1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ad.xtendmedia and other annoyances

Discussion in 'Virus & Other Malware Removal' started by ridingghost, Feb 6, 2013.

Thread Status:
Not open for further replies.
  1. ridingghost

    ridingghost Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    11
    Hello..I am getting popups from ad.xtendmedia in the lower left hand of the screen, redirects, chitka popups on the right that come right back after I turn them off, and another popup resembling a facebook messe that will have either text from something I searched for or random bits of text from the page I am on..Help, please? :)..
    NOTE: When I ran hijack this, it told me there was an issue with the hosts file and to rename it, but the computer told me that I could not edit the file since I didnt have admin access (Im the only one using the computer..) Thanks in advance for help,
    Roger


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:05:37 PM, on 2/6/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files (x86)\birthday countdown\birthday countdown.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Users\Home\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 50.31.74.129 www.google-analytics.com.
    O1 - Hosts: 50.31.74.129 ad-emea.doubleclick.net.
    O1 - Hosts: 50.31.74.129 www.statcounter.com.
    O1 - Hosts: 217.23.13.202 www.google-analytics.com.
    O1 - Hosts: 217.23.13.202 ad-emea.doubleclick.net.
    O1 - Hosts: 217.23.13.202 www.statcounter.com.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
    O4 - Startup: Birthday Countdown.lnk = C:\Program Files (x86)\Birthday Countdown\Birthday Countdown.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.16\AMVConverter\grab.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11694 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by Home at 22:06:57 on 2013-02-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8105.4804 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files (x86)\birthday countdown\birthday countdown.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Dell Support Center\pcdrcui.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\Dell Support Center\pcdrrealtime.p5x
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BIRTHD~1.LNK - C:\Program Files (x86)\Birthday Countdown\Birthday Countdown.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.16\AMVConverter\grab.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 208.104.244.45 208.104.2.36 208.104.2.85 192.168.1.1
    TCP: Interfaces\{4D540941-C7E2-48D1-AF26-F4D35A2760BA} : DHCPNameServer = 208.104.244.45 208.104.2.36 208.104.2.85 192.168.1.1
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 50.31.74.129 www.google-analytics.com.
    Hosts: 50.31.74.129 ad-emea.doubleclick.net.
    Hosts: 50.31.74.129 www.statcounter.com.
    Hosts: 217.23.13.202 www.google-analytics.com.
    Hosts: 217.23.13.202 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\fitz2xrr.default-1357058957048\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Home\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
    FF - plugin: C:\Users\Home\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
    FF - plugin: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-01-01 12:35; [email protected]; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\fitz2xrr.default-1357058957048\extensions\[email protected]
    FF - ExtSQL: 2013-01-13 20:25; {34712C68-7391-4c47-94F3-8F88D49AD632}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: !HIDDEN! 2012-06-08 11:53; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-18 55856]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-18 1692480]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-18 317440]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-18 539240]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-14 1255736]
    S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-02-06 22:34:17 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E30B42C8-0A5E-45C7-8342-A76C30E137C9}\mpengine.dll
    2013-02-05 22:34:45 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-31 04:03:11 -------- d-----w- C:\Program Files\iPod
    2013-01-31 04:03:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-31 04:03:10 -------- d-----w- C:\Program Files\iTunes
    2013-01-31 04:03:10 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-01-23 18:24:46 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-16 15:46:21 -------- d-----w- C:\Users\Home\AppData\Roaming\com.toysrus.countdown
    2013-01-16 15:46:19 -------- d-----w- C:\Program Files (x86)\Birthday Countdown
    2013-01-14 01:25:56 -------- d-----w- C:\Users\Home\AppData\Roaming\RealNetworks
    2013-01-14 01:25:32 -------- d-----w- C:\Program Files (x86)\RealNetworks
    2013-01-14 01:25:25 -------- d-----w- C:\ProgramData\RealNetworks
    2013-01-14 01:25:03 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2013-01-14 01:24:40 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-01-14 01:24:40 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-01-09 21:45:42 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    .
