1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't right click, copy or delete files and folders

Discussion in 'Virus & Other Malware Removal' started by duncan27, May 6, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. duncan27

    duncan27 Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    66
    I posted this in the Vista section when I found that I could not right click on items(files or folders) in my windows browser. When I would the browser would lock up and give me the program is not responding message until I ended it with task manager. Last night while typing a post I hit backspace and it returned the browser to the previous viewed page.

    Today I noticed that I not only could I not right click, but when I checked a file and hit delete it did the same thing. So I can't delete, copy and right click on files or folders.

    The last thing I noticed is that I can't open up a program from the recently used section over the "start" button on the bottom left. I have to actually click on a file or go to the All Programs folders.

    Here is what I posted in the Vista Section..... I can right click to copy and paste from Internet Explorer apparently.
    ==============================================


    I can't use right click without my computer locking up. If I click on a file I get a program not responding error and have to use Task Manager to shut it down. If I right click on start buttom or other places on the desktop, the computer just locks in "think mode".

    Ran Malwarebytes Anti Malware.. nothing.

    Ran CCleaner and it "fixed" what it found but nothing changed.

    Any thoughts on what I can do here?

    I was able to use right click to get this info. Nothing comes up for each field though??

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version:
    Processor:
    Processor Count:
    RAM:
    Graphics Card:
    Hard Drives:
    Motherboard:
    Antivirus: None

    I am running Vista Home Edition SP2
    AMD Phenom9650 Quad Core
    7.0 GB Ram
    NVidia GeForce 6150SE nForce

    and am using Norton Antivirus.


    I did run the logs requested by the malware and virus section in case these are needed.

    UPDATE 5/6/13
    Tried clicking on a file in my documents to delete it. Pressed delete button instead of right clicking and got same response. So I can't delete, copy and past, right click on files or folders???
     
  2. duncan27

    duncan27 Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    66
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:24:25 PM, on 5/5/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16476)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - MRI_DISABLED - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LELA] "C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [ASUSWebStorage] "C:\Program Files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSPanel.exe" /S
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-21-3349371586-458755354-968501604-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-21-3349371586-458755354-968501604-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
    O4 - S-1-5-21-3349371586-458755354-968501604-1000 Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
    O4 - S-1-5-21-3349371586-458755354-968501604-1000 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
    O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: VPDAgent (Agent) - Two Pilots - C:\Windows\VPDAgent_x64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
    O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
    O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Neat Startup Service - The Neat Company - C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
     
