 13.0)
Autodesk 3ds Max 2011 64-bit (Version: 13.0)
Autodesk 3ds Max 2011 64-bit Components (Version: 13.0)
Autodesk Backburner 2013.0.0 (Version: 2013.0.0)
Autodesk DirectConnect 2010 R1 (Version: 4.0.418.0)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0)
Autodesk FBX 2013.3 Plug-in for Maya 2011
Autodesk FBX Converter x64 2013.3
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
Autodesk MatchMover 2011 32-bit (Version: 13.00.0000)
Autodesk MatchMover 2013 64-bit (Version: 14.00.0000)
Autodesk Material Library 2011 (Version: 2.0.0.100)
Autodesk Material Library 2011 Base Image library (Version: 2.0.0.49)
Autodesk Material Library 2011 Medium Image library (Version: 2.0.0.49)
Autodesk Maya 2011 English Documentation 32-bit (Version: 13.0)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0)
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 2.1.3)
Binary Domain
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.02)
Combined Community Codec Pack 2012-12-30 (Version: 2012.12.30.0)
Composite 2011 (64-bit) (Version: 6.0.0)
Composite 2011 (Version: 6.0.0)
Composite 2013 64-bit (Version: 8.0.0)
Cry of Fear
Crystal Reports for Visual Studio (Version: 12.51.0.240)
DAEMON Tools Pro (Version: 5.1.0.0333)
Daum PotPlayer 1.5.32007 x64 Edition
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dotfuscator Software Services - Community Edition (Version: 5.0.2300.0)
Dropbox (Version: 2.0.22)
Dyad
Episode1Beta
EPU-6 Engine (Version: 1.03.02)
ESN Sonar (Version: 0.70.4)
Forge
FormatFactory 2.70 (Version: 2.70)
Fraps (remove only)
Ghost. Elisa Cameron 1.0 (Version: 1.0)
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
Hawken
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (Version: 6.0.310)
Lone Survivor
Mars: War Logs
MechWarrior Online (Version: 1.2.0.0)
MediaInfo
Metro: Last Light © Deep Silver version 1 (Version: 1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.30730.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.30319)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mirror's Edge
MPC-HC 1.6.4.6052 (64-bit) (Version: 1.6.4.6052)
MSVCRT Redists (Version: 1.0)
NewBlue 3D Explosions for Windows (Version: 3.0)
NewBlue 3D Transformations for Windows (Version: 3.0)
NewBlue Art Effects
NewBlue Light Blends for Windows (Version: 3.0)
NewBlue Light Effects for Windows (Version: 3.0)
NewBlue Motion Blends for Windows (Version: 2.4)
NewBlue Paint Blends for Windows
NewBlue Video Essentials for Windows (Version: 3.0)
Nexus Mod Manager (Version: 0.44.11)
Norton Internet Security (Version: 20.2.0.19)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 310.70 (Version: 310.70)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
NyxQuest Demo
OpenAL
Opera 12.15 (Version: 12.15.1748)
Origin (Version: 8.5.2.23)
Overwolf (Version: 0.41.236)
Pandora Service
PC Probe II (Version: 1.04.86)
PDF Settings CS5 (Version: 10.0)
Penumbra Black Plague (Version: 1.0)
Platform (Version: 1.34)
Poker Night 2
Portal
Pre-Paid Telstra WIFI 4G (Version: 8.2088.0.1B09)
Proteus
PunkBuster Services (Version: 0.991)
PxMergeModule (Version: 1.00.0000)
QSS Installation Program (Version: 5.0)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Reason 4.0 (Version: 4.0)
resident evil 4 (Version: 1.00.0000)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (Version: 1.6.02)
Sanctum
Scribblenauts Unlimited
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)
Silent Hill
SILENT HILL 4 (Version: 1.00.000)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.107)
Smart Technology Programming Software 7.0.13.22 (Version: 7.0.13.22)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Steam (Version: 1.0.0.0)
Strike Suit Infinity
Syndicate (Version: 1.0)
System Requirements Lab CYRI (Version: 5.0.6.0)
The Elder Scrolls V: Skyrim
The KMPlayer (remove only) (Version: 3.6.0.87)
The War Z
Thunder Master v1.7 (Version: 1.7.0.1)
Torchlight II
Total War: SHOGUN 2
TP-LINK Wireless Client Utility (Version: 7.0)
Trend Micro Titanium (Version: 6.00)
Trine 2
Turbo Key (Version: 1.01.03)
Unity (Version: )
Unity Web Player (Version: )
Unreal Development Kit: 2011-08
Unreal Development Kit: 2011-09
Unreal Development Kit: 2012-05
Unreal Tournament 3 (Version: 1.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Vegas Pro 12.0 (64-bit) (Version: 12.0.367)
VIA Platform Device Manager (Version: 1.34)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Warframe
Web Deployment Tool (Version: 1.1.0618)
WinRAR 4.11 (64-bit) (Version: 4.11.0)
ZTE LTE Device USB Driver

==================== Restore Points =========================

02-06-2013 14:48:23 Windows Update
08-06-2013 03:11:56 ComboFix created restore point
08-06-2013 03:33:05 Windows Update
10-06-2013 08:15:59 ComboFix created restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2013 07:16:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 07:01:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/10/2013 06:58:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2013 06:57:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2013 06:57:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2013 06:31:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 06:13:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/10/2013 07:17:32 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/10/2013 07:17:32 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/10/2013 07:15:19 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service failed to start due to the following error:
%%2

Error: (06/10/2013 06:32:34 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/10/2013 06:32:34 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/10/2013 06:30:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%5

Error: (06/10/2013 06:30:02 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service failed to start due to the following error:
%%2

Error: (06/10/2013 06:27:57 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/10/2013 06:27:26 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/10/2013 06:27:26 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (06/10/2013 07:16:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 07:01:16 PM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\allegorithmic\substance\Designer\3.x\Allegorithmic Substance Designer 3.5.1 Build 12119.exec:\program files (x86)\allegorithmic\substance\Designer\3.x\Allegorithmic Substance Designer 3.5.1 Build 12119.exe0

Error: (06/10/2013 06:58:34 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe

Error: (06/10/2013 06:57:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2013\python\lib\distutils\command\wininst-8_d.exe

Error: (06/10/2013 06:57:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe

Error: (06/10/2013 06:31:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 06:13:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-06-10 18:27:26.631
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-10 18:27:26.592
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-10 18:27:26.551
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-10 18:27:26.513
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-08 13:22:07.447
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-08 13:22:07.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-21 16:02:43.574
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-21 16:02:43.562
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-21 16:02:42.315
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-21 16:02:42.303
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8190.05 MB
Available physical RAM: 5760.23 MB
Total Pagefile: 16378.29 MB
Available Pagefile: 13760.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:302.77 GB) NTFS (Disk=0 Partition=2)
Drive e: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive f: (WD SmartWare) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF
Drive g: (Big Red) (Fixed) (Total:465.11 GB) (Free:176.15 GB) NTFS (Disk=1 Partition=1)
Drive j: (Stapler-san) (Fixed) (Total:930.86 GB) (Free:747.33 GB) NTFS (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BF554FA9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465 GB) (Disk ID: 00021968)
Partition 1: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



the Gmer

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-10 19:39:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST31000524AS rev.JC4B 931.51GB
Running: gmer.exe; Driver: C:\Users\Floyd\AppData\Local\Temp\pgloypob.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100240210
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100240048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8988a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002403d8
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010024012c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002402f4
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[900] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001002404bc
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 00000001000a091c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 00000001000a0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001000a02ee
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001000a04b2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001000a09fe
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 00000001000a0ae0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 00000001000a012a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 00000001000a0758
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 00000001000a0676
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001000a03d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 00000001000a0594
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 00000001000a083a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 00000001000a020c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001000b059e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 00000001000a0f52
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 00000001000b0210
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 00000001000b0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff896fa9d1}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 00000001000a0ca6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001000b03d8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 00000001000b012c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001000b02f4
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 00000001000a0e6e
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8975a9d1}
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[504] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001002a059e
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff898ea9d1}
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[2140] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 00000001001e091c
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 00000001001e0048
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001001e02ee
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001001e04b2
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001001e09fe
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 00000001001e0ae0
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 00000001001e012a
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 00000001001e0758
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 00000001001e0676
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001001e03d0
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 00000001001e0594
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 00000001001e083a
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 00000001001e020c
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 00000001001e0f52
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 00000001001f0210
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 00000001001f0048
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8983a9d1}
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 00000001001e0ca6
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001001f03d8
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 00000001001f012c
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001001f02f4
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 00000001001e0e6e
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[2200] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001001f04bc
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff898ca9d1}
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe[2336] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001002804bc
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010036091c
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100360048
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001003602ee
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001003604b2
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001003609fe
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100360ae0
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010036012a
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100360758
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100360676
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001003603d0
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100360594
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010036083a
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010036020c
.text C:\Program Files (x86)\Steam\Steam.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007540549c 5 bytes JMP 00000001004a0800
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff898ca9d1}
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe[2432] C:\Windows\syswow64\user32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001002804bc
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010028059e
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff898ca9d1}
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe[2444] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 0000000100100bc2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100110048
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100100d88
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100100f50
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ed1465 2 bytes [ED, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ed14bb 2 bytes [ED, 76]
.text ... * 2
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 00000001003f091c
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 00000001003f0048
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001003f02ee
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001003f04b2
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001003f09fe
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 00000001003f0ae0
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 00000001003f012a
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 00000001003f0758
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 00000001003f0676
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001003f03d0
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 00000001003f0594
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 00000001003f083a
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 00000001003f020c
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 00000001003f0f52
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100430210
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100430048
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff89a7a9d1}
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 00000001003f0ca6
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001004303d8
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010043012c
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001004302f4
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 00000001003f0e6e
.text C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe[2484] C:\Windows\syswow64\user32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001004304bc
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010012059e
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100120210
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100120048
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8976a9d1}
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001001203d8
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010012012c
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001001202f4
.text C:\Program Files (x86)\Thunder Master\THPanel.exe[2556] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100090e6e
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010009091c
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001000909fe
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100090ae0
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010009012a
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100090758
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100090676
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100090594
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010009083a
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010009020c
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001000a04bc
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100090f52
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 00000001000a0210
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 00000001000a0048
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff896ea9d1}
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe[2588] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100090e6e
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010028091c
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100280048
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002802ee
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002804b2
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002809fe
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100280ae0
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010028012a
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100280758
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100280676
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002803d0
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100280594
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010028083a
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010028020c
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100280f52
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100290210
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100290048
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff898da9d1}
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100280ca6
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002903d8
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010029012c
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002902f4
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100280e6e
.text C:\Users\Floyd\AppData\Local\MediaInfo\Formats\mif.exe[2636] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010029059e
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010038091c
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100380048
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001003802ee
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001003804b2
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001003809fe
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100380ae0
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010038012a
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100380758
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100380676
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001003803d0
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100380594
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010038083a
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010038020c
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001003904bc
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100380f52
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100390210
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100390048
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff899da9d1}
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100380ca6
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001003903d8
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010039012c
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001003902f4
.text C:\Users\Floyd\AppData\Roaming\Dropbox\bin\Dropbox.exe[2796] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100380e6e
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010024059e
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100240210
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100240048
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8988a9d1}
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002403d8
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010024012c
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002402f4
.text C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe[2880] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010027020c
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100270f52
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100280210
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100280048
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff898ca9d1}
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100270ca6
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002803d8
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010028012c
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002802f4
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100270e6e
.text C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe[2992] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010028059e
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 00000001005b091c
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 00000001005b0048
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001005b02ee
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001005b04b2
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001005b09fe
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 00000001005b0ae0
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 00000001005b012a
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 00000001005b0758
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 00000001005b0676
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001005b03d0
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 00000001005b0594
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 00000001005b083a
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 00000001005b020c
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001005c059e
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 00000001005b0f52
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 00000001005c0210
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 00000001005c0048
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff89c0a9d1}
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 00000001005b0ca6
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001005c03d8
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 00000001005c012c
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001005c02f4
.text C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe[3052] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 00000001005b0e6e
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100240210
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100240048
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8988a9d1}
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002403d8
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010024012c
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002402f4
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe[3064] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001002404bc
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 00000001001d091c
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 00000001001d0048
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001001d02ee
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001001d04b2
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001001d09fe
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 00000001001d0ae0
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 00000001001d012a
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 00000001001d0758
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 00000001001d0676
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001001d03d0
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 00000001001d0594
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 00000001001d083a
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 00000001001d020c
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001001e059e
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 00000001001d0f52
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 00000001001e0210
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 00000001001e0048
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8982a9d1}
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 00000001001d0ca6
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001001e03d8
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 00000001001e012c
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001001e02f4
.text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[2088] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 00000001001d0e6e
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010021091c
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100210048
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002102ee
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002104b2
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002109fe
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100210ae0
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010021012a
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100210758
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100210676
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002103d0
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100210594
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010021083a
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010021020c
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100210f52
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100220210
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100220048
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8986a9d1}
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100210ca6
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002203d8
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010022012c
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002202f4
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100210e6e
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[3204] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010022059e
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010023091c
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100230048
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002302ee
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002304b2
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002309fe
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100230ae0
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010023012a
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100230758
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100230676
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002303d0
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100230594
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010023083a
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010023020c
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010024059e
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100230f52
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100240210
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100240048
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8988a9d1}
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100230ca6
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002403d8
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010024012c
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002402f4
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100230e6e
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071801a22 2 bytes [80, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071801ad0 2 bytes [80, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071801b08 2 bytes [80, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071801bba 2 bytes [80, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071801bda 2 bytes [80, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ed1465 2 bytes [ED, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ed14bb 2 bytes [ED, 76]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010023091c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100230048
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002302ee
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002304b2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002309fe
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100230ae0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010023012a
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100230758
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100230676
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002303d0
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100230594
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010023083a
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010023020c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010024059e
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100230f52
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100240210
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100240048
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8988a9d1}
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100230ca6
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002403d8
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010024012c
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002402f4
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3380] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010024091c
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100240048
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002402ee
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002404b2
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002409fe
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100240ae0
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010024012a
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100240758
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100240676
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002403d0
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100240594
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010024083a
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010024020c
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100240f52
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 00000001002d0210
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 00000001002d0048
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8991a9d1}
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100240ca6
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002d03d8
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 00000001002d012c
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002d02f4
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100240e6e
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001002d059e
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32c36 4 bytes [24, D9, B9, 68]
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37e43 4 bytes [74, 4C, 09, 66]
.text C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe[3624] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab75de6 4 bytes [20, EF, B9, 68]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007540549c 5 bytes JMP 0000000100140800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 000000010011059e
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff8975a9d1}
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ed1465 2 bytes [ED, 76]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ed14bb 2 bytes [ED, 76]
.text ... * 2
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f1fc90 5 bytes JMP 000000010028091c
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f1fdf4 5 bytes JMP 0000000100280048
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f1fe88 5 bytes JMP 00000001002802ee
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f1ffe4 5 bytes JMP 00000001002804b2
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20018 5 bytes JMP 00000001002809fe
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f20048 5 bytes JMP 0000000100280ae0
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f20064 5 bytes JMP 000000010002004c
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f2077c 5 bytes JMP 000000010028012a
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f2086c 5 bytes JMP 0000000100280758
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f20884 5 bytes JMP 0000000100280676
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f20dd4 5 bytes JMP 00000001002803d0
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076f21900 5 bytes JMP 0000000100280594
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f21bc4 5 bytes JMP 000000010028083a
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076f21d50 5 bytes JMP 000000010028020c
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000769b524f 7 bytes JMP 0000000100280f52
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769b53d0 7 bytes JMP 0000000100290210
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000769b5677 1 byte JMP 0000000100290048
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 00000000769b5679 5 bytes {JMP 0xffffffff898da9d1}
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000769b589a 7 bytes JMP 0000000100280ca6
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000769b5a1d 7 bytes JMP 00000001002903d8
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000769b5c9b 7 bytes JMP 000000010029012c
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000769b5d87 7 bytes JMP 00000001002902f4
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000769b7240 7 bytes JMP 0000000100280e6e
.text C:\Users\Floyd\Desktop\gmer.exe[1932] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074a21492 7 bytes JMP 00000001002904bc

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4844:5048] 000007fefb172a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4844:5072] 000007feef00d618

---- EOF - GMER 2.1 ----

 

thanks allot for your time



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 10 June 2013 - 05:26 AM

Please attach C:\ombofix.txt
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 light190

light190
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 June 2013 - 06:27 AM

done

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 10 June 2013 - 06:33 AM

Combofix took out the files and modifications of the rootkit.

Let´s check we got it completely:

 

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

 

 

 

 

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 light190

light190
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 June 2013 - 06:38 AM

came up with 0 threats

 

21:36:07.0291 5768  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:36:08.0619 5768  ============================================================
21:36:08.0619 5768  Current date / time: 2013/06/10 21:36:08.0619
21:36:08.0619 5768  SystemInfo:
21:36:08.0619 5768  
21:36:08.0619 5768  OS Version: 6.1.7601 ServicePack: 1.0
21:36:08.0619 5768  Product type: Workstation
21:36:08.0619 5768  ComputerName: FLOYD-PC
21:36:08.0619 5768  UserName: Floyd
21:36:08.0619 5768  Windows directory: C:\Windows
21:36:08.0619 5768  System windows directory: C:\Windows
21:36:08.0619 5768  Running under WOW64
21:36:08.0619 5768  Processor architecture: Intel x64
21:36:08.0619 5768  Number of processors: 4
21:36:08.0619 5768  Page size: 0x1000
21:36:08.0619 5768  Boot type: Normal boot
21:36:08.0619 5768  ============================================================
21:36:11.0081 5768  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:36:11.0085 5768  Drive \Device\Harddisk1\DR1 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:36:11.0360 5768  Drive \Device\Harddisk2\DR2 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:36:18.0393 5768  ============================================================
21:36:18.0393 5768  \Device\Harddisk0\DR0:
21:36:18.0393 5768  MBR partitions:
21:36:18.0393 5768  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:36:18.0394 5768  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:36:18.0394 5768  \Device\Harddisk1\DR1:
21:36:18.0394 5768  MBR partitions:
21:36:18.0394 5768  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
21:36:18.0394 5768  \Device\Harddisk2\DR2:
21:36:18.0395 5768  MBR partitions:
21:36:18.0395 5768  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
21:36:18.0395 5768  ============================================================
21:36:18.0432 5768  C: <-> \Device\Harddisk0\DR0\Partition2
21:36:18.0496 5768  G: <-> \Device\Harddisk1\DR1\Partition1
21:36:18.0513 5768  J: <-> \Device\Harddisk2\DR2\Partition1
21:36:18.0513 5768  ============================================================
21:36:18.0514 5768  Initialize success
21:36:18.0514 5768  ============================================================
21:36:20.0938 4676  ============================================================
21:36:20.0938 4676  Scan started
21:36:20.0938 4676  Mode: Manual; 
21:36:20.0938 4676  ============================================================
21:36:22.0321 4676  ================ Scan system memory ========================
21:36:22.0321 4676  System memory - ok
21:36:22.0321 4676  ================ Scan services =============================
21:36:22.0613 4676  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:36:22.0615 4676  1394ohci - ok
21:36:22.0661 4676  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:36:22.0664 4676  ACPI - ok
21:36:22.0680 4676  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:36:22.0681 4676  AcpiPmi - ok
21:36:22.0758 4676  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:36:22.0758 4676  AdobeARMservice - ok
21:36:22.0876 4676  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:22.0877 4676  AdobeFlashPlayerUpdateSvc - ok
21:36:22.0895 4676  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:36:22.0900 4676  adp94xx - ok
21:36:22.0913 4676  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:36:22.0916 4676  adpahci - ok
21:36:22.0926 4676  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:36:22.0928 4676  adpu320 - ok
21:36:22.0957 4676  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:36:22.0957 4676  AeLookupSvc - ok
21:36:23.0006 4676  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:36:23.0010 4676  AFD - ok
21:36:23.0021 4676  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:36:23.0022 4676  agp440 - ok
21:36:23.0059 4676  [ 254A19686E9C8E1B59AC06B7FD1E753C ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
21:36:23.0060 4676  AiCharger - ok
21:36:23.0072 4676  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:36:23.0074 4676  ALG - ok
21:36:23.0087 4676  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:36:23.0088 4676  aliide - ok
21:36:23.0097 4676  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:36:23.0098 4676  amdide - ok
21:36:23.0106 4676  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:36:23.0107 4676  AmdK8 - ok
21:36:23.0113 4676  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:36:23.0115 4676  AmdPPM - ok
21:36:23.0157 4676  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:36:23.0159 4676  amdsata - ok
21:36:23.0163 4676  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:36:23.0165 4676  amdsbs - ok
21:36:23.0178 4676  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:36:23.0178 4676  amdxata - ok
21:36:23.0244 4676  Amsp - ok
21:36:23.0287 4676  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:36:23.0288 4676  AppID - ok
21:36:23.0291 4676  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:36:23.0292 4676  AppIDSvc - ok
21:36:23.0333 4676  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
21:36:23.0334 4676  Appinfo - ok
21:36:23.0437 4676  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:36:23.0437 4676  Apple Mobile Device - ok
21:36:23.0452 4676  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:36:23.0454 4676  arc - ok
21:36:23.0469 4676  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:36:23.0471 4676  arcsas - ok
21:36:23.0541 4676  [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
21:36:23.0542 4676  AsIO - ok
21:36:23.0604 4676  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:36:23.0606 4676  aspnet_state - ok
21:36:23.0641 4676  [ 954FFBFF05B0B60EB63B52AF561436C4 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
21:36:23.0641 4676  AsSysCtrlService - ok
21:36:23.0686 4676  [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
21:36:23.0687 4676  AsUpIO - ok
21:36:23.0724 4676  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:36:23.0726 4676  AsyncMac - ok
21:36:23.0737 4676  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:36:23.0737 4676  atapi - ok
21:36:23.0825 4676  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:36:23.0850 4676  athr - ok
21:36:23.0880 4676  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:36:23.0884 4676  AudioEndpointBuilder - ok
21:36:23.0892 4676  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:36:23.0895 4676  AudioSrv - ok
21:36:23.0940 4676  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:36:23.0941 4676  AxInstSV - ok
21:36:23.0982 4676  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:36:23.0986 4676  b06bdrv - ok
21:36:24.0018 4676  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:36:24.0021 4676  b57nd60a - ok
21:36:24.0039 4676  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:36:24.0041 4676  BDESVC - ok
21:36:24.0082 4676  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:36:24.0083 4676  Beep - ok
21:36:24.0139 4676  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:36:24.0144 4676  BFE - ok
21:36:24.0561 4676  [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys
21:36:24.0567 4676  BHDrvx64 - ok
21:36:24.0623 4676  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:36:24.0630 4676  BITS - ok
21:36:24.0662 4676  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:36:24.0664 4676  blbdrive - ok
21:36:24.0731 4676  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:36:24.0733 4676  Bonjour Service - ok
21:36:24.0776 4676  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:36:24.0777 4676  bowser - ok
21:36:24.0827 4676  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:36:24.0828 4676  BrFiltLo - ok
21:36:24.0832 4676  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:36:24.0832 4676  BrFiltUp - ok
21:36:24.0844 4676  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:36:24.0846 4676  BridgeMP - ok
21:36:24.0894 4676  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:36:24.0895 4676  Browser - ok
21:36:24.0915 4676  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:36:24.0918 4676  Brserid - ok
21:36:24.0929 4676  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:36:24.0931 4676  BrSerWdm - ok
21:36:24.0933 4676  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:36:24.0934 4676  BrUsbMdm - ok
21:36:24.0937 4676  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:36:24.0937 4676  BrUsbSer - ok
21:36:24.0945 4676  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:36:24.0947 4676  BTHMODEM - ok
21:36:24.0973 4676  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:36:24.0974 4676  bthserv - ok
21:36:24.0976 4676  catchme - ok
21:36:25.0088 4676  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys
21:36:25.0089 4676  ccSet_NIS - ok
21:36:25.0099 4676  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:36:25.0101 4676  cdfs - ok
21:36:25.0147 4676  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:36:25.0149 4676  cdrom - ok
21:36:25.0192 4676  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:36:25.0193 4676  CertPropSvc - ok
21:36:25.0207 4676  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:36:25.0208 4676  circlass - ok
21:36:25.0224 4676  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:36:25.0227 4676  CLFS - ok
21:36:25.0290 4676  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:25.0292 4676  clr_optimization_v2.0.50727_32 - ok
21:36:25.0320 4676  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:36:25.0322 4676  clr_optimization_v2.0.50727_64 - ok
21:36:25.0415 4676  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:36:25.0416 4676  clr_optimization_v4.0.30319_32 - ok
21:36:25.0446 4676  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:36:25.0448 4676  clr_optimization_v4.0.30319_64 - ok
21:36:25.0464 4676  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:36:25.0464 4676  CmBatt - ok
21:36:25.0467 4676  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:36:25.0467 4676  cmdide - ok
21:36:25.0512 4676  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:36:25.0516 4676  CNG - ok
21:36:25.0525 4676  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:36:25.0526 4676  Compbatt - ok
21:36:25.0567 4676  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:36:25.0568 4676  CompositeBus - ok
21:36:25.0571 4676  COMSysApp - ok
21:36:25.0588 4676  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:36:25.0590 4676  crcdisk - ok
21:36:25.0632 4676  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:36:25.0633 4676  CryptSvc - ok
21:36:25.0654 4676  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:36:25.0657 4676  DcomLaunch - ok
21:36:25.0677 4676  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:36:25.0680 4676  defragsvc - ok
21:36:25.0774 4676  [ 202FE619DDEABABFD4EC12CF9404C264 ] DeviceMonitor_MF91 C:\Program Files\Pre-Paid Telstra WIFI 4G\DeviceMonitor_x64.exe
21:36:25.0775 4676  DeviceMonitor_MF91 - ok
21:36:25.0787 4676  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:36:25.0790 4676  DfsC - ok
21:36:25.0845 4676  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:36:25.0847 4676  Dhcp - ok
21:36:25.0854 4676  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:36:25.0854 4676  discache - ok
21:36:25.0890 4676  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:36:25.0891 4676  Disk - ok
21:36:25.0934 4676  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:36:25.0935 4676  Dnscache - ok
21:36:25.0947 4676  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:36:25.0950 4676  dot3svc - ok
21:36:25.0964 4676  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:36:25.0965 4676  DPS - ok
21:36:26.0012 4676  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:36:26.0014 4676  drmkaud - ok
21:36:26.0066 4676  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:36:26.0067 4676  dtsoftbus01 - ok
21:36:26.0120 4676  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:36:26.0124 4676  DXGKrnl - ok
21:36:26.0164 4676  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:36:26.0165 4676  EapHost - ok
21:36:26.0214 4676  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:36:26.0273 4676  ebdrv - ok
21:36:26.0353 4676  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:36:26.0355 4676  eeCtrl - ok
21:36:26.0393 4676  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:36:26.0393 4676  EFS - ok
21:36:26.0463 4676  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:36:26.0469 4676  ehRecvr - ok
21:36:26.0476 4676  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:36:26.0478 4676  ehSched - ok
21:36:26.0498 4676  EIO64 - ok
21:36:26.0526 4676  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:36:26.0531 4676  elxstor - ok
21:36:26.0595 4676  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:36:26.0596 4676  EraserUtilRebootDrv - ok
21:36:26.0615 4676  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:36:26.0616 4676  ErrDev - ok
21:36:26.0637 4676  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:36:26.0639 4676  EventSystem - ok
21:36:26.0656 4676  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:36:26.0659 4676  exfat - ok
21:36:26.0678 4676  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:36:26.0680 4676  fastfat - ok
21:36:26.0707 4676  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:36:26.0714 4676  Fax - ok
21:36:26.0730 4676  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:36:26.0731 4676  fdc - ok
21:36:26.0742 4676  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:36:26.0742 4676  fdPHost - ok
21:36:26.0746 4676  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:36:26.0746 4676  FDResPub - ok
21:36:26.0787 4676  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:36:26.0789 4676  FileInfo - ok
21:36:26.0797 4676  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:36:26.0798 4676  Filetrace - ok
21:36:26.0880 4676  [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:36:26.0889 4676  FLEXnet Licensing Service - ok
21:36:26.0979 4676  [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
21:36:26.0986 4676  FLEXnet Licensing Service 64 - ok
21:36:27.0031 4676  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:36:27.0032 4676  flpydisk - ok
21:36:27.0048 4676  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:36:27.0051 4676  FltMgr - ok
21:36:27.0120 4676  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:36:27.0128 4676  FontCache - ok
21:36:27.0168 4676  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:36:27.0170 4676  FontCache3.0.0.0 - ok
21:36:27.0179 4676  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:36:27.0181 4676  FsDepends - ok
21:36:27.0222 4676  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:36:27.0222 4676  Fs_Rec - ok
21:36:27.0268 4676  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:36:27.0270 4676  fvevol - ok
21:36:27.0280 4676  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:36:27.0281 4676  gagp30kx - ok
21:36:27.0329 4676  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:36:27.0334 4676  gpsvc - ok
21:36:27.0427 4676  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:27.0428 4676  gupdate - ok
21:36:27.0431 4676  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:27.0432 4676  gupdatem - ok
21:36:27.0435 4676  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:36:27.0435 4676  hcw85cir - ok
21:36:27.0487 4676  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:36:27.0490 4676  HdAudAddService - ok
21:36:27.0522 4676  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:36:27.0524 4676  HDAudBus - ok
21:36:27.0526 4676  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:36:27.0527 4676  HidBatt - ok
21:36:27.0539 4676  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:36:27.0541 4676  HidBth - ok
21:36:27.0544 4676  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:36:27.0545 4676  HidIr - ok
21:36:27.0559 4676  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:36:27.0560 4676  hidserv - ok
21:36:27.0615 4676  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:36:27.0616 4676  HidUsb - ok
21:36:27.0632 4676  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:36:27.0634 4676  hkmsvc - ok
21:36:27.0646 4676  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:36:27.0649 4676  HomeGroupListener - ok
21:36:27.0665 4676  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:36:27.0666 4676  HomeGroupProvider - ok
21:36:27.0674 4676  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:36:27.0682 4676  HpSAMD - ok
21:36:27.0703 4676  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:36:27.0710 4676  HTTP - ok
21:36:27.0720 4676  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:36:27.0720 4676  hwpolicy - ok
21:36:27.0731 4676  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:36:27.0733 4676  i8042prt - ok
21:36:27.0784 4676  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:36:27.0788 4676  iaStorV - ok
21:36:27.0870 4676  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:36:27.0871 4676  IDriverT - ok
21:36:27.0917 4676  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:36:27.0924 4676  idsvc - ok
21:36:28.0107 4676  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130607.001\IDSvia64.sys
21:36:28.0110 4676  IDSVia64 - ok
21:36:28.0131 4676  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:36:28.0133 4676  iirsp - ok
21:36:28.0151 4676  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:36:28.0157 4676  IKEEXT - ok
21:36:28.0172 4676  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:36:28.0174 4676  intelide - ok
21:36:28.0214 4676  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:36:28.0215 4676  intelppm - ok
21:36:28.0224 4676  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:36:28.0226 4676  IPBusEnum - ok
21:36:28.0236 4676  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:36:28.0238 4676  IpFilterDriver - ok
21:36:28.0316 4676  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:36:28.0320 4676  iphlpsvc - ok
21:36:28.0338 4676  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:36:28.0339 4676  IPMIDRV - ok
21:36:28.0348 4676  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:36:28.0350 4676  IPNAT - ok
21:36:28.0380 4676  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:36:28.0381 4676  IRENUM - ok
21:36:28.0420 4676  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:36:28.0421 4676  isapnp - ok
21:36:28.0436 4676  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:36:28.0439 4676  iScsiPrt - ok
21:36:28.0464 4676  [ 7682CACF67B92FECEE4EF637EA12A47C ] JSWHwBtn        C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
21:36:28.0465 4676  JSWHwBtn - ok
21:36:28.0487 4676  [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi        C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe
21:36:28.0495 4676  jswpsapi - ok
21:36:28.0509 4676  [ 9D86C5091209CA4BD3762BED6F654501 ] JSWPSLWF        C:\Windows\system32\DRIVERS\jswpslwfx.sys
21:36:28.0510 4676  JSWPSLWF - ok
21:36:28.0517 4676  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:36:28.0517 4676  kbdclass - ok
21:36:28.0527 4676  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:36:28.0528 4676  kbdhid - ok
21:36:28.0540 4676  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:36:28.0541 4676  KeyIso - ok
21:36:28.0547 4676  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:36:28.0548 4676  KSecDD - ok
21:36:28.0559 4676  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:36:28.0560 4676  KSecPkg - ok
21:36:28.0564 4676  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:36:28.0564 4676  ksthunk - ok
21:36:28.0589 4676  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:36:28.0594 4676  KtmRm - ok
21:36:28.0639 4676  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:36:28.0641 4676  LanmanServer - ok
21:36:28.0660 4676  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:36:28.0663 4676  LanmanWorkstation - ok
21:36:28.0725 4676  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:36:28.0727 4676  lltdio - ok
21:36:28.0740 4676  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:36:28.0743 4676  lltdsvc - ok
21:36:28.0760 4676  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:36:28.0761 4676  lmhosts - ok
21:36:28.0797 4676  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:36:28.0800 4676  LSI_FC - ok
21:36:28.0840 4676  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:36:28.0842 4676  LSI_SAS - ok
21:36:28.0851 4676  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:36:28.0852 4676  LSI_SAS2 - ok
21:36:28.0861 4676  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:36:28.0863 4676  LSI_SCSI - ok
21:36:28.0877 4676  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:36:28.0879 4676  luafv - ok
21:36:28.0954 4676  [ 22D01516948417C8A224A25694C99ECD ] massfilter_lte  C:\Windows\system32\drivers\massfilter_lte.sys
21:36:28.0955 4676  massfilter_lte - ok
21:36:28.0973 4676  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:36:28.0975 4676  Mcx2Svc - ok
21:36:28.0982 4676  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:36:28.0983 4676  megasas - ok
21:36:29.0000 4676  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:36:29.0003 4676  MegaSR - ok
21:36:29.0149 4676  [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2011_32 C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
21:36:29.0149 4676  mi-raysat_3dsmax2011_32 - ok
21:36:29.0283 4676  [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2011_64 C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
21:36:29.0284 4676  mi-raysat_3dsmax2011_64 - ok
21:36:29.0356 4676  Microsoft SharePoint Workspace Audit Service - ok
21:36:29.0387 4676  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:36:29.0388 4676  MMCSS - ok
21:36:29.0399 4676  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:36:29.0401 4676  Modem - ok
21:36:29.0440 4676  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:36:29.0441 4676  monitor - ok
21:36:29.0447 4676  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:36:29.0447 4676  mouclass - ok
21:36:29.0450 4676  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:36:29.0451 4676  mouhid - ok
21:36:29.0463 4676  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:36:29.0464 4676  mountmgr - ok
21:36:29.0481 4676  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:36:29.0483 4676  mpio - ok
21:36:29.0501 4676  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:36:29.0502 4676  mpsdrv - ok
21:36:29.0556 4676  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:36:29.0563 4676  MpsSvc - ok
21:36:29.0580 4676  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:36:29.0582 4676  MRxDAV - ok
21:36:29.0624 4676  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:36:29.0626 4676  mrxsmb - ok
21:36:29.0639 4676  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:36:29.0643 4676  mrxsmb10 - ok
21:36:29.0649 4676  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:36:29.0651 4676  mrxsmb20 - ok
21:36:29.0666 4676  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:36:29.0667 4676  msahci - ok
21:36:29.0684 4676  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:36:29.0685 4676  msdsm - ok
21:36:29.0700 4676  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:36:29.0702 4676  MSDTC - ok
21:36:29.0720 4676  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:36:29.0721 4676  Msfs - ok
21:36:29.0728 4676  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:36:29.0729 4676  mshidkmdf - ok
21:36:29.0738 4676  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:36:29.0738 4676  msisadrv - ok
21:36:29.0759 4676  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:36:29.0761 4676  MSiSCSI - ok
21:36:29.0764 4676  msiserver - ok
21:36:29.0801 4676  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:36:29.0802 4676  MSKSSRV - ok
21:36:29.0809 4676  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:36:29.0810 4676  MSPCLOCK - ok
21:36:29.0823 4676  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:36:29.0824 4676  MSPQM - ok
21:36:29.0842 4676  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:36:29.0845 4676  MsRPC - ok
21:36:29.0856 4676  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:36:29.0857 4676  mssmbios - ok
21:36:29.0919 4676  MSSQL$SQLEXPRESS - ok
21:36:30.0012 4676  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:36:30.0014 4676  MSSQLServerADHelper100 - ok
21:36:30.0026 4676  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:36:30.0027 4676  MSTEE - ok
21:36:30.0033 4676  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:36:30.0034 4676  MTConfig - ok
21:36:30.0071 4676  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
21:36:30.0071 4676  MTsensor - ok
21:36:30.0083 4676  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:36:30.0084 4676  Mup - ok
21:36:30.0108 4676  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:36:30.0112 4676  napagent - ok
21:36:30.0148 4676  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:36:30.0151 4676  NativeWifiP - ok
21:36:30.0269 4676  [ 56540E526B46E379A476FB5BC381B290 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130607.018\ENG64.SYS
21:36:30.0269 4676  NAVENG - ok
21:36:30.0313 4676  [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130607.018\EX64.SYS
21:36:30.0347 4676  NAVEX15 - ok
21:36:30.0412 4676  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:36:30.0416 4676  NDIS - ok
21:36:30.0423 4676  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:36:30.0425 4676  NdisCap - ok
21:36:30.0457 4676  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:36:30.0458 4676  NdisTapi - ok
21:36:30.0470 4676  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:36:30.0472 4676  Ndisuio - ok
21:36:30.0483 4676  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:30.0485 4676  NdisWan - ok
21:36:30.0497 4676  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:36:30.0498 4676  NDProxy - ok
21:36:30.0507 4676  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:36:30.0508 4676  NetBIOS - ok
21:36:30.0518 4676  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:36:30.0521 4676  NetBT - ok
21:36:30.0556 4676  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:36:30.0556 4676  Netlogon - ok
21:36:30.0596 4676  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:36:30.0599 4676  Netman - ok
21:36:30.0660 4676  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:30.0663 4676  NetMsmqActivator - ok
21:36:30.0666 4676  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:30.0667 4676  NetPipeActivator - ok
21:36:30.0674 4676  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:36:30.0676 4676  netprofm - ok
21:36:30.0679 4676  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:30.0680 4676  NetTcpActivator - ok
21:36:30.0683 4676  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:30.0684 4676  NetTcpPortSharing - ok
21:36:30.0705 4676  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:36:30.0707 4676  nfrd960 - ok
21:36:30.0863 4676  [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
21:36:30.0864 4676  NIS - ok
21:36:30.0884 4676  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:36:30.0887 4676  NlaSvc - ok
21:36:30.0899 4676  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:36:30.0900 4676  Npfs - ok
21:36:30.0907 4676  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:36:30.0907 4676  nsi - ok
21:36:30.0910 4676  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:36:30.0911 4676  nsiproxy - ok
21:36:30.0973 4676  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:36:30.0999 4676  Ntfs - ok
21:36:31.0005 4676  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:36:31.0006 4676  Null - ok
21:36:31.0061 4676  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:36:31.0062 4676  NVHDA - ok
21:36:31.0241 4676  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:36:31.0282 4676  nvlddmkm - ok
21:36:31.0342 4676  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:36:31.0344 4676  nvraid - ok
21:36:31.0354 4676  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:36:31.0356 4676  nvstor - ok
21:36:31.0417 4676  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:36:31.0421 4676  nvsvc - ok
21:36:31.0489 4676  [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:36:31.0506 4676  nvUpdatusService - ok
21:36:31.0517 4676  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:36:31.0519 4676  nv_agp - ok
21:36:31.0533 4676  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:36:31.0534 4676  ohci1394 - ok
21:36:31.0622 4676  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:31.0624 4676  ose - ok
21:36:31.0745 4676  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:36:31.0765 4676  osppsvc - ok
21:36:31.0867 4676  [ EFB70605E19975033850371B83364EF1 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
21:36:31.0869 4676  OverwolfUpdaterService - ok
21:36:31.0890 4676  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:36:31.0893 4676  p2pimsvc - ok
21:36:31.0911 4676  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:36:31.0915 4676  p2psvc - ok
21:36:32.0030 4676  [ 1011C779C9FCD01AFA96490C86A50421 ] PanService      C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
21:36:32.0033 4676  PanService - ok
21:36:32.0049 4676  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
21:36:32.0050 4676  Parport - ok
21:36:32.0092 4676  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:36:32.0093 4676  partmgr - ok
21:36:32.0108 4676  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:36:32.0109 4676  PcaSvc - ok
21:36:32.0118 4676  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:36:32.0120 4676  pci - ok
21:36:32.0130 4676  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:36:32.0131 4676  pciide - ok
21:36:32.0143 4676  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:36:32.0146 4676  pcmcia - ok
21:36:32.0160 4676  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:36:32.0161 4676  pcw - ok
21:36:32.0174 4676  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:36:32.0179 4676  PEAUTH - ok
21:36:32.0253 4676  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:36:32.0255 4676  PerfHost - ok
21:36:32.0313 4676  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:36:32.0338 4676  pla - ok
21:36:32.0363 4676  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:36:32.0366 4676  PlugPlay - ok
21:36:32.0392 4676  PnkBstrA - ok
21:36:32.0414 4676  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:36:32.0416 4676  PNRPAutoReg - ok
21:36:32.0431 4676  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:36:32.0433 4676  PNRPsvc - ok
21:36:32.0462 4676  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:36:32.0467 4676  PolicyAgent - ok
21:36:32.0506 4676  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:36:32.0507 4676  Power - ok
21:36:32.0547 4676  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:36:32.0549 4676  PptpMiniport - ok
21:36:32.0563 4676  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:36:32.0564 4676  Processor - ok
21:36:32.0604 4676  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:36:32.0668 4676  ProfSvc - ok
21:36:32.0720 4676  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:36:32.0721 4676  ProtectedStorage - ok
21:36:32.0839 4676  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:36:32.0871 4676  Psched - ok
21:36:32.0916 4676  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
21:36:32.0916 4676  PxHlpa64 - ok
21:36:32.0944 4676  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:36:32.0970 4676  ql2300 - ok
21:36:32.0974 4676  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:36:32.0976 4676  ql40xx - ok
21:36:33.0001 4676  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:36:33.0004 4676  QWAVE - ok
21:36:33.0015 4676  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:36:33.0016 4676  QWAVEdrv - ok
21:36:33.0030 4676  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:36:33.0031 4676  RasAcd - ok
21:36:33.0085 4676  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:33.0086 4676  RasAgileVpn - ok
21:36:33.0099 4676  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:36:33.0101 4676  RasAuto - ok
21:36:33.0111 4676  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:33.0113 4676  Rasl2tp - ok
21:36:33.0148 4676  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:36:33.0151 4676  RasMan - ok
21:36:33.0161 4676  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:33.0162 4676  RasPppoe - ok
21:36:33.0173 4676  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:36:33.0174 4676  RasSstp - ok
21:36:33.0188 4676  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:36:33.0192 4676  rdbss - ok
21:36:33.0199 4676  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:36:33.0200 4676  rdpbus - ok
21:36:33.0213 4676  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:36:33.0213 4676  RDPCDD - ok
21:36:33.0224 4676  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:36:33.0224 4676  RDPENCDD - ok
21:36:33.0236 4676  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:36:33.0236 4676  RDPREFMP - ok
21:36:33.0279 4676  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:36:33.0282 4676  RDPWD - ok
21:36:33.0300 4676  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:36:33.0302 4676  rdyboost - ok
21:36:33.0439 4676  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:36:33.0463 4676  RemoteAccess - ok
21:36:33.0507 4676  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:36:33.0509 4676  RemoteRegistry - ok
21:36:33.0557 4676  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:36:33.0558 4676  RpcEptMapper - ok
21:36:33.0580 4676  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:36:33.0598 4676  RpcLocator - ok
21:36:33.0663 4676  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:36:33.0666 4676  RpcSs - ok
21:36:33.0718 4676  [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
21:36:33.0721 4676  RsFx0103 - ok
21:36:33.0741 4676  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:36:33.0743 4676  rspndr - ok
21:36:33.0761 4676  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:36:33.0763 4676  RTL8167 - ok
21:36:33.0821 4676  [ ACBB94340905D4596C2B10B622160D02 ] SaiK0CFA        C:\Windows\system32\DRIVERS\SaiK0CFA.sys
21:36:33.0822 4676  SaiK0CFA - ok
21:36:33.0874 4676  [ E124BCFB55ADCD4AA273E73C3D666F9F ] SaiMini         C:\Windows\system32\DRIVERS\SaiMini.sys
21:36:33.0875 4676  SaiMini - ok
21:36:33.0897 4676  [ 94AB59E2D3F301DC2B6EA97A027CEBFA ] SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
21:36:33.0897 4676  SaiNtBus - ok
21:36:33.0915 4676  [ C4541B918865B015E4B04416E456AAB7 ] SaiU0CFA        C:\Windows\system32\DRIVERS\SaiU0CFA.sys
21:36:33.0916 4676  SaiU0CFA - ok
21:36:33.0927 4676  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:36:33.0928 4676  SamSs - ok
21:36:33.0937 4676  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:36:33.0939 4676  sbp2port - ok
21:36:33.0967 4676  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:36:33.0970 4676  SCardSvr - ok
21:36:33.0980 4676  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:36:33.0981 4676  scfilter - ok
21:36:34.0006 4676  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:36:34.0015 4676  Schedule - ok
21:36:34.0033 4676  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:36:34.0034 4676  SCPolicySvc - ok
21:36:34.0046 4676  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:36:34.0049 4676  SDRSVC - ok
21:36:34.0082 4676  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:36:34.0084 4676  secdrv - ok
21:36:34.0089 4676  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:36:34.0090 4676  seclogon - ok
21:36:34.0103 4676  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:36:34.0104 4676  SENS - ok
21:36:34.0113 4676  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:36:34.0115 4676  SensrSvc - ok
21:36:34.0125 4676  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:36:34.0126 4676  Serenum - ok
21:36:34.0174 4676  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:36:34.0175 4676  Serial - ok
21:36:34.0214 4676  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:36:34.0215 4676  sermouse - ok
21:36:34.0232 4676  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:36:34.0235 4676  SessionEnv - ok
21:36:34.0237 4676  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:36:34.0238 4676  sffdisk - ok
21:36:34.0240 4676  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:36:34.0241 4676  sffp_mmc - ok
21:36:34.0244 4676  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:36:34.0244 4676  sffp_sd - ok
21:36:34.0247 4676  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:36:34.0248 4676  sfloppy - ok
21:36:34.0294 4676  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:36:34.0297 4676  SharedAccess - ok
21:36:34.0307 4676  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:36:34.0309 4676  ShellHWDetection - ok
21:36:34.0322 4676  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:36:34.0323 4676  SiSRaid2 - ok
21:36:34.0335 4676  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:36:34.0336 4676  SiSRaid4 - ok
21:36:34.0461 4676  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:36:34.0495 4676  Skype C2C Service - ok
21:36:34.0596 4676  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:36:34.0598 4676  SkypeUpdate - ok
21:36:34.0601 4676  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:36:34.0603 4676  Smb - ok
21:36:34.0640 4676  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:36:34.0642 4676  SNMPTRAP - ok
21:36:34.0651 4676  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:36:34.0651 4676  spldr - ok
21:36:34.0695 4676  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:36:34.0698 4676  Spooler - ok
21:36:34.0755 4676  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:36:34.0770 4676  sppsvc - ok
21:36:34.0793 4676  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:36:34.0795 4676  sppuinotify - ok
21:36:34.0873 4676  [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
21:36:34.0878 4676  SQLAgent$SQLEXPRESS - ok
21:36:34.0919 4676  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:36:34.0922 4676  SQLBrowser - ok
21:36:34.0944 4676  [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:36:34.0945 4676  SQLWriter - ok
21:36:35.0095 4676  [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP           C:\Windows\system32\drivers\NISx64\1402000.013\SRTSP64.SYS
21:36:35.0102 4676  SRTSP - ok
21:36:35.0124 4676  [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS
21:36:35.0124 4676  SRTSPX - ok
21:36:35.0167 4676  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:36:35.0171 4676  srv - ok
21:36:35.0187 4676  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:36:35.0191 4676  srv2 - ok
21:36:35.0204 4676  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:36:35.0206 4676  srvnet - ok
21:36:35.0246 4676  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:36:35.0248 4676  SSDPSRV - ok
21:36:35.0258 4676  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:36:35.0259 4676  SstpSvc - ok
21:36:35.0323 4676  Steam Client Service - ok
21:36:35.0399 4676  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:36:35.0401 4676  Stereo Service - ok
21:36:35.0413 4676  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:36:35.0414 4676  stexstor - ok
21:36:35.0462 4676  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:36:35.0467 4676  stisvc - ok
21:36:35.0476 4676  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:36:35.0477 4676  swenum - ok
21:36:35.0546 4676  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:36:35.0551 4676  SwitchBoard - ok
21:36:35.0568 4676  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:36:35.0573 4676  swprv - ok
21:36:35.0620 4676  [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS           C:\Windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS
21:36:35.0625 4676  SymDS - ok
21:36:35.0723 4676  [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA          C:\Windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS
21:36:35.0734 4676  SymEFA - ok
21:36:35.0766 4676  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:36:35.0767 4676  SymEvent - ok
21:36:35.0794 4676  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS
21:36:35.0795 4676  SymIRON - ok
21:36:35.0818 4676  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\Windows\system32\drivers\NISx64\1402000.013\SYMNETS.SYS
21:36:35.0820 4676  SymNetS - ok
21:36:35.0856 4676  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:36:35.0889 4676  SysMain - ok
21:36:35.0900 4676  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:36:35.0903 4676  TabletInputService - ok
21:36:35.0912 4676  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:36:35.0915 4676  TapiSrv - ok
21:36:35.0927 4676  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:36:35.0929 4676  TBS - ok
21:36:36.0013 4676  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:36:36.0047 4676  Tcpip - ok
21:36:36.0079 4676  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:36:36.0087 4676  TCPIP6 - ok
21:36:36.0125 4676  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:36:36.0126 4676  tcpipreg - ok
21:36:36.0148 4676  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:36:36.0149 4676  TDPIPE - ok
21:36:36.0170 4676  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:36:36.0172 4676  TDTCP - ok
21:36:36.0182 4676  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:36:36.0184 4676  tdx - ok
21:36:36.0221 4676  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:36:36.0222 4676  TermDD - ok
21:36:36.0236 4676  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:36:36.0243 4676  TermService - ok
21:36:36.0250 4676  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:36:36.0251 4676  Themes - ok
21:36:36.0271 4676  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:36:36.0272 4676  THREADORDER - ok
21:36:36.0348 4676  [ 6642C9F15CCC7859CAEEA159E711EB21 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
21:36:36.0349 4676  tmactmon - ok
21:36:36.0367 4676  [ 0BD205E00C93B8CF828301F43164AA51 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
21:36:36.0368 4676  tmcomm - ok
21:36:36.0401 4676  [ BB0746323D7DF2202293DFF1226F588E ] TMEBC           C:\Windows\system32\DRIVERS\TMEBC64.sys
21:36:36.0401 4676  TMEBC - ok
21:36:36.0414 4676  [ C27DAE25484C205F3CCF7260E1B045DD ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
21:36:36.0415 4676  tmevtmgr - ok
21:36:36.0431 4676  [ 48951FBFFFCAE52FADFCDFB76ED19749 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
21:36:36.0432 4676  tmtdi - ok
21:36:36.0458 4676  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:36:36.0460 4676  TrkWks - ok
21:36:36.0493 4676  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:36:36.0495 4676  TrustedInstaller - ok
21:36:36.0507 4676  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:36:36.0508 4676  tssecsrv - ok
21:36:36.0520 4676  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:36:36.0522 4676  TsUsbFlt - ok
21:36:36.0525 4676  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:36:36.0525 4676  TsUsbGD - ok
21:36:36.0571 4676  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:36:36.0573 4676  tunnel - ok
21:36:36.0581 4676  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:36:36.0583 4676  uagp35 - ok
21:36:36.0601 4676  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:36:36.0604 4676  udfs - ok
21:36:36.0612 4676  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:36:36.0614 4676  UI0Detect - ok
21:36:36.0647 4676  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:36:36.0648 4676  uliagpkx - ok
21:36:36.0669 4676  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:36:36.0670 4676  umbus - ok
21:36:36.0697 4676  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:36:36.0698 4676  UmPass - ok
21:36:36.0716 4676  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:36:36.0720 4676  upnphost - ok
21:36:36.0756 4676  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:36:36.0758 4676  USBAAPL64 - ok
21:36:36.0810 4676  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:36:36.0811 4676  usbaudio - ok
21:36:36.0864 4676  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:36:36.0866 4676  usbccgp - ok
21:36:36.0875 4676  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:36:36.0877 4676  usbcir - ok
21:36:36.0887 4676  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:36:36.0888 4676  usbehci - ok
21:36:36.0903 4676  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:36:36.0906 4676  usbhub - ok
21:36:36.0916 4676  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:36:36.0917 4676  usbohci - ok
21:36:36.0933 4676  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:36:36.0956 4676  usbprint - ok
21:36:36.0978 4676  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:36:36.0979 4676  USBSTOR - ok
21:36:36.0982 4676  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:36:36.0983 4676  usbuhci - ok
21:36:36.0994 4676  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:36:36.0996 4676  UxSms - ok
21:36:37.0007 4676  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:36:37.0008 4676  VaultSvc - ok
21:36:37.0014 4676  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:36:37.0015 4676  vdrvroot - ok
21:36:37.0034 4676  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:36:37.0040 4676  vds - ok
21:36:37.0053 4676  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:37.0054 4676  vga - ok
21:36:37.0062 4676  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:36:37.0063 4676  VgaSave - ok
21:36:37.0074 4676  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:36:37.0076 4676  vhdmp - ok
21:36:37.0111 4676  [ 627270F2103D41086BAB9675A3315DAB ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:36:37.0137 4676  VIAHdAudAddService - ok
21:36:37.0145 4676  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:36:37.0146 4676  viaide - ok
21:36:37.0154 4676  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:36:37.0155 4676  volmgr - ok
21:36:37.0170 4676  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:36:37.0173 4676  volmgrx - ok
21:36:37.0187 4676  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:36:37.0190 4676  volsnap - ok
21:36:37.0202 4676  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:36:37.0204 4676  vsmraid - ok
21:36:37.0354 4676  [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100    C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
21:36:37.0354 4676  VSPerfDrv100 - ok
21:36:37.0388 4676  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:36:37.0414 4676  VSS - ok
21:36:37.0423 4676  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:36:37.0424 4676  vwifibus - ok
21:36:37.0432 4676  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:36:37.0433 4676  vwififlt - ok
21:36:37.0472 4676  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:36:37.0473 4676  vwifimp - ok
21:36:37.0519 4676  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:36:37.0523 4676  W32Time - ok
21:36:37.0540 4676  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:36:37.0541 4676  WacomPen - ok
21:36:37.0578 4676  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:36:37.0579 4676  WANARP - ok
21:36:37.0582 4676  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:36:37.0583 4676  Wanarpv6 - ok
21:36:37.0644 4676  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:36:37.0661 4676  WatAdminSvc - ok
21:36:37.0692 4676  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:36:37.0717 4676  wbengine - ok
21:36:37.0730 4676  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:36:37.0734 4676  WbioSrvc - ok
21:36:37.0745 4676  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:36:37.0749 4676  wcncsvc - ok
21:36:37.0762 4676  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:36:37.0764 4676  WcsPlugInService - ok
21:36:37.0778 4676  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:36:37.0779 4676  Wd - ok
21:36:37.0793 4676  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
21:36:37.0794 4676  WDC_SAM - ok
21:36:37.0845 4676  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:36:37.0852 4676  Wdf01000 - ok
21:36:37.0864 4676  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:36:37.0865 4676  WdiServiceHost - ok
21:36:37.0868 4676  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:36:37.0869 4676  WdiSystemHost - ok
21:36:37.0934 4676  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:36:37.0937 4676  WebClient - ok
21:36:37.0949 4676  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:36:37.0952 4676  Wecsvc - ok
21:36:37.0964 4676  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:36:37.0965 4676  wercplsupport - ok
21:36:37.0972 4676  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:36:37.0973 4676  WerSvc - ok
21:36:37.0986 4676  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:37.0987 4676  WfpLwf - ok
21:36:37.0998 4676  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:36:37.0999 4676  WIMMount - ok
21:36:38.0046 4676  WinDefend - ok
21:36:38.0051 4676  WinHttpAutoProxySvc - ok
21:36:38.0091 4676  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:36:38.0092 4676  Winmgmt - ok
21:36:38.0131 4676  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:36:38.0165 4676  WinRM - ok
21:36:38.0226 4676  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:36:38.0227 4676  WinUsb - ok
21:36:38.0291 4676  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:36:38.0316 4676  Wlansvc - ok
21:36:38.0371 4676  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:36:38.0403 4676  WmiAcpi - ok
21:36:38.0453 4676  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:36:38.0456 4676  wmiApSrv - ok
21:36:38.0468 4676  WMPNetworkSvc - ok
21:36:38.0476 4676  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:36:38.0478 4676  WPCSvc - ok
21:36:38.0490 4676  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:36:38.0492 4676  WPDBusEnum - ok
21:36:38.0509 4676  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:36:38.0510 4676  ws2ifsl - ok
21:36:38.0548 4676  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:36:38.0549 4676  wscsvc - ok
21:36:38.0551 4676  WSearch - ok
21:36:38.0626 4676  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:36:38.0660 4676  wuauserv - ok
21:36:38.0676 4676  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:36:38.0678 4676  WudfPf - ok
21:36:38.0723 4676  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:38.0725 4676  WUDFRd - ok
21:36:38.0746 4676  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:36:38.0748 4676  wudfsvc - ok
21:36:38.0789 4676  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:36:38.0792 4676  WwanSvc - ok
21:36:38.0846 4676  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
21:36:38.0848 4676  xusb21 - ok
21:36:38.0900 4676  [ 522B95242E5F1A1F9D140EB872B925E5 ] zgdcat          C:\Windows\system32\DRIVERS\zgdcat.sys
21:36:38.0902 4676  zgdcat - ok
21:36:38.0946 4676  [ D7BFABCECF2024A9EF80536A9E61D6C1 ] zgdcdiag        C:\Windows\system32\DRIVERS\zgdcdiag.sys
21:36:38.0948 4676  zgdcdiag - ok
21:36:38.0971 4676  [ 5CAEE3B9847AE1C56418C70118BA97CC ] zgdcnet         C:\Windows\system32\DRIVERS\zgdcnet.sys
21:36:38.0974 4676  zgdcnet - ok
21:36:38.0980 4676  ================ Scan global ===============================
21:36:39.0001 4676  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:36:39.0049 4676  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:36:39.0055 4676  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:36:39.0073 4676  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:36:39.0113 4676  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:36:39.0115 4676  [Global] - ok
21:36:39.0115 4676  ================ Scan MBR ==================================
21:36:39.0136 4676  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:36:39.0287 4676  \Device\Harddisk0\DR0 - ok
21:36:39.0290 4676  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:36:39.0295 4676  \Device\Harddisk1\DR1 - ok
21:36:39.0298 4676  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
21:36:39.0302 4676  \Device\Harddisk2\DR2 - ok
21:36:39.0302 4676  ================ Scan VBR ==================================
21:36:39.0310 4676  [ D4D5EDD084E493B59DBAB14043B99A35 ] \Device\Harddisk0\DR0\Partition1
21:36:39.0312 4676  \Device\Harddisk0\DR0\Partition1 - ok
21:36:39.0323 4676  [ CA64EBCC09AF9ABC46D61CC43E5966CE ] \Device\Harddisk0\DR0\Partition2
21:36:39.0324 4676  \Device\Harddisk0\DR0\Partition2 - ok
21:36:39.0327 4676  [ 679468958EAF69D7BAF921957BB6C2FA ] \Device\Harddisk1\DR1\Partition1
21:36:39.0329 4676  \Device\Harddisk1\DR1\Partition1 - ok
21:36:39.0332 4676  [ EE3DC49BBC7BDFB67117D318E9B51AA1 ] \Device\Harddisk2\DR2\Partition1
21:36:39.0334 4676  \Device\Harddisk2\DR2\Partition1 - ok
21:36:39.0334 4676  ============================================================
21:36:39.0334 4676  Scan finished
21:36:39.0334 4676  ============================================================
21:36:39.0341 0800  Detected object count: 0
21:36:39.0341 0800  Actual detected object count: 0
21:36:50.0122 6040  Deinitialize success


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 10 June 2013 - 06:40 AM

oops, that was the wrong tutorial:

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 light190

light190
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 June 2013 - 06:43 AM

no problem, 

Farbar Service Scanner Version: 31-05-2013 01
Ran by Floyd (administrator) on 10-06-2013 at 21:42:54
Running from "C:\Users\Floyd\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 10 June 2013 - 06:48 AM

Fine - no more malware here. Let´s cross check:

 

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 light190

light190
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 June 2013 - 01:35 PM

that was a long one, looks like it found some stuff too,  

C:\Program Files\Sony\Vegas Pro 12.0\vegas.pro.12.-patch.exe a variant of Win32/HackTool.Patcher.AD application
C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\disable_activation.cmd BAT/HostsChanger.A application
C:\Program Files (x86)\Allegorithmic\Substance\Designer\3.x\Allegorithmic Substance Designer 3.5.1 Build 12119-Patch.exe a variant of Win32/HackTool.Patcher.U application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{3c916ff6-81f6-61f4-f39d-4a626e0430a7}\U\00000004.@.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{3c916ff6-81f6-61f4-f39d-4a626e0430a7}\U\000000cb.@.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{3c916ff6-81f6-61f4-f39d-4a626e0430a7}\U\80000000.@.vir Win64/Sirefef.AW trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{3c916ff6-81f6-61f4-f39d-4a626e0430a7}\U\80000032.@.vir a variant of Win32/Sirefef.FV trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{3c916ff6-81f6-61f4-f39d-4a626e0430a7}\U\80000064.@.vir a variant of Win64/Sirefef.AN trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan
C:\Users\Floyd\Desktop\Downloads\Format Factory v2.70 Full Version [Win 32 & 64 Bit] - {RedDragon]\Format Factory Setup2.70 .exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Floyd\Desktop\Downloads\Mark.of.the.Ninja.v1.0.multi6.cracked-THETA\Mark of the Ninja.exe Win32/HackTool.Crack.B application
C:\Users\Floyd\Desktop\Stuff\#Installs\DAEMONToolsPro510-0333.exe Win32/OpenCandy application
G:\Games\StepMania-3.9a.exe Win32/OpenCandy application


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 10 June 2013 - 02:31 PM

Unfortunately, you have evidence of cracke/illegal software on your computer so I have to close your topic right now.

 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users