    ==================== Find3M ====================
    .
    2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-23 18:24:35 859552 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-01-23 18:24:35 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 22:07:18.38 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 2/12/2012 6:05:07 PM
    System Uptime: 2/1/2013 5:22:33 PM (125 hours ago)
    .
    Motherboard: Dell Inc. | | 0GDG8Y
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 291.807 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 465.645 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is FIXED (FAT32) - 931 GiB total, 117.656 GiB free.
    J: is Removable
    Y: is FIXED (NTFS) - 15 GiB total, 5.824 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C6300 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C6300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Multi-Card
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
    Manufacturer: Generic-
    Name: KODAK
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP178: 1/23/2013 1:24:20 PM - Installed Java 7 Update 11
    RP179: 1/25/2013 1:45:12 PM - Windows Update
    RP180: 1/29/2013 1:44:13 PM - Windows Update
    RP181: 2/2/2013 5:34:34 PM - Windows Update
    RP182: 2/6/2013 5:33:59 PM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 50.31.74.129 www.google-analytics.com.
    Hosts: 50.31.74.129 ad-emea.doubleclick.net.
    Hosts: 50.31.74.129 www.statcounter.com.
    Hosts: 217.23.13.202 www.google-analytics.com.
    Hosts: 217.23.13.202 ad-emea.doubleclick.net.
    Hosts: 217.23.13.202 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    Awesome Duplicate Photo Finder v. 1.0.1
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blio
    Bonjour
    Bounce Symphony
    BufferChm
    Build-a-lot 2
    C6300
    Cake Mania
    Chuzzle Deluxe
    Coby Media Manager
    ComicRack v0.9.154
    Conexant HD Audio
    Cozi
    D3DX10
    DC Universe Online Live
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Home Systems Service Agreement
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell Stage Remote
    Dell Support Center
    Dell VideoStage
    Destinations
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    DirectX 9 Runtime
    DocProc
    Dora's World Adventure
    eBay
    Escape Whisper Valley (TM)
    Farm Frenzy
    FATE
    FedEx Desktop
    ffdshow [rev 2527] [2008-12-19]
    Final Drive Fury
    Final Drive Nitro
    FLAC To MP3 V4.0.4
    Free WMA to MP3 Converter 1.16
    Geoffrey's Birthday Countdown
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    GPBaseService2
    Haali Media Splitter
    High-Definition Video Playback
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    Intel(R) Processor Graphics
    Internet TV for Windows Media Center
    iTunes
    Java 7 Update 11
    Java Auto Updater
    Jewel Quest
    Jewel Quest Solitaire 2
    Junk Mail filter update
    jZip
    K-Lite Codec Pack 7.0.0 (Standard)
    Luxor
    Malwarebytes Anti-Malware version 1.70.0.1100
    MarketResearch
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MP3 Player Utilities 4.16
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Little Pony Party Parade (remove only)
    Namco All-Stars PAC-MAN
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    Network64
    OCR Software by I.R.I.S. 13.0
    Penguins!
    Personal Ancestral File 5
    PhotoShowExpress
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Polaroid Dust and Scratch Removal v1.0.0.15.2e
    Princess_Snapshots
    PS_AIO_04_C6300_Software_Min
    RBVirtualFolder64Inst
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Revo Uninstaller 1.94
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Roxio File Backup
    Samantha Swift
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype™ 5.10
    SmartWebPrinting
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    Spybot - Search & Destroy
    Status
    SyncUP
    Toolbox
    TrayApp
    TrustedID
    Uninstall Dual Mode Camera (27290)
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2010 x64 Redistributables
    WebReg
    Wedding Dash - Ready, Aim, Love!
    WildTangent Games
    WildTangent Games App (Dell Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/3/2013 4:04:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    2/3/2013 2:39:44 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR48.
    2/3/2013 2:37:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/3/2013 2:36:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    2/3/2013 2:02:02 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    2/1/2013 5:38:58 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
    2/1/2013 5:25:33 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
    2/1/2013 5:23:12 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805357.
    2/1/2013 5:23:10 PM, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
    .
    ==== End Of File ===========================