  3. duncan27

    duncan27 Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    66
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476
    Run by Owner at 22:32:03 on 2013-05-05
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    BHO: MRI_DISABLED - <orphaned>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
    mRun: [LELA] "C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [KBD] C:\HP\KBD\KbdStub.EXE
    mRun: [ASUSWebStorage] "C:\Program Files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSPanel.exe" /S
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    mRun: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\D ropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\O NENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0BE03D7F-278E-49C8-A831-DD7026C2350D} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{89B45646-B115-4E80-A7AE-F4F5BB64800F} : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
    x64-mPolicies-Explorer: NoDrives = dword:0
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - LocalServer32 - <no file>
    x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - LocalServer32 - <no file>
    x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
    x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
    x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== File Associations ===============
    .
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\MICROS~2\Office\FRONTPG.EXE
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-17 15:54:07 0 ----a-w- C:\Windows\SysWow64\WUDFHost.exe
    2013-04-17 15:54:07 0 ----a-w- C:\Windows\SysWow64\dwm.exe
    2013-04-17 15:54:06 0 ----a-w- C:\Windows\SysWow64\spoolsv.exe
    2013-04-17 15:54:06 0 ----a-w- C:\Windows\SysWow64\alg.exe
    2013-04-17 15:54:05 0 ----a-w- C:\Windows\SysWow64\SLsvc.exe
    2013-04-17 15:54:04 0 ----a-w- C:\Windows\SysWow64\smss.exe
    2013-04-17 15:54:04 0 ----a-w- C:\Windows\SysWow64\nvvsvc.exe
    2013-04-17 15:54:04 0 ----a-w- C:\Windows\SysWow64\lsass.exe
    2013-04-17 15:54:04 0 ----a-w- C:\Windows\SysWow64\csrss.exe
    2013-04-10 18:03:40 72702784 ----a-w- C:\Windows\System32\mrt.exe
    2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-11 13:33:42 4691304 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-03-09 04:16:35 85504 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-09 01:48:36 75264 ----a-w- C:\Windows\System32\smss.exe
    2013-03-08 04:18:52 451072 ----a-w- C:\Windows\System32\winsrv.dll
    2013-03-08 04:17:12 2425344 ----a-w- C:\Windows\System32\mstscax.dll
    2013-03-08 03:52:22 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-03-05 01:57:37 2774016 ----a-w- C:\Windows\System32\win32k.sys
    2013-03-03 19:13:14 1513320 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-02-22 06:57:13 17817088 ----a-w- C:\Windows\System32\mshtml.dll
    2013-02-22 06:29:21 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-22 06:21:13 1346560 ----a-w- C:\Windows\System32\urlmon.dll
    2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:18:42 237056 ----a-w- C:\Windows\System32\url.dll
    2013-02-22 06:17:23 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-22 06:15:22 816640 ----a-w- C:\Windows\System32\jscript.dll
    2013-02-22 06:14:22 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2013-02-22 06:13:40 2147840 ----a-w- C:\Windows\System32\iertutil.dll
    2013-02-22 06:13:02 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-22 06:09:21 248320 ----a-w- C:\Windows\System32\ieui.dll
    2013-02-22 04:05:50 12324352 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2013-02-22 03:47:17 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:39 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:36:35 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2013-02-22 03:35:31 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2013-02-22 03:34:18 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-22 03:33:11 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2013-02-22 03:32:05 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2013-02-22 03:31:55 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-22 03:28:48 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2013-02-12 02:18:19 19456 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    .
    ============= FINISH: 22:32:35.01 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    AAC Decoder
    Adobe Flash Player 11 ActiveX 64-bit
    Adobe Reader 8.1.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS WebStorage Sync
    AutoUpdate
    Bonjour
    BufferChm
    C4580
    C4580_Help
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner
    Clone Wars
    Compatibility Pack for the 2007 Office system
    CustomerResearchQFolder
    CutePDF Writer 2.7
    CyberLink DVD Suite Deluxe
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Codec
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DocProc
    DocProcQFolder
    Dropbox
    Enhanced Multimedia Keyboard Solution
    ESET Online Scanner v3
    eSupportQFolder
    Geomate.Jr Software Kit
    GIMP 2.6.11
    Google Update Helper
    GPBaseService
    H.264 Decoder
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Customer Participation Program 11.0
    HP Demo
    HP Imaging Device Functions 11.0
    HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Smart Web Printing
    HP Solution Center 11.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPTCSSetup
    IHA_MessageCenter
    iTunes
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    Korean Fonts Support For Adobe Reader 8
    LabelPrint
    Learning QuickBooks 2009
    LEGO Digital Designer
    LightScribe System Software 1.14.17.1
    LightScribeTemplateLabeler
    Linksys EasyLink Advisor
    Logitech QuickCam
    Logitech® Camera Driver
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft FrontPage 2000
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    MKV Splitter
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    muvee autoProducer 6.1
    MVisn64
    Neat
    Neat ADF Scanner 2008 Driver
    Neat ADF Scanner Driver
    Neat Core Files
    Neat Mobile Scanner (Silver) Driver
    Neat Mobile Scanner 2008 Driver
    Neat Mobile Scanner Driver
    Network64
    Norton Internet Security
    NVIDIA Drivers
    OCR Software by I.R.I.S. 11.0
    Panda ActiveScan 2.0
    PanoStandAlone
    PMB
    Power2Go
    PowerDirector
    PS_AIO_04_C4580_ProductContext
    PS_AIO_04_C4580_Software
    PS_AIO_04_C4580_Software_Min
    PSSWCORE
    Pure Networks Platform
    Python 2.5.2
    QuickBooks Pro 2009
    QuickTime
    Ralink Wireless LAN
    Realtek High Definition Audio Driver
    SAMSUNG USB Driver for Mobile Phones
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Send To Neat
    Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
    SmartWebPrinting
    SolutionCenter
    Status
    SUPERAntiSpyware
    SupportSoft Assisted Service
    Toolbox
    TrayApp
    Unity Web Player
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    VideoToolkit01
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Vz In Home Agent
    WebEx Support Manager for Internet Explorer
    WebReg
    Windows Installer Clean Up
    WinRAR archiver
    .
    ==== End Of File ===========================
     
  4. duncan27

    duncan27 Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    66
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-05-05 22:46:49
    Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\00000068 SAMSUNG_ rev.1AA0 596.17GB
    Running: zcb21991.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ufldypog.sys

    ---- User code sections - GMER 2.1 ----
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010020020c
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001f0930
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001f0bd6
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001f0d9a
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002002ee
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002003d0
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001f0a12
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100200048
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001f0f5e
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001f0cb8
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001f0e7c
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010020012a
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001f0af4
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100200594
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001001f0768
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001f0210
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001f012c
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001001f084c
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001f03d8
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001f0048
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001001f0684
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001f04bc
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001f02f4
    .text c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe[1064] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JA 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 00000001000c020c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001000b0930
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001000b0bd6
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001000b0d9a
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001000c02ee
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001000c03d0
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001000b0a12
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 00000001000c0048
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001000b0f5e
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001000b0cb8
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001000b0e7c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 00000001000c012a
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001000b0af4
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001000b0768
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001000b0210
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001000b012c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001000b084c
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001000b03d8
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001000b0048
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001000b0684
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001000b04bc
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001000b02f4
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes [63, 8A, EB, F9]
    .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1628] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001000c04b2
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010014020c
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 0000000100070930
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 0000000100070bd6
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 0000000100070d9a
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001001402ee
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001001403d0
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 0000000100070a12
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100140048
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 0000000100070f5e
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 0000000100070cb8
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 0000000100070e7c
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010014012a
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 0000000100070af4
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 0000000100070768
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 0000000100070210
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 000000010007012c
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 000000010007084c
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001000703d8
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 0000000100070048
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 0000000100070684
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001000704bc
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001000702f4
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes [5F, 8A, EB, F9]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1828] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001001404b2
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010030020c
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001002f0930
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001002f0bd6
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001002f0d9a
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001003002ee
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001003003d0
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001002f0a12
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100300048
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001002f0f5e
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001002f0cb8
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001002f0e7c
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010030012a
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001002f0af4
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001002f0768
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001002f0210
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001002f012c
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001002f084c
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001002f03d8
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001002f0048
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001002f0684
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001002f04bc
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001002f02f4
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes [87, 8A, EB, F9]
    .text c:\hp\HPEZBTN\HPBtnSrv.exe[1404] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001003004b2
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010022020c
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 0000000100210930
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 0000000100210bd6
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 0000000100210d9a
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002202ee
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002203d0
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 00000001001b004c
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 0000000100210a12
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100220048
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 0000000100210f5e
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 0000000100210cb8
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 0000000100210e7c
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010022012a
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 0000000100210af4
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 0000000100210768
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 0000000100210210
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 000000010021012c
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 000000010021084c
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001002103d8
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 0000000100210048
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 0000000100210684
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001002104bc
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001002102f4
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JNS 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2208] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100220594
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010020020c
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001a0930
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001a0bd6
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001a0d9a
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002002ee
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002003d0
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001a0a12
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100200048
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001a0f5e
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001a0cb8
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001a0e7c
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010020012a
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001a0af4
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001001a0768
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001a0210
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001a012c
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001001a084c
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001a03d8
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001a0048
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001001a0684
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001a04bc
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001a02f4
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JB 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2236] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100200758
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010019020c
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001000e0930
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001000e0bd6
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001000e0d9a
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001001902ee
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001001903d0
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001000e0a12
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100190048
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001000e0f5e
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001000e0cb8
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001000e0e7c
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010019012a
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001000e0af4
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001000e0768
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001000e0210
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001000e012c
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001000e084c
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001000e03d8
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001000e0048
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001000e0684
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001000e04bc
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001000e02f4
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes [66, 8A, EB, F9]
    .text C:\Windows\SysWOW64\java.exe[2356] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100190758
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010008020c
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 0000000100070930
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 0000000100070bd6
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 0000000100070d9a
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001000802ee
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001000803d0
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 0000000100070a12
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100080048
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 0000000100070f5e
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 0000000100070cb8
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 0000000100070e7c
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010008012a
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 0000000100070af4
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100080594
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 0000000100070768
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 0000000100070210
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 000000010007012c
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 000000010007084c
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001000703d8
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 0000000100070048
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 0000000100070684
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001000704bc
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001000702f4
    .text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes [5F, 8A, EB, F9]
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010020020c
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001f0930
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001f0bd6
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001f0d9a
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002002ee
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002003d0
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001f0a12
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100200048
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001f0f5e
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001f0cb8
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001f0e7c
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010020012a
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001f0af4
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2820] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100200594
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010021020c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001a0930
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001a0bd6
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001a0d9a
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002102ee
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002103d0
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001a0a12
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100210048
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001a0f5e
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001a0cb8
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001a0e7c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010021012a
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001a0af4
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001001a0768
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001a0210
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001a012c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001001a084c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001a03d8
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001a0048
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001001a0684
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001a04bc
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001a02f4
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JB 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[328] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100210758
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010020020c
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001f0930
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001f0bd6
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001f0d9a
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002002ee
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002003d0
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001f0a12
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100200048
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001f0f5e
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001f0cb8
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001f0e7c
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010020012a
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001f0af4
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001002004b2
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001001f0768
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001f0210
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001f012c
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001001f084c
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001f03d8
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001f0048
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001001f0684
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001f04bc
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001f02f4
    .text C:\hp\support\hpsysdrv.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JA 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010020020c
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001f0930
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001f0bd6
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001f0d9a
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002002ee
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002003d0
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001f0a12
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100200048
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001f0f5e
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001f0cb8
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001f0e7c
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010020012a
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001f0af4
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100200594
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001001f0768
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001f0210
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001f012c
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001001f084c
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001f03d8
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001f0048
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001001f0684
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001f04bc
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001f02f4
    .text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JA 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010030020c
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001002f0930
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001002f0bd6
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001002f0d9a
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001003002ee
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001003003d0
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001002f0a12
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100300048
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001002f0f5e
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001002f0cb8
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001002f0e7c
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010030012a
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001002f0af4
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001003004b2
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001002f0768
