Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Oh, help, PLEASE!


(!)

RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
20-Jul-2013, 02:38 PM #1
Oh, help, PLEASE!
OK . I did everything in the "click here to read this first" , copied and pasted and all that, and when I tried to post it I got a blank white screen with "retry" as part of the url in the window so I'm guessing it didn't go. I didn't, however,m do the TSG SysInfo first. (Sorry). So here is that.
To summarize what I tried to explain in more detail in first attempt. I've got "about blank" and I've got Tuvaro and who knows what else. Whenever I click a link, I get a second window trying to open and a message saying that Firefox has blocked access to someplace I never tried to go.
Firefox frequently crashes.
Sometimes things just get really slow and I can't reposition my window and can't scroll (especially in Facebook).
While typing this my computer just went completely haywire ... blue and grey static - hubby said it looked like The Matrix going by.
Thanks in advance for any help! Please direct when I should attempt to send the logs.
Sharon
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 6004 Mb
Graphics Card: ATI Mobility Radeon HD 5470, 1024 Mb
Hard Drives: C: Total - 595377 MB, Free - 435446 MB;
Motherboard: Dell Inc., 0PJTXT
Antivirus: Norton Security Suite, Updated and Enabled
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
23-Jul-2013, 08:30 PM #2
Question Please help removing Tuvaro, About Blank, unknown others
I know that I have been infected with about.blank and Tuvaro, I don't know what else.

When going from one website to another, I frequently get a message saying that Firefox has blocked redirecting to another site. Often what shows in the taskbar is "lnksrv" with other letters or numbers after it. Firefox also freezes and/or refuses to scroll and crashes.

Words on websites/pages have double underlines. Hovering over shows a window with info from TUVARO.

I posted on Saturday and have had 92 views but it's been 4 full days with no replies.

The first time I tried to post, with my logs copied into the post, I got an error message but will try that again.

Thank you in advance for help! Here are logs as directed in "read this first"

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:29 PM, on 7/20/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Sharon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=APN10740&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^YY^US&p2=^ATQ^YYYY YY^YY^US&tpid=ASI2-V6&apn_dbr=ff_19.0&apn_uid=6927DF48-6665-4D7A-9CE8-A40337D8DE10&itbv=11.7.1.31&doi=2013-03-25
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SBF1F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Dropbox.lnk = Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Launch Utility Application.lnk = Sharon\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Secure Backup and Share Status.lnk = C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games...ploader_v6.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Secure Backup and Share - C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19044 bytes

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Sharon at 13:21:50 on 2013-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6005.3842 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?l=dis&o=APN10740&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^YY^US&p2=^ATQ^YYYY YY^YY^US&tpid=ASI2-V6&apn_dbr=ff_19.0&apn_uid=6927DF48-6665-4D7A-9CE8-A40337D8DE10&itbv=11.7.1.31&doi=2013-03-25
uDefault_Page_URL = g.msn.com/USCON/1
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ Dropbox.lnk - C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ LAUNCH~1.LNK - C:\Users\Sharon\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECURE~1.LNK - C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{D0DF0889-F229-4BA6-8B74-8C2511F3BE91} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{D0DF0889-F229-4BA6-8B74-8C2511F3BE91}\34F4D4 : DHCPNameServer = 10.10.107.2
TCP: Interfaces\{D0DF0889-F229-4BA6-8B74-8C2511F3BE91}\441646469737F5E4564777F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D0DF0889-F229-4BA6-8B74-8C2511F3BE91}\65562796A7F6E6024425F49444022514A5250284440253537333 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{D0DF0889-F229-4BA6-8B74-8C2511F3BE91}\C45616368602C49626271627970275962756C6563737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D0DF0889-F229-4BA6-8B74-8C2511F3BE91}\C696E6B6379737 : DHCPNameServer = 68.87.71.230 68.87.73.246
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\mwkpewb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Sharon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserpl us_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-28 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-16 1139800]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-1-21 49240]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;C:\Windows\Sy stem32\drivers\ComcastSecureBackupShare.sys [2012-9-5 66552]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSviA64.sys [2013-7-20 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-16 433752]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-2 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-2 202752]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2011-12-15 16104]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-9-8 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-9-8 128512]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-5-8 56872]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-2 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-2 2533400]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-12-2 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-12-2 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-12-2 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-2 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-25 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-2 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-2 151936]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-1-21 25784]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-12-2 74280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-2 245792]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-14 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-16 14:42:00 796760 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys
2013-07-16 14:42:00 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys
2013-07-16 14:42:00 433752 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys
2013-07-16 14:42:00 36952 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtspx64.sys
2013-07-16 14:42:00 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\symelam.sys
2013-07-16 14:42:00 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys
2013-07-16 14:42:00 169048 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys
2013-07-16 14:42:00 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys
2013-07-16 14:41:39 -------- d-----w- C:\Windows\System32\drivers\N360x64\1404000.028
2013-07-10 11:42:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 11:41:55 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 11:41:55 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-07 15:14:47 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-07 15:14:42 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-07 15:13:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-04 18:32:16 -------- d-----w- C:\Program Files (x86)\The Weather Channel
2013-07-02 22:28:57 -------- d-----w- C:\N360_BACKUP
2013-07-01 15:23:01 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-06-21 01:57:11 -------- d-----w- C:\Users\Sharon\AppData\Local\{83B4C1F4-2D23-46BB-815B-CD01FF1A76E6}
.
==================== Find3M ====================
.
2013-07-16 14:42:05 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-07 15:14:33 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-07 15:13:07 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-07 15:13:06 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-13 03:27:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 03:27:05 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-21 19:35:02 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 13:22:36.49 ===============

GMER arc
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-20 13:36:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964032 rev.0001 596.17GB
Running: rud5e75k.exe; Driver: C:\Users\Sharon\AppData\Local\Temp\uxdiqpob.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f3e00 7 bytes [00, A3, F3, FF, 01, AF, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000f3e08 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8995a9d1}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001002904bc
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010008091c
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100080048
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001000802ee
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001000804b2
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001000809fe
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100080ae0
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010008012a
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100080758
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100080676
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001000803d0
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100080594
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010008083a
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010008020c
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 000000010009059e
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100080f52
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100090210
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100090048
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8975a9d1}
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100080ca6
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001000903d8
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010009012c
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001000902f4
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100080e6e
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 00000001003c091c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 00000001003c0048
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001003c02ee
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001003c04b2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001003c09fe
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 00000001003c0ae0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010036004c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 00000001003c012a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 00000001003c0758
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 00000001003c0676
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001003c03d0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 00000001003c0594
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 00000001003c083a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 00000001003c020c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001003d059e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 00000001003c0f52
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 00000001003d0210
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 00000001003d0048
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff89a9a9d1}
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 00000001003c0ca6
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001003d03d8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 00000001003d012c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001003d02f4
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 00000001003c0e6e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010091091c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100910048
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001009102ee
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001009104b2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001009109fe
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100910ae0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 00000001007b004c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010091012a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100910758
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100910676
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001009103d0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100910594
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010091083a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010091020c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 000000010092059e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100910f52
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100920210
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100920048
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff89fea9d1}
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100910ca6
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001009203d8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010092012c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001009202f4
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100910e6e
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001002a059e
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8996a9d1}
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[3828] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8976a9d1}
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100090e6e
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe[4212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 00000001002a091c
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 00000001002a0048
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002a02ee
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002a04b2
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002a09fe
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 00000001002a0ae0
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 00000001002a012a
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 00000001002a0758
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 00000001002a0676
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002a03d0
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 00000001002a0594
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 00000001002a083a
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 00000001002a020c
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001002b059e
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 00000001002a0f52
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 00000001002b0210
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 00000001002b0048
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8997a9d1}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 00000001002a0ca6
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002b03d8
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 00000001002b012c
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002b02f4
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 00000001002a0e6e
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010021091c
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100210048
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002102ee
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002104b2
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002109fe
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100210ae0
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010021012a
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100210758
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100210676
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002103d0
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100210594
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010021083a
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010021020c
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 000000010022059e
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100210f52
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100220210
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100220048
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff898ea9d1}
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100210ca6
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002203d8
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010022012c
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002202f4
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100210e6e
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 00000001002a091c
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 00000001002a0048
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002a02ee
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002a04b2
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002a09fe
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 00000001002a0ae0
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 00000001002a012a
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 00000001002a0758
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 00000001002a0676
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002a03d0
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 00000001002a0594
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 00000001002a083a
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 00000001002a020c
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001002b059e
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 00000001002a0f52
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 00000001002b0210
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 00000001002b0048
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8997a9d1}
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 00000001002a0ca6
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002b03d8
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 00000001002b012c
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002b02f4
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 00000001002a0e6e
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010024091c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100240048
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002402ee
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002404b2
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002409fe
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100240ae0
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010024012a
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100240758
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100240676
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002403d0
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100240594
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010024083a
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010024020c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001002504bc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100240f52
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100250210
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100250048
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8991a9d1}
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100240ca6
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002503d8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010025012c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002502f4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100240e6e
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 00000001001a091c
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 00000001001a0048
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001001a02ee
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001001a04b2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001001a09fe
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 00000001001a0ae0
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 00000001001a012a
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 00000001001a0758
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 00000001001a0676
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001001a03d0
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 00000001001a0594
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 00000001001a083a
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 00000001001a020c
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001001b059e
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 00000001001a0f52
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 00000001001b0210
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 00000001001b0048
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8987a9d1}
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 00000001001a0ca6
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001001b03d8
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 00000001001b012c
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001001b02f4
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 00000001001a0e6e
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[5032] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000762c87b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010030091c
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100300048
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001003002ee
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001003004b2
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001003009fe
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100300ae0
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010030012a
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100300758
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100300676
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001003003d0
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100300594
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010030083a
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010030020c
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001003104bc
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100300f52
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100310210
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100310048
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff899da9d1}
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100300ca6
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001003103d8
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010031012c
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001003102f4
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100300e6e
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[972] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075f878e2 6 bytes [68, 80, 34, 92, 74, C3]
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[972] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075f87bd3 6 bytes [68, E0, 33, 92, 74, C3]
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[972] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075f905ba 6 bytes [68, D0, 35, 92, 74, C3]
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[972] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075f95f74 6 bytes [68, 20, 35, 92, 74, C3]
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[972] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075fa50ed 6 bytes [68, E0, 32, 92, 74, C3]
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[972] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075fac701 6 bytes [68, 60, 33, 92, 74, C3]
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8995a9d1}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001002904bc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010026091c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100260048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002602ee
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002604b2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002609fe
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100260ae0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010024004c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010026012a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100260758
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100260676
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002603d0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100260594
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010026083a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010026020c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100260f52
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100270210
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100270048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8993a9d1}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100260ca6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002703d8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010027012c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002702f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100260e6e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 000000010027059e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 00000001000e091c
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 00000001000e0048
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001000e02ee
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001000e04b2
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001000e09fe
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 00000001000e0ae0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 00000001000e012a
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 00000001000e0758
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 00000001000e0676
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001000e03d0
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 00000001000e0594
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 00000001000e083a
.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5872] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 00000001000e020c
.text C:\Windows\SysWOW64\NOTEPAD.EXE[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8976a9d1}
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100090e6e
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Windows\SysWOW64\NOTEPAD.EXE[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007703fc90 5 bytes JMP 000000010028091c
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007703fdf4 5 bytes JMP 0000000100280048
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007703fe88 5 bytes JMP 00000001002802ee
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007703ffe4 5 bytes JMP 00000001002804b2
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077040018 5 bytes JMP 00000001002809fe
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077040048 5 bytes JMP 0000000100280ae0
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077040064 5 bytes JMP 000000010002004c
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007704077c 5 bytes JMP 000000010028012a
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007704086c 5 bytes JMP 0000000100280758
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077040884 5 bytes JMP 0000000100280676
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077040dd4 5 bytes JMP 00000001002803d0
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077041900 5 bytes JMP 0000000100280594
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077041bc4 5 bytes JMP 000000010028083a
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077041d50 5 bytes JMP 000000010028020c
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007693524f 7 bytes JMP 0000000100280f52
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769353d0 7 bytes JMP 0000000100290210
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076935677 1 byte JMP 0000000100290048
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076935679 5 bytes {JMP 0xffffffff8995a9d1}
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007693589a 7 bytes JMP 0000000100280ca6
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076935a1d 7 bytes JMP 00000001002903d8
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076935c9b 7 bytes JMP 000000010029012c
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076935d87 7 bytes JMP 00000001002902f4
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076937240 7 bytes JMP 0000000100280e6e
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075fd1492 7 bytes JMP 00000001002904bc
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c91465 2 bytes [C9, 74]
.text C:\Users\Sharon\Desktop\rud5e75k.exe[7356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c914bb 2 bytes [C9, 74]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\ntdll.dll [1988:1992] 0000000000f71c24
Thread C:\Windows\SysWOW64\ntdll.dll [1988:5688] 000000005997e54e
Thread C:\Windows\SysWOW64\ntdll.dll [1988:6636] 000000005761319b
Thread C:\Windows\SysWOW64\ntdll.dll [1988:6948] 0000000057aceec8
Thread C:\Windows\SysWOW64\ntdll.dll [1988:6960] 0000000057aceec8
Thread C:\Windows\SysWOW64\ntdll.dll [1988:6964] 0000000057aceec8
Thread C:\Windows\SysWOW64\ntdll.dll [1988:3064] 000000006f051854
Thread C:\Windows\SysWOW64\ntdll.dll [1988:2060] 0000000056357019

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38b9c48f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38b9c48f (not active ControlSet)

---- EOF - GMER 2.1 ----
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
23-Jul-2013, 08:38 PM #3
Not solved, but overlooked for 4 days so I have started a new one with more info.. I would remove/delete this one but can't figure out how.
valis's Avatar
Moderator with 63,275 posts.
 
Join Date: Sep 2004
Location: as above
23-Jul-2013, 08:44 PM #4
actually, just type 'bump' in the quick reply as I am doing here.......that will move it to the top...it's best to do that every 2 days, as malware experts are in short supply, but malware certainly is not......

thanks,

v
valis's Avatar
Moderator with 63,275 posts.
 
Join Date: Sep 2004
Location: as above
23-Jul-2013, 08:51 PM #5
I've let the admins know, hopefully someone will be by shortly.......


thanks,

v
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Jul-2013, 03:09 AM #6
I can't find any other posts by you about this issue

first step, lets see what this finds that we can clean up

Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
29-Jul-2013, 12:38 PM #7
When I click to download, Firefox wants to block it and if I allow it, it's one of those things that wants to make ASK my default search engine and install the Ask toolbar. I know I can deselect that, but how do I know that this program that you recommend isn't going to cause MORE problems?
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
29-Jul-2013, 12:39 PM #8
thank you, valis
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
01-Aug-2013, 03:42 PM #9
BUMP
Is that recommended program safe to download? It wants to make changes to my computer and add ASK toolbar and such (which I can opt to not allow). I will download if you confirm that it won't cause its own issues?
Thanks
Sharon
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
01-Aug-2013, 03:48 PM #10
adwcleaner never wants to install ask toolbar or any other toolbar. It removes all the toolbars not adds them
are you sure you sure downloading the right program

I think you are hitting a misleading google advert on the page rather than the proper download link

you want one of the blue download links that I have circled in a red pen in the attached screenshot
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
05-Aug-2013, 10:12 AM #11
Thanks - will try again!
Sharon
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
05-Aug-2013, 10:18 AM #12
OK - here it is.

# AdwCleaner v2.306 - Logfile created 08/05/2013 at 10:15:01
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sharon - SHARON-PC
# Boot Mode : Normal
# Running from : C:\Users\Sharon\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\mwkpewb9.default\s earchplugins\ask-search.xml
Folder Found : C:\Program Files (x86)\xfin_portal
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Sharon\AppData\LocalLow\xfin_portal
Folder Found : C:\Users\Sharon\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xfin_p ortal
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.search.ask.com/?l=dis&o=APN10740&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^YY^US&p2=^ATQ^YYYY YY^YY^US&tpid=ASI2-V6&apn_dbr=ff_19.0&apn_uid=6927DF48-6665-4D7A-9CE8-A40337D8DE10&itbv=11.7.1.31&doi=2013-03-25

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\mwkpewb9.default\p refs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6549 octets] - [05/08/2013 10:15:01]

########## EOF - C:\AdwCleaner[R1].txt - [6609 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Aug-2013, 11:06 AM #13
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

tell us what problems you are still having
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
05-Aug-2013, 12:41 PM #14
Here is the new log.

# AdwCleaner v2.306 - Logfile created 08/05/2013 at 12:33:25
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sharon - SHARON-PC
# Boot Mode : Normal
# Running from : C:\Users\Sharon\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\mwkpewb9.default\s earchplugins\ask-search.xml
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Sharon\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Sharon\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xfin_p ortal
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.search.ask.com/?l=dis&o=APN10740&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^YY^US&p2=^ATQ^YYYY YY^YY^US&tpid=ASI2-V6&apn_dbr=ff_19.0&apn_uid=6927DF48-6665-4D7A-9CE8-A40337D8DE10&itbv=11.7.1.31&doi=2013-03-25 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\mwkpewb9.default\p refs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6666 octets] - [05/08/2013 10:15:01]
AdwCleaner[S1].txt - [6766 octets] - [05/08/2013 12:33:25]

########## EOF - C:\AdwCleaner[S1].txt - [6826 octets] ##########
RapunzlA51's Avatar
RapunzlA51 RapunzlA51 is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Dec 2003
05-Aug-2013, 12:49 PM #15
Solved?
I must say at this point that I see no double underlined words and so far my computer has not tried to redirect to a "lnksrv" page/window. Not sure if we're ALL good yet, but I'm hopeful and know you'll tell me if you see anything else there. Thank you so much!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
about blank, firefox crashes, tuvaro, what else

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