    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-06 22:16:04
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3500413AS rev.JC49 465.76GB
    Running: qy4gfy65.exe; Driver: C:\Users\Home\AppData\Local\Temp\pxldipow.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000749f1401 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000749f1419 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000749f1431 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000749f144a 2 bytes [9F, 74]
    .text ... * 9
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000749f14dd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000749f14f5 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000749f150d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000749f1525 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000749f153d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000749f1555 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000749f156d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000749f1585 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000749f159d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000749f15b5 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000749f15cd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000749f16b2 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000749f16bd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000749f1401 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000749f1419 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000749f1431 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000749f144a 2 bytes [9F, 74]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000749f14dd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000749f14f5 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000749f150d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000749f1525 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000749f153d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000749f1555 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000749f156d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000749f1585 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000749f159d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000749f15b5 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000749f15cd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000749f16b2 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000749f16bd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000749f1401 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000749f1419 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000749f1431 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000749f144a 2 bytes [9F, 74]
    .text ... * 9
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000749f14dd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000749f14f5 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000749f150d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000749f1525 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000749f153d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000749f1555 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000749f156d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000749f1585 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000749f159d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000749f15b5 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000749f15cd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000749f16b2 2 bytes [9F, 74]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000749f16bd 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000749f1401 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000749f1419 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000749f1431 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000749f144a 2 bytes [9F, 74]
    .text ... * 9
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000749f14dd 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000749f14f5 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000749f150d 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000749f1525 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000749f153d 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000749f1555 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000749f156d 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000749f1585 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000749f159d 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000749f15b5 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000749f15cd 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000749f16b2 2 bytes [9F, 74]
    .text c:\program files (x86)\birthday countdown\birthday countdown.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000749f16bd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000749f1401 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000749f1419 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000749f1431 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000749f144a 2 bytes [9F, 74]
    .text ... * 9
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000749f14dd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000749f14f5 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000749f150d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000749f1525 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000749f153d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000749f1555 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000749f156d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000749f1585 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000749f159d 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000749f15b5 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000749f15cd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000749f16b2 2 bytes [9F, 74]
    .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000749f16bd 2 bytes [9F, 74]
    .text C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe[19168] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000751e87b1 5 bytes [33, C0, C2, 04, 00]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000749f1401 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000749f1419 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000749f1431 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000749f144a 2 bytes [9F, 74]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000749f14dd 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000749f14f5 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000749f150d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000749f1525 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000749f153d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000749f1555 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000749f156d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000749f1585 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000749f159d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000749f15b5 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000749f15cd 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000749f16b2 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[20524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000749f16bd 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000771df991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 00000000771df99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000771dfa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 00000000771dfa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000771dfb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 00000000771dfb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000771dfbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 00000000771dfbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000771dfc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 00000000771dfc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000771dfc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 00000000771dfc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000771dfc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 00000000771dfc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000771dfc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 00000000771dfc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000771dfce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 00000000771dfcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000771dfcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 00000000771dfd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000771dfd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 00000000771dfd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 00000000771dfdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 00000000771dfdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000771dfe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 00000000771dfe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 00000000771dff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 00000000771dff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771e0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000771e00a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 00000000771e0781 8 bytes {MOV EDX, 0x90268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 00000000771e078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 00000000771e0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 00000000771e1007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 00000000771e105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 00000000771e1067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771e10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000771e10af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000771e111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000771e1127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000771e1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000771e132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000751e103d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000751e1072 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000074ba119f 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000074ba11cf 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000074b04de0 5 bytes JMP 00000001001603b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000074b04f70 5 bytes JMP 00000001001605f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000074b051a2 5 bytes JMP 00000001001608f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000074b0522d 5 bytes JMP 0000000100160a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000074b05689 5 bytes JMP 00000001001601b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000074b058b3 5 bytes JMP 0000000100160170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000074b06bad 5 bytes JMP 0000000100160370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000074b06e05 5 bytes JMP 0000000100160570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000074b06ead 5 bytes JMP 0000000100160530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000074b07180 5 bytes JMP 00000001001606b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000074b07435 5 bytes JMP 0000000100160770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000074b07bcc 5 bytes JMP 00000001001600b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000074b07dc4 5 bytes JMP 00000001001603f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000074b07fd5 5 bytes JMP 0000000100160d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000074b082b2 5 bytes JMP 0000000100160e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000074b08401 5 bytes JMP 00000001001609f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000074b0879f 5 bytes JMP 00000001001602f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000074b08916 5 bytes JMP 00000001001605b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000074b08b7a 5 bytes JMP 