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001002f0210
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001002f012c
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001002f084c
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001002f03d8
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001002f0048
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001002f0684
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001002f04bc
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001002f02f4
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes [87, 8A, EB, F9]
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010020020c
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001f0930
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001f0bd6
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001f0d9a
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002002ee
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002003d0
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001f0a12
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100200048
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001f0f5e
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001f0cb8
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001f0e7c
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010020012a
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001f0af4
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100200594
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001001f0768
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001f0210
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001f012c
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001001f084c
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001f03d8
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001f0048
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001001f0684
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001f04bc
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001f02f4
    .text C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2472] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JA 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010020020c
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001a0930
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001a0bd6
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001a0d9a
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002002ee
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002003d0
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001a0a12
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100200048
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001a0f5e
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001a0cb8
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001a0e7c
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010020012a
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001a0af4
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001001a0768
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001a0210
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001a012c
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001001a084c
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001a03d8
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001a0048
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001001a0684
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001a04bc
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001a02f4
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JB 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe[4136] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100200758
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 00000001001d020c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 0000000100180930
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 0000000100180bd6
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 0000000100180d9a
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001001d02ee
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001001d03d0
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 0000000100180a12
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 00000001001d0048
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 0000000100180f5e
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 0000000100180cb8
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 0000000100180e7c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 00000001001d012a
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 0000000100180af4
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001001d04b2
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 0000000100180768
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 0000000100180210
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 000000010018012c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 000000010018084c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001803d8
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 0000000100180048
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 0000000100180684
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001804bc
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001802f4
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JO 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010008020c
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 0000000100070930
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 0000000100070bd6
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 0000000100070d9a
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001000802ee
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001000803d0
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 0000000100070a12
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100080048
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 0000000100070f5e
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 0000000100070cb8
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 0000000100070e7c
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010008012a
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 0000000100070af4
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100080594
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 0000000100070768
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 0000000100070210
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 000000010007012c
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 000000010007084c
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001000703d8
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 0000000100070048
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 0000000100070684
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001000704bc
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001000702f4
    .text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4336] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes [5F, 8A, EB, F9]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010025020c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 0000000100240930
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 0000000100240bd6
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 0000000100240d9a
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002502ee
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002503d0
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 0000000100240a12
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100250048
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 0000000100240f5e
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 0000000100240cb8
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 0000000100240e7c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010025012a
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 0000000100240af4
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001002504b2
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 0000000100240768
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 0000000100240210
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 000000010024012c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 000000010024084c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001002403d8
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 0000000100240048
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 0000000100240684
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001002404bc
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001002402f4
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5212] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JL 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010022020c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 0000000100210930
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 0000000100210bd6
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 0000000100210d9a
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002202ee
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002203d0
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 0000000100210a12
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100220048
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 0000000100210f5e
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 0000000100210cb8
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 0000000100210e7c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010022012a
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 0000000100210af4
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 0000000100210768
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 0000000100210210
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 000000010021012c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 000000010021084c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001002103d8
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 0000000100210048
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 0000000100210684
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001002104bc
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001002102f4
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JNS 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5288] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001002204b2
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010020020c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001f0930
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001f0bd6
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001f0d9a
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001002002ee
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001002003d0
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001f0a12
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100200048
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001f0f5e
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001f0cb8
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001f0e7c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010020012a
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001f0af4
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100200594
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001001f0768
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001f0210
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001f012c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001001f084c
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001f03d8
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001f0048
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001001f0684
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001001f04bc
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 2 bytes JMP 00000001001f02f4
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5500] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 190 0000000075a7729f 4 bytes {JA 0xffffffffffffff8c; JMP 0xfffffffffffffffd}
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075790827 5 bytes JMP 0000000164399ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000757a081c 5 bytes JMP 00000001644e90d9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000757a2483 5 bytes JMP 00000001644e913e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000757a4b7c 5 bytes JMP 00000001644e9060
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000757b9b0b 5 bytes JMP 00000001644e8fe7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000757c5fb7 5 bytes JMP 00000001642f1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000757c6397 5 bytes JMP 00000001644e91a3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000757dd3ad 5 bytes JMP 00000001644e8f83
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000757dd3d1 5 bytes JMP 00000001644e8f1f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076a370a6 5 bytes JMP 00000001644e9358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll !PropertySheetW 0000000074f0881c 5 bytes JMP 00000001644e9208
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll !PropertySheet 0000000074f08834 5 bytes JMP 00000001644e92b0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4656] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 000000007599ed29 5 bytes JMP 00000001644e9550
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 000000010006091c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 0000000100060048
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001000602ee
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001000604b2
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001000609fe
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 0000000100060ae0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010002004c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 000000010006012a
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 0000000100060758
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 0000000100060676
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001000603d0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 0000000100060594
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 000000010006083a
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 000000010006020c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 0000000100060ca4
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001000c04bc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 0000000100060f4e
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 0000000100060e6a
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001000c05a0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001000c012c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 0000000100060d86
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001000c03d8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 7 bytes JMP 00000001000c0210
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe[5720] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 7 bytes JMP 00000001000c0048
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077a94572 6 bytes JMP 000000016435980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077a9457d 6 bytes JMP 00000001643b8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076a78312 5 bytes JMP 00000001643575e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075787bb3 5 bytes JMP 00000001643b7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075788c38 5 bytes JMP 000000016433dda7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007578f2ca 5 bytes JMP 000000016433decd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007579010d 5 bytes JMP 00000001643ded00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757903d2 5 bytes JMP 00000001643925b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075790827 5 bytes JMP 0000000164399ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757917ea 5 bytes JMP 00000001643c03cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!SetKeyboardState 000000007579263b 5 bytes JMP 00000001644ea4c9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007579280d 5 bytes JMP 0000000164363643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000757978d1 5 bytes JMP 00000001644e9518
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007579805d 5 bytes JMP 00000001644e9c02
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!EndDialog 00000000757987af 5 bytes JMP 00000001644e9eae
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007579f8f3 5 bytes JMP 00000001644e94e0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000757a081c 5 bytes JMP 00000001644e90d9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000757a2483 5 bytes JMP 00000001644e913e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000757a4b7c 5 bytes JMP 00000001644e9060
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 00000000757a9b1b 5 bytes JMP 00000001644e9470
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000757a9c47 5 bytes JMP 00000001644e9bda
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000757abd5b 5 bytes JMP 00000001644e94a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000757b9b0b 5 bytes JMP 00000001644e8fe7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000757c2a58 5 bytes JMP 00000001644ea54a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000757c5fb7 5 bytes JMP 00000001642f1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000757c6397 5 bytes JMP 00000001644e91a3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000757dd3ad 5 bytes JMP 00000001644e8f83
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000757dd3d1 5 bytes JMP 00000001644e8f1f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757dd782 5 bytes JMP 00000001644ea42e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\USER32.dll!SendInput 00000000757e5af6 5 bytes JMP 00000001644ea471
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077071e80 5 bytes JMP 00000001644e990c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000769d3df0 5 bytes JMP 00000001644e9a82
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000769d3e40 5 bytes JMP 00000001644e9a04
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000769d462b 5 bytes JMP 00000001644e9976
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000769d74bc 5 bytes JMP 00000001644e9a22
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076a370a6 5 bytes JMP 00000001644e9358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll !PropertySheetW 0000000074f0881c 5 bytes JMP 00000001644e9208
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll !PropertySheet 0000000074f08834 5 bytes JMP 00000001644e92b0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000759730cf 5 bytes JMP 00000001644e95f4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000759734de 5 bytes JMP 00000001644e96c0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5904] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 000000007599ed29 5 bytes JMP 00000001644e9550
    .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5808] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076a71a9e 5 bytes JMP 00000001611650b8
    .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5808] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077071e80 5 bytes JMP 0000000161c2e11a
    .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5808] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000769d3df0 5 bytes JMP 000000016119c68a
    .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5808] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000769d3e40 5 bytes JMP 0000000161191b8f
    .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5808] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000769d462b 5 bytes JMP 000000016119fac2
    .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5808] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000769d74bc 5 bytes JMP 000000016119ff84
    .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[5808] C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1033\[email protected] + 112 000000006b701b80 4 bytes [18, E5, B2, 32]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077a94572 6 bytes JMP 000000016435980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077a9457d 6 bytes JMP 00000001643b8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076a78312 5 bytes JMP 00000001643575e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075787bb3 5 bytes JMP 00000001643b7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075788c38 5 bytes JMP 000000016433dda7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007578f2ca 5 bytes JMP 000000016433decd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007579010d 5 bytes JMP 00000001643ded00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757903d2 5 bytes JMP 00000001643925b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075790827 5 bytes JMP 0000000164399ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757917ea 5 bytes JMP 00000001643c03cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!SetKeyboardState 000000007579263b 5 bytes JMP 00000001644ea4c9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007579280d 5 bytes JMP 0000000164363643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000757978d1 5 bytes JMP 00000001644e9518
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007579805d 5 bytes JMP 00000001644e9c02
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!EndDialog 00000000757987af 5 bytes JMP 00000001644e9eae
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007579f8f3 5 bytes JMP 00000001644e94e0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000757a081c 5 bytes JMP 00000001644e90d9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000757a2483 5 bytes JMP 00000001644e913e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000757a4b7c 5 bytes JMP 00000001644e9060
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 00000000757a9b1b 5 bytes JMP 00000001644e9470
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000757a9c47 5 bytes JMP 00000001644e9bda
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000757abd5b 5 bytes JMP 00000001644e94a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000757b9b0b 5 bytes JMP 00000001644e8fe7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000757c2a58 5 bytes JMP 00000001644ea54a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000757c5fb7 5 bytes JMP 00000001642f1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000757c6397 5 bytes JMP 00000001644e91a3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000757dd3ad 5 bytes JMP 00000001644e8f83
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000757dd3d1 5 bytes JMP 00000001644e8f1f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757dd782 5 bytes JMP 00000001644ea42e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\USER32.dll!SendInput 00000000757e5af6 5 bytes JMP 00000001644ea471
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077071e80 5 bytes JMP 00000001644e990c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000769d3df0 5 bytes JMP 00000001644e9a82
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000769d3e40 5 bytes JMP 00000001644e9a04
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000769d462b 5 bytes JMP 00000001644e9976
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000769d74bc 5 bytes JMP 00000001644e9a22
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076a370a6 5 bytes JMP 00000001644e9358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll !PropertySheetW 0000000074f0881c 5 bytes JMP 00000001644e9208
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll !PropertySheet 0000000074f08834 5 bytes JMP 00000001644e92b0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000759730cf 5 bytes JMP 00000001644e95f4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000759734de 5 bytes JMP 00000001644e96c0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7760] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 000000007599ed29 5 bytes JMP 00000001644e9550
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a69758 5 bytes JMP 00000001001c091c
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a698a8 5 bytes JMP 00000001001c0048
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a69938 5 bytes JMP 00000001001c02ee
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a69a88 5 bytes JMP 00000001001c04b2
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a69ab8 5 bytes JMP 00000001001c09fe
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a69ae8 5 bytes JMP 00000001001c0ae0
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a69b00 5 bytes JMP 000000010003004c
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a6a208 5 bytes JMP 00000001001c012a
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a6a2e0 5 bytes JMP 00000001001c0758
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a6a2f8 5 bytes JMP 00000001001c0676
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a6a7d0 5 bytes JMP 00000001001c03d0
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a6b24c 5 bytes JMP 00000001001c0594
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a6b4d4 5 bytes JMP 00000001001c083a
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a6b624 5 bytes JMP 00000001001c020c
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!OpenSCManagerA + 293 0000000075a12eb8 7 bytes JMP 00000001003a02f4
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 170 0000000075a1834f 7 bytes JMP 00000001001c0d8a
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW + 255 0000000075a39fb3 7 bytes JMP 00000001001c0ca6
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!ControlService + 193 0000000075a3a079 7 bytes JMP 00000001003a03d8
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!I_ScGetCurrentGroupStateW + 143 0000000075a76629 7 bytes JMP 00000001001c0f52
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 270 0000000075a7673c 7 bytes JMP 00000001001c0bc2
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity + 251 0000000075a76dd4 7 bytes JMP 00000001003a0210
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 419 0000000075a76f7c 2 bytes JMP 00000001003a0048
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 422 0000000075a76f7f 4 bytes [92, 8A, EB, F9]
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W + 187 0000000075a7729c 7 bytes JMP 00000001001c0e6e
    .text C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G684SV2C\zcb21991.exe[8108] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 874 00000000757cab52 7 bytes JMP 00000001003a04bc
    ---- User IAT/EAT - GMER 2.1 ----
    IAT C:\Program Files\Windows Sidebar\sidebar.exe[2744] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtCreateFile] [2323940] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Program Files\Windows Sidebar\sidebar.exe[2744] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDeviceIoControlFile] [23232d0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Program Files\Windows Sidebar\sidebar.exe[2744] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtClose] [23234e0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Program Files\Windows Sidebar\sidebar.exe[2744] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDuplicateObject] [23233b0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3652] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtCreateFile] [3a3940] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3652] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDeviceIoControlFile] [3a32d0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3652] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtClose] [3a34e0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3652] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDuplicateObject] [3a33b0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Windows\system32\WerCon.exe[5804] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtCreateFile] [23a3940] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Windows\system32\WerCon.exe[5804] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDeviceIoControlFile] [23a32d0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Windows\system32\WerCon.exe[5804] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtClose] [23a34e0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Windows\system32\WerCon.exe[5804] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDuplicateObject] [23a33b0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Windows\Explorer.exe[840] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtCreateFile] [2b03940] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Windows\Explorer.exe[840] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDeviceIoControlFile] [2b032d0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Windows\Explorer.exe[840] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtClose] [2b034e0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    IAT C:\Windows\Explorer.exe[840] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDuplicateObject] [2b033b0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    ---- Disk sectors - GMER 2.1 ----
    Disk \Device\Harddisk0\DR0 unknown MBR code
    ---- EOF - GMER 2.1 ----
     
  5. duncan27

    duncan27 Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    66
    bump for the week
     
  6. duncan27

    duncan27 Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    66
    bump for the week
     
  7. duncan27

    duncan27 Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    66
    another bump hoping for help. thanks.. patiently waiting =)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1098009

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice