Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

LiveSearchNow Hijacker Removal

(In Progress)
(!)

Dokoni's Avatar
Dokoni Dokoni is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
21-Jan-2013, 03:20 AM #1
LiveSearchNow Hijacker Removal
Please help me remove this Livesearchnow.com virus. T_T Spybot, GooredFix and antivirus scan didn't work.

1. HighjackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:27 AM, on 21/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\jennifer\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\jennifer\Downloads\SavemyComputer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=100581
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/solidyoutube/{0AC7AD17-6B08-4F56-B940-63F69EF2A86E}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbhelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Solid YouTube Downloader and Converter DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\jennifer\AppData\Local\Temp\Dxp.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKCU\..\Run: [EPSON WorkForce 630 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_S2F78.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2206683441-4128516360-3638181318-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2206683441-4128516360-3638181318-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Facebook Messenger.lnk = C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe
O4 - Global Startup: FILSHtray.lnk = C:\Program Files (x86)\FILSHtray\FILSHtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18829 bytes

2. DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.10.2
Run by jennifer at 1:28:20 on 2013-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3839.1334 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGBA.EXE
C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Users\jennifer\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=100581
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{0AC7AD17-6B08-4F56-B940-63F69EF2A86E}
uURLSearchHooks: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbhelper.dll
mWinlogon: Userinit = userinit.exe
BHO: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Solid YouTube Downloader and Converter DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll
TB: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [JP595IR86O] C:\Users\jennifer\AppData\Local\Temp\Dxp.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
uRun: [EPSON WorkForce 630 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_S2F78.tmp" /EF "HKCU"
uRun: [Akamai NetSession Interface] "C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\jennifer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\Dropbox.lnk - C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\jennifer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\FACEBO~1.LNK - C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FILSHT~1.LNK - C:\Program Files (x86)\FILSHtray\FILSHtray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 64.71.255.198
TCP: Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC} : DHCPNameServer = 64.71.255.198
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://acer.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\r8n8vqg9.default \
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=100581
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPl ugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100581
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - 3c11370f00000000000000262d4f2404
FF - user.js: extensions.BabylonToolbar_i.hardId - 3c11370f00000000000000262d4f2404
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15336
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:19:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
============= SERVICES / DRIVERS ===============
.
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefrag Driver.sys [2011-1-21 17720]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-22 353168]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-11-28 793600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-7-7 821592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-8-22 103472]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-12-21 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-12-21 528760]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-26 243232]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-25 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-12-21 13312]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-20 1255736]
.
=============== Created Last 30 ================
.
2013-01-21 05:48:00 -------- d-s---w- C:\Users\jennifer\Google Drive
2013-01-21 03:23:42 -------- d-----w- C:\Users\jennifer\AppData\Local\{9635598F-0BD4-46E4-A886-0E31BA0B2608}
2013-01-20 15:23:21 -------- d-----w- C:\Users\jennifer\AppData\Local\{A851AF06-1690-47D0-880E-D525D1239520}
2013-01-20 10:10:53 -------- d-----w- C:\Users\jennifer\AppData\Roaming\AVG2013
2013-01-20 10:09:59 -------- d-----w- C:\Users\jennifer\AppData\Roaming\TuneUp Software
2013-01-20 10:07:39 -------- d--h--w- C:\$AVG
2013-01-20 10:07:39 -------- d-----w- C:\ProgramData\AVG2013
2013-01-20 10:07:24 -------- d-----w- C:\Program Files (x86)\AVG
2013-01-20 10:05:22 -------- d--h--w- C:\ProgramData\Common Files
2013-01-20 10:05:22 -------- d-----w- C:\Users\jennifer\AppData\Local\MFAData
2013-01-20 10:05:22 -------- d-----w- C:\Users\jennifer\AppData\Local\Avg2013
2013-01-20 10:05:22 -------- d-----w- C:\ProgramData\MFAData
2013-01-20 03:22:56 -------- d-----w- C:\Users\jennifer\AppData\Local\{A4CB1163-4779-42AB-94FA-002750A537E3}
2013-01-19 13:30:39 -------- d-----w- C:\Users\jennifer\AppData\Local\{46862A73-7F50-4C34-A229-DF444B0633AD}
2013-01-19 02:45:49 131072 --sha-r- C:\Windows\SysWow64\mmcbasew.dll
2013-01-19 01:43:21 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FFD48468-19EF-48BC-A183-7EDBB723255D}\mpengine.dll
2013-01-19 01:30:29 -------- d-----w- C:\Users\jennifer\AppData\Local\{EC9EA501-E93C-4D25-8537-5D6C88DA0D16}
2013-01-18 12:23:52 -------- d-----w- C:\Users\jennifer\AppData\Local\{960BB81E-352E-43FA-99E8-505A448AB05B}
2013-01-18 00:23:30 -------- d-----w- C:\Users\jennifer\AppData\Local\{074A36D8-0B06-4F8F-9141-AA45C5FC9A50}
2013-01-17 12:23:20 -------- d-----w- C:\Users\jennifer\AppData\Local\{A6356196-359C-413C-8E7F-BF306154700C}
2013-01-17 00:17:15 -------- d-----w- C:\Users\jennifer\AppData\Local\{32C3CA14-3DE0-4239-8764-EBF4D67B4913}
2013-01-16 10:10:32 -------- d-----w- C:\Users\jennifer\AppData\Local\{933D2918-1B2B-4584-A878-34C1B318446F}
2013-01-15 22:10:19 -------- d-----w- C:\Users\jennifer\AppData\Local\{94DA138B-0C71-4F73-AE21-F6F5B3C770E4}
2013-01-15 08:46:22 -------- d-----w- C:\Users\jennifer\AppData\Local\{6AF800A4-CCD1-4F7D-AC05-8EEC67A262DF}
2013-01-14 20:46:00 -------- d-----w- C:\Users\jennifer\AppData\Local\{E23F8B8F-1AC0-4BCC-89F7-92DBC1540ABE}
2013-01-14 08:45:25 -------- d-----w- C:\Users\jennifer\AppData\Local\{73F9B55E-6885-4E8B-8D24-CF83680F0098}
2013-01-13 20:45:13 -------- d-----w- C:\Users\jennifer\AppData\Local\{3ED26B78-D7BE-4B33-847F-0EAA71B7F0C4}
2013-01-13 04:20:05 -------- d-----w- C:\Users\jennifer\AppData\Local\{8E7FB457-088F-420C-80EA-443D8E41E1CA}
2013-01-12 16:19:54 -------- d-----w- C:\Users\jennifer\AppData\Local\{A0D891F8-9147-4537-8422-CFA78EF49994}
2013-01-11 21:21:48 -------- d-----w- C:\Users\jennifer\AppData\Local\{660DECFB-CD54-41BC-8F48-CB921488F8B6}
2013-01-11 06:11:05 -------- d-----w- C:\Users\jennifer\AppData\Local\Apple Computer
2013-01-11 06:07:07 -------- d-----w- C:\Users\jennifer\AppData\Local\Apple
2013-01-11 06:06:16 -------- d-----w- C:\Users\jennifer\AppData\Local\{1D64DB8D-174A-4E0C-A496-B368FC0E1462}
2013-01-11 03:01:52 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-01-10 18:06:05 -------- d-----w- C:\Users\jennifer\AppData\Local\{8A65571F-1B6E-414F-9A12-9451D7116AA8}
2013-01-10 18:02:19 -------- d-sh--w- C:\found.002
2013-01-10 01:19:05 -------- d-----w- C:\Users\jennifer\AppData\Local\{83AF7034-2FD0-414C-832F-F8F04E780F4C}
2013-01-09 13:18:43 -------- d-----w- C:\Users\jennifer\AppData\Local\{AC09B0FB-9F23-4969-9622-FA1C62972395}
2013-01-09 01:42:16 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 01:42:16 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 01:42:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 01:42:02 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 01:42:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 01:42:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 01:42:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 01:42:00 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 01:40:31 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 01:40:29 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 01:18:31 -------- d-----w- C:\Users\jennifer\AppData\Local\{FC90FC8B-9CF1-410F-9C46-EB6FB59B840B}
2013-01-08 11:01:08 -------- d-----w- C:\Users\jennifer\AppData\Local\{38091742-50FA-437C-B998-EF54368D54F2}
2013-01-07 23:00:57 -------- d-----w- C:\Users\jennifer\AppData\Local\{CBC6ABB2-F696-4585-A7A9-FE90E42E4AF0}
2013-01-07 08:07:38 -------- d-----w- C:\Users\jennifer\AppData\Local\{ED8006B3-16F8-4AD3-9B6D-D059BFCC227A}
2013-01-06 20:07:16 -------- d-----w- C:\Users\jennifer\AppData\Local\{DE10451D-D419-48AC-9A22-0105FB94DB88}
2013-01-06 08:06:54 -------- d-----w- C:\Users\jennifer\AppData\Local\{B538D525-A07A-45B1-82A0-1F4A0298E385}
2013-01-05 20:06:32 -------- d-----w- C:\Users\jennifer\AppData\Local\{CD6A0129-F2CC-4F93-AB19-7FD5D98A9C29}
2013-01-05 08:06:09 -------- d-----w- C:\Users\jennifer\AppData\Local\{E5777075-D68C-4134-BB4C-71A45DB14387}
2013-01-04 20:05:58 -------- d-----w- C:\Users\jennifer\AppData\Local\{578FDF67-BF6C-4F9A-83FA-0373A7AFA657}
2013-01-04 03:22:10 -------- d-----w- C:\Users\jennifer\AppData\Local\{B49BB081-B0CF-45EB-A64B-01242D0A6CB9}
2013-01-03 15:21:59 -------- d-----w- C:\Users\jennifer\AppData\Local\{7397B21E-E552-43DF-8A39-EABEA8BFC2FC}
2013-01-03 02:58:41 -------- d-----w- C:\Users\jennifer\AppData\Local\{675CED9F-B8F0-4DF6-A418-069A0BD2B6FF}
2013-01-02 14:58:06 -------- d-----w- C:\Users\jennifer\AppData\Local\{C9334A27-1D71-4144-8FF5-8608A1C6DB4E}
2013-01-02 02:57:44 -------- d-----w- C:\Users\jennifer\AppData\Local\{5BE4F006-71D0-4118-A425-5B864AAD661B}
2013-01-01 14:57:33 -------- d-----w- C:\Users\jennifer\AppData\Local\{4320B049-E7CC-4C78-ACF9-B65C6E74D2FC}
2013-01-01 01:03:18 -------- d-----w- C:\Users\jennifer\AppData\Local\{BA29DD98-760B-4176-9708-77D6AC675E33}
2012-12-31 13:03:07 -------- d-----w- C:\Users\jennifer\AppData\Local\{CD461BA6-D96B-41AF-B3A4-BCF5889B8864}
2012-12-30 16:40:49 -------- d-----w- C:\Users\jennifer\AppData\Local\{C5698774-52EC-4143-9832-27A60E93ADB1}
2012-12-30 04:40:34 -------- d-----w- C:\Users\jennifer\AppData\Local\{B594A0C8-1FFA-4EA7-BFED-1D7BF51EC007}
2012-12-29 15:15:41 -------- d-----w- C:\Users\jennifer\AppData\Local\{CB149706-632D-4CFA-8C51-64A0538CD393}
2012-12-29 03:15:19 -------- d-----w- C:\Users\jennifer\AppData\Local\{3681B97E-3F8C-4944-BEEB-A7C55D5B7AF6}
2012-12-28 15:15:08 -------- d-----w- C:\Users\jennifer\AppData\Local\{1488D0EF-49D5-4D02-8A0A-A0B4DA4AEDF1}
2012-12-28 15:11:49 -------- d-----w- C:\Users\jennifer\AppData\Local\{EF366975-11C9-48ED-9443-C940DEDEEE61}
2012-12-28 15:08:26 -------- d-----w- C:\Users\jennifer\AppData\Local\{118D74A8-B765-43D4-BEEF-3B82443C76A6}
2012-12-27 20:31:46 -------- d-----w- C:\Users\jennifer\AppData\Local\{BA6DFB9E-8BCD-4DC8-89C7-A6D01500CDC4}
2012-12-27 08:17:09 -------- d-----w- C:\Users\jennifer\AppData\Local\{6998DFD4-77F2-4910-B870-72B13BFFC755}
2012-12-26 20:16:47 -------- d-----w- C:\Users\jennifer\AppData\Local\{B90BCB1B-C2B1-4CBA-AA20-6A2AB07B00B9}
2012-12-26 08:16:24 -------- d-----w- C:\Users\jennifer\AppData\Local\{48B30C69-F0EC-4B12-9B6A-120981591FAB}
2012-12-25 20:16:02 -------- d-----w- C:\Users\jennifer\AppData\Local\{29A4CF81-0F71-4314-92BD-72DD384F6B06}
2012-12-25 08:15:51 -------- d-----w- C:\Users\jennifer\AppData\Local\{84EEAE94-3CCD-45D0-A96F-6DF8C34BFC53}
2012-12-24 15:58:19 -------- d-----w- C:\Users\jennifer\AppData\Local\{EBB6EF5D-994C-4E09-BEA8-B42DA8F7BA2A}
2012-12-24 03:58:08 -------- d-----w- C:\Users\jennifer\AppData\Local\{8AEA70F3-0ECC-40CF-83DA-B5E578D721B3}
2012-12-23 12:51:39 -------- d-----w- C:\Users\jennifer\AppData\Local\{09E49B87-D0D2-4793-9F42-CCB10E689F5A}
2012-12-23 00:51:29 -------- d-----w- C:\Users\jennifer\AppData\Local\{9BB3DBFA-83D8-4C8F-8CAC-BC36C8A7972C}
2012-12-22 08:42:04 -------- d-----w- C:\Users\jennifer\AppData\Local\{CCCEF9F7-0F45-4D2D-A6D9-8745EDE8331B}
.
==================== Find3M ====================
.
2013-01-09 01:37:51 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:37:51 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-21 08:57:50 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-21 08:57:50 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-21 08:57:50 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-18 08:48:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-11-18 08:48:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2006-05-03 17:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 18:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 20:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 05:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 1:30:03.22 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/01/2011 4:42:38 PM
System Uptime: 20/01/2013 3:11:01 PM (10 hours ago)
.
Motherboard: Acer | | Aspire X3400
Processor: AMD Athlon(tm) II X3 445 Processor | CPU 1 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 794.603 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&47E29E2&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&47E29E2&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP267: 11/01/2013 1:07:46 AM - Installed QuickTime
RP268: 11/01/2013 3:00:16 AM - Windows Update
RP269: 15/01/2013 5:21:26 PM - Windows Update
RP270: 18/01/2013 8:41:52 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
18 Wheels of Steel - American Long Haul
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader XI (11.0.01)
Adobe Setup
Adobe Shockwave Player 11.6
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced SystemCare 4
Advertising Center
Agatha Christie - Death on the Nile
AHV content for Acrobat and Flash
Akamai NetSession Interface
Akamai NetSession Interface Service
Any Video Converter Professional 3.3.2
Apple Application Support
Apple Software Update
AVG 2013
Babylon
Bamboo
Bamboo Dock
Bejeweled 2 Deluxe
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Blackhawk Striker 2
Build-a-lot 2
Chuzzle Deluxe
CutePDF Writer 2.8
D3DX10
Diner Dash 2 Restaurant Rescue
DivX Setup
Dora's Carnival Adventure
DragonNest
Dream Video Converter Ultimate 4.3.8
Dropbox
eBay Worldwide
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
Facebook Messenger 2.1.4651.0
FATE
FILSHtray
FireArc Arcade
Google Chrome
Google Drive
Google Update Helper
HandBrake 0.9.5
Hotkey Utility
Identity Card
ImagXpress
IObit Malware Fighter
IObit Toolbar v6.6
IZArc 4.1.2
Java 7 Update 10
Java Auto Updater
Java(TM) 6 Update 29
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
MapleStory
McAfee SiteAdvisor
MediaShow Espresso
Messenger Companion
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MKV Converter Studio V2.0.2
Mozilla Firefox 18.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Nexon Game Manager
Norton Online Backup
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
PaintTool SAI Ver.1
Pando Media Booster
PDF Settings
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shredder
Skype Toolbars
Skype™ 6.0
Smart Defrag 2
Solid YouTube Downloader and Converter DB Toolbar
Spybot - Search & Destroy
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Pro 11.0
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.5
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinX Video Converter 4.5.11
Wondershare Photo Recovery (build 3.0.3)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
21/01/2013 12:11:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
20/01/2013 4:55:58 AM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18/01/2013 8:30:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
18/01/2013 8:30:16 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
16/01/2013 7:59:00 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================


3. GMER

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-21 03:13:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD10 rev.80.0 931.51GB
Running: t423tk5j.exe; Driver: C:\Users\jennifer\AppData\Local\Temp\awddrkog.sys


---- User code sections - GMER 2.0 ----

.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
? C:\Windows\system32\mssprxy.dll [4680] entry point in ".rdata" section 000000006f6a71e6
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe [2244:3508] 0000000071171854
Thread C:\Windows\system32\svchost.exe [2432:4272] 000007feeb385f1c
Thread C:\Windows\system32\svchost.exe [2432:4664] 000007feeb2e8470
Thread C:\Windows\system32\svchost.exe [2432:1572] 000007feeb2f2418
Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2952:1832] 000007fefa592a7c
Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2952:3344] 000007fefa776204
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4884:2688] 000007fefa592a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4884:1716] 000007fef5bc5124
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:5548] 0000000077072e25
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2612] 00000000764ad864
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2740] 0000000077073e45
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:3088] 0000000077073e45
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:3224] 0000000065978f48
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:1212] 00000000764ad864
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:4988] 00000000725c345e
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:3840] 00000000718162ee
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:4900] 00000000658b0c8d
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:768] 0000000077073e45
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2672] 0000000064a98408
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2720] 0000000076aa97be
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:4788] 0000000077073e45
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2824] 0000000072aa32fb
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:4864] 0000000076aae44f
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:3676] 0000000077073e45
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:6972] 0000000077073e45
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:5432] 00000000764ad864
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:5484] 0000000077073e45
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe [2244] 0000000072300000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2432] 000007fef9c10000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2912] 000007fefb100000
Library ? (*** suspicious ***) @ C:\Windows\System32\WUDFHost.exe [3916] 000007fef8640000
Library ? (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2952] 000007fefc4a0000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4884] 000007fefc060000

---- EOF - GMER 2.0 ----
Dokoni's Avatar
Dokoni Dokoni is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
21-Jan-2013, 04:38 PM #2
Sorry I'm posting again so soon but I didn't describe the problem in enough detail. When I click on a google link in firefox, sometimes livesearch now redirects me to a random page that is blank. And on Chrome some links I clicked on google didn't load.
Dokoni's Avatar
Dokoni Dokoni is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
24-Jan-2013, 07:33 PM #3
bump
askey127's Avatar
Malware Removal Specialist with 1,868 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
27-Jan-2013, 08:23 AM #4
Hi Dokoni,
Quite a bit to do here in the beginning.
Please do each task in the sequence given. Just take one at a time.
Please Don't perform any scans, install, or delete anything unless I ask, until we are finished cleaning.
-------------------------------------------------------------------
Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
Temporarily Disable Spybot's TeaTimer Protection
Start Spybot Search & Destroy
In the top menu, click Mode
Check Advanced Mode if it is not already checked. OK the selection if necessary.
In the bottom of the left pane, click on Tools
From the new left pane list, click on Resident
Uncheck the box in the middle labeled Resident "TeaTimer"(Protection of overall system settings) active.
From the top menu, click on File, Exit.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop, and make sure you can find it, but don't run it yet.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Advanced SystemCare 4
AVG 2013
Babylon
IObit Malware Fighter
IObit Toolbar v6.6
Java 7 Update 10
Java Auto Updater
Java(TM) 6 Update 29
Pando Media Booster
Smart Defrag 2
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49

Please do all these Uninstalls, and DO NOT surf the Internet in between.
Rebooting in between removals is OK if necessary.
You may get antivirus warnings from Windows. Just ignore. We will fix that.
Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer on your desktop.
Let it install, update itself, run a scan and delete anything it finds.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
Dokoni's Avatar
Dokoni Dokoni is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
28-Jan-2013, 03:50 PM #5
It won't scan with OTL. It freezes at scanning firefox settings. And the only thing I had open was sticky notes which I can't close.
Also I stopped getting redirected these past couple of days for some reason.. But my internet is a bit slow. I believe livesearchnow is still on my computer though.
askey127's Avatar
Malware Removal Specialist with 1,868 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
28-Jan-2013, 04:34 PM #6
Dokoni,
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download as zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or an infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Quote:
    DISABLE MICROSOFT SECURITY ESSENTIALS
    Right click the green MS Security Essentials "town hall" icon in the lower right System tray, and click "Open".
    Click the "Settings" tab and in the left pane, then Click "Real Time Protection"
    In The Main Window UNCHECK the box for "Turn on real time protection(Recommended)"
    Then click "Save Changes".
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • It will run through about 50 tasks, and take a while to assemble the report.
    When finished, the report will open. Post the log in your next reply, and then Reenable the real time protection in the Microsoft Security Essentials software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

So we are looking for the logs from CKScanner and Combofix.
askey127
Dokoni's Avatar
Dokoni Dokoni is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
29-Jan-2013, 07:28 PM #7
Do I google search another download link for ComboFix? The one you gave me doesn't work.

CKSCanner log:

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.CRAPTC
----- EOF -----
askey127's Avatar
Malware Removal Specialist with 1,868 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
30-Jan-2013, 07:03 AM #8
Dokoni,
OK. That Combofix site is not working for me either.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are different versions with different names. If one of them won't run ,then download and try to run one of the other ones.
After the download, Vista and Win7 users will need to right click the icon and choose Run as Administrator. XP Users can just double-click.
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools. Either ignore the warnings or shutdown your antivirus.
Please download Rkill from one of the following links (note the different names) and save to your Desktop:
iExplore.exe
Rkill.exe
eXplorer.exe
RKill.com
RKill.scr
Rkill.pif
uSeRiNiT.exe
  • Double-click on the iExplore, Rkill, eXplorer, or uSeRiNiT desktop icon to run the tool.(If using Vista or Windows 7 right-click on it and choose Run As Administrator).
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. You can go to the next step below
  • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
-------------------------------------------------------------
AdwCleaner Download
Please download AdwCleaner from HERE and save it to your desktop or somewhere you can find it.
-------------------------------------------------------------
AdwCleaner Scan
  • Close all open programs and internet browsers.
  • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
  • Click on the Search button.
  • When the results log pops up, please copy and paste the contents in your reply.
The log file is saved in the C: drive main directory with this filepath: C:\AdwCleaner[R1].txt. (x in the filename represents the run number)
When you close/exit adwCleaner, if you get a message about not performing any Deletions, that's OK. We need to evaluate the scan log first.

So we are looking for the logs from RogueKiller and adwCleaner.
askey127

Last edited by askey127; 30-Jan-2013 at 07:17 AM..
Dokoni's Avatar
Dokoni Dokoni is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
31-Jan-2013, 08:42 PM #9
Rogue Killer log:

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : jennifer [Admin rights]
Mode : Scan -- Date : 01/31/2013 20:34:43
| ARK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] FacebookMessenger.exe -- C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : JP595IR86O (C:\Users\jennifer\AppData\Local\Temp\Dxp.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2206683441-4128516360-3638181318-1000[...]\Run : JP595IR86O (C:\Users\jennifer\AppData\Local\Temp\Dxp.exe) -> FOUND
[TASK][SUSP PATH] {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job : C:\Users\jennifer\AppData\Local\Temp\Dxr.exe -> FOUND
[TASK][SUSP PATH] {62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job : C:\Windows\Dbejua.exe -> FOUND
[TASK][SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\Users\jennifer\AppData\Local\Temp\Dxp.exe -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
[STARTUP][SUSP PATH] Facebook Messenger.lnk @jennifer : C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMesse nger.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 EARS-22Y5B1 SCSI Disk Device +++++
--- User ---
[MBR] 6878e0928dc890a1839f29b93865b899
[BSP] 9ecc7c73e0c59a98c85ff7b4d12c2dd1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 36866048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37070848 | Size: 935767 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01312013_02d2034.txt >>
RKreport[1]_S_01312013_02d2034.txt


adwCleaner log:

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 20:38:08
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : jennifer - JENNIFER-PC
# Boot Mode : Normal
# Running from : C:\Users\jennifer\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Users\jennifer\AppData\Local\Temp\BabylonToolbar
Folder Found : C:\Users\jennifer\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\jennifer\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Found : HKCU\Software\Somoto Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\SMTTB2009
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfig ojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKU\S-1-5-21-2206683441-4128516360-3638181318-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2206683441-4128516360-3638181318-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/home?AF=100581
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/home?AF=100581&babsrc=NT_def
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/solidyoutube/{0AC7AD17-6B08-4F56-B940-63F69EF2A86E}

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\r8n8vqg9.default \prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/home?AF=100581");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100581");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "3c11370f00000000000000262d4f2404");
Found : user_pref("extensions.BabylonToolbar_i.id", "3c11370f00000000000000262d4f2404");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15336");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100581&babsrc=NT_d[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:19:12");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"7\": {\"id\": \"7\",\"title[...]
Found : user_pref("extensions.ntk.recentClosedPers", "hxxp://www.babylon.com/redirects/redir.cgi?type=postun[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\jennifer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11064 octets] - [31/01/2013 20:38:08]

########## EOF - C:\AdwCleaner[R1].txt - [11125 octets] ##########
askey127's Avatar
Malware Removal Specialist with 1,868 posts.
 
Join Date: Dec 2006
Location: New Hampshire USA
Experience: Teacher at MRU
01-Feb-2013, 09:31 AM #10
Dokoni,
Combofix was off the air for a while. Should be OK now.
-------------------------------------------------------------
AdwCleaner Removals
  • Close all open programs and internet browsers.
  • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
  • This time, click on the Delete button.
  • Click OK to the prompts.
  • Your computer will be rebooted automatically. A log will open after the restart.
  • Post the contents of the log in your next reply.
You can also find the log in the main directory of the C: drive as C:\AdwCleaner[S1].txt
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download as zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or an infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Quote:
    DISABLE MICROSOFT SECURITY ESSENTIALS
    Right click the green MS Security Essentials "town hall" icon in the lower right System tray, and click "Open".
    Click the "Settings" tab and in the left pane, then Click "Real Time Protection"
    In The Main Window UNCHECK the box for "Turn on real time protection(Recommended)"
    Then click "Save Changes".
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • It will run through about 50 tasks, and take a while to assemble the report.
    When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2