0000000100160970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000074b08ee6 5 bytes JMP 0000000100160470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000074b09875 5 bytes JMP 0000000100160c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000074b09936 5 bytes JMP 0000000100160d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000074b0a53a 5 bytes JMP 00000001001609b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000074b0af9f 5 bytes JMP 0000000100160330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!LineTo 0000000074b0b9e5 5 bytes JMP 0000000100160430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000074b0bd55 5 bytes JMP 0000000100160db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000074b0c040 5 bytes JMP 0000000100160130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000074b0c107 5 bytes JMP 0000000100160670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000074b0c269 5 bytes JMP 00000001001606f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000074b0d1f1 5 bytes JMP 0000000100160df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000074b0d349 5 bytes JMP 0000000100160630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000074b0dce4 5 bytes JMP 0000000100160930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000074b0e743 5 bytes JMP 00000001001600f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000074b103b7 5 bytes JMP 00000001001602b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!Escape 0000000074b11bda 5 bytes JMP 0000000100160270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000074b11e89 5 bytes JMP 0000000100160cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000074b14843 5 bytes JMP 0000000100160b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000074b15690 5 bytes JMP 0000000100160b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!EndPage 0000000074b16bde 5 bytes JMP 0000000100160230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000074b1e2db 5 bytes JMP 0000000100160ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000074b2940d 5 bytes JMP 0000000100160cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 0000000074b2c621 5 bytes JMP 0000000100160bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000074b2d2b2 5 bytes JMP 0000000100160bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 0000000074b2d919 5 bytes JMP 0000000100160c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000074b33adc 5 bytes JMP 0000000100160030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000074b33f29 5 bytes JMP 00000001001601f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!StartPage 0000000074b3401a 5 bytes JMP 0000000100160730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000074b34c51 5 bytes JMP 00000001001607f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000074b353fd 5 bytes JMP 0000000100160830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000074b35454 5 bytes JMP 0000000100160af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000074b354af 5 bytes JMP 0000000100160070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!EndPath 0000000074b35506 5 bytes JMP 0000000100160a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!StrokePath 0000000074b3573f 5 bytes JMP 00000001001607b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!FillPath 0000000074b357d2 5 bytes JMP 0000000100160870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000074b35c44 5 bytes JMP 00000001001604f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000074b35cd5 5 bytes JMP 00000001001604b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000074b35d87 5 bytes JMP 00000001001608b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000755b8c40 5 bytes JMP 0000000100170570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000755b9ebd 5 bytes JMP 00000001001702b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000755c0afa 5 bytes JMP 00000001001702f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000755c0c62 7 bytes JMP 00000001001705b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetParent 00000000755c0f68 7 bytes JMP 00000001001706f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000755c112d 7 bytes JMP 00000001001706b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755c12a5 5 bytes JMP 00000001001705f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000755c227d 7 bytes JMP 0000000100170670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000755c3150 7 bytes JMP 0000000100170630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!SetCursor 00000000755c41f6 5 bytes JMP 0000000100170530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000755c68ef 5 bytes JMP 0000000100170270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000755c77fa 5 bytes JMP 0000000100170230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000755c7887 7 bytes JMP 0000000100170730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000755c8676 5 bytes JMP 00000001001700f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000755c8696 5 bytes JMP 0000000100170330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000755c8e8d 5 bytes JMP 00000001001700b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000755c8ecb 5 bytes JMP 0000000100170070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000755cc17b 5 bytes JMP 0000000100170430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000755cc449 5 bytes JMP 00000001001701b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000755cc468 5 bytes JMP 00000001001703f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000755cc486 5 bytes JMP 00000001001701f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000755cc4b6 5 bytes JMP 00000001001704b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000755cd6c0 5 bytes JMP 00000001001704f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000755ce360 5 bytes JMP 0000000100170370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000755f8e57 5 bytes JMP 0000000100170170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000755f9cfd 5 bytes JMP 0000000100170770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000755f9f1d 5 bytes JMP 0000000100170030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075617cb9 5 bytes JMP 0000000100170130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075618111 5 bytes JMP 0000000100170470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007561832f 5 bytes JMP 00000001001703b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000748b9606 5 bytes JMP 00000001001800f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000748c0581 3 bytes JMP 0000000100180130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle + 4 00000000748c0585 1 byte [8B]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000748c0bb9 3 bytes JMP 0000000100180270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext + 4 00000000748c0bbd 1 byte [8B]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000748c0c2e 3 bytes JMP 00000001001801b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken + 4 00000000748c0c32 1 byte [8B]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000748c0f2e 3 bytes JMP 0000000100180070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA + 4 00000000748c0f32 1 byte [8B]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000748c1096 3 bytes JMP 00000001001800b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA + 4 00000000748c109a 1 byte [8B]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000748c124e 3 bytes JMP 00000001001801f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!EncryptMessage + 4 00000000748c1252 1 byte [8B]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000748c129d 3 bytes JMP 0000000100180230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!DecryptMessage + 4 00000000748c12a1 1 byte [8B]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000748c1527 3 bytes JMP 0000000100180030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA + 4 00000000748c152b 1 byte {JMP 0xffffffffffffff8d}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000748c1590 3 bytes JMP 0000000100180170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA + 4 00000000748c1594 1 byte {JMP 0xffffffffffffff8d}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000074c40045 5 bytes JMP 0000000100190030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000074c436b2 5 bytes JMP 0000000100190070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000074c6fdcd 5 bytes JMP 00000001001900b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000749f1401 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000749f1419 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000749f1431 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000749f144a 2 bytes [9F, 74]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000749f14dd 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000749f14f5 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000749f150d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000749f1525 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000749f153d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000749f1555 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000749f156d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000749f1585 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000749f159d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000749f15b5 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000749f15cd 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000749f16b2 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[15332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000749f16bd 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000749f1401 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000749f1419 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000749f1431 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000749f144a 2 bytes [9F, 74]
    .text ... * 9
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000749f14dd 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000749f14f5 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000749f150d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000749f1525 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000749f153d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000749f1555 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000749f156d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000749f1585 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000749f159d 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000749f15b5 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000749f15cd 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000749f16b2 2 bytes [9F, 74]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[10524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000749f16bd 2 bytes [9F, 74]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef82f2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef82f2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef82f7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef82f8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef82f1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef82f1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef82f81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef82f2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef82f7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef82f6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef82f77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef82f7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef82f6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2064] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef82f5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

    ---- EOF - GMER 2.0 ----
     
  2. ridingghost

    ridingghost Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    11
    Sorry. Duplicate post. Please Delete.
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,296
    Closing duplicate.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088517

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice