1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Easy Life App

Discussion in 'Virus & Other Malware Removal' started by Tracy100, Feb 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Tracy100

    Tracy100 Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    11
    Hi...before I start, I am really sorry if I am posting this in the wrong place. I know there are other topics under this heading but it won't let me reply to them so therefore I am confused as to where to post this.

    Ok so like others I have this easy life app on my laptop. I use both firefox and chrome.

    Syptoms include: easy life app becoming my default search tool, random links showing up on my pages, home page becoming easy life app etc.
    I was able to change my firefox address bar back to google search and my chrome is back to normal after changing the setting but theose easy life files are still on my computer and I need to get it fixed. I would really appreciate your help.

    I did the scans which this forum told me to do (hijack this, dds.text, GMER) I will copy and paste them below. I hope you can help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:42:14, on 21/02/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17197)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\Tracy\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe
    C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Tracy\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: Browse2save - {6D10CE1F-A14A-7463-F326-8F0C6A8BEA5F} - C:\ProgramData\Browse2save\5120eb1406e49.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~2\Flash2X\FLASHP~1\FLASHP~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Tracy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [googletalk] C:\Users\Tracy\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe" "/Trigger RunAtLogon"
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - Startup: Yammer.lnk = C:\Program Files (x86)\Yammer\Yammer.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E1FE7A1-61FD-4354-B79A-6AA7618467F7}: NameServer = 62.40.32.33 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6EC42EA-8168-4075-8C55-F89EE9940DA0}: NameServer = 62.40.32.33 8.8.8.8
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll
    O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
    O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing)

    --
    End of file - 19260 bytes





    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.17197 BrowserJavaVersion: 10.9.2
    Run by Tracy at 12:57:54 on 2013-02-21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.5812.1618 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\System32\atwtusb.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\atwtusb.exe
    C:\Windows\system32\EscSvc64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Windows\System32\WTMKM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://search.easylifeapp.com/?pid=686&r=2013/02/17&hid=882856990&lg=EN&cc=IE
    mDefault_Page_URL = hxxp://acer.msn.com
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\ACTIVEX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Browse2save: {6D10CE1F-A14A-7463-F326-8F0C6A8BEA5F} - C:\ProgramData\Browse2save\5120eb1406e49.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\WCIEActiveX\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: <No Name>: {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\Program Files (x86)\Flash2X\Flash Player\FlashPlayer.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\WCIEActiveX\AcroIEFavClient.dll
    TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\WCIEActiveX\AcroIEFavClient.dll
    TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\WCIEActiveX\AcroIEFavClient.dll
    uRun: [Facebook Update] "C:\Users\Tracy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [AdobeBridge] <no file>
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    StartupFolder: C:\Users\Tracy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yammer.lnk - C:\Program Files (x86)\Yammer\Yammer.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{093B5DA7-BFCE-4049-87E0-231D76686F2F} : DHCPNameServer = 10.10.0.44 10.10.0.45
    TCP: Interfaces\{1E1FE7A1-61FD-4354-B79A-6AA7618467F7} : NameServer = 62.40.32.33 8.8.8.8
    TCP: Interfaces\{A6EC42EA-8168-4075-8C55-F89EE9940DA0} : NameServer = 62.40.32.33 8.8.8.8
    TCP: Interfaces\{DD13919F-DF61-4BFD-9DE2-9C32EE1C8D7F} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{DD13919F-DF61-4BFD-9DE2-9C32EE1C8D7F}\05162716D6F657E647 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{DD13919F-DF61-4BFD-9DE2-9C32EE1C8D7F}\45F6D634275616E6 : DHCPNameServer = 159.134.0.1 159.134.0.2
    TCP: Interfaces\{DD13919F-DF61-4BFD-9DE2-9C32EE1C8D7F}\659634C61627964797 : DHCPNameServer = 192.168.11.1
    TCP: Interfaces\{DD13919F-DF61-4BFD-9DE2-9C32EE1C8D7F}\9445453547574656E64775966496 : DHCPNameServer = 10.10.0.2 10.10.0.3
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~2\browse~1\sprote~1.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://acer.msn.com
    x64-mDefault_Page_URL = hxxp://acer.msn.com
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
    x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [MacroKeyManager] WTMKM.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=686&abc=ff1&r=2013/02/17&hid=882856990&lg=EN&cc=IE&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.ie/
    FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=686&abc=ff1&r=2013/02/17&hid=882856990&lg=EN&cc=IE&l=1&q=
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Tracy\AppData\Local\Citrix\Plugins\92\npappdetector.dll
    FF - plugin: C:\Users\Tracy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-02-07 16:54; [email protected]otcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF - ExtSQL: 2013-02-12 15:41; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
    FF - ExtSQL: 2013-02-17 14:37; [email protected]; C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/03/24 18:14:25];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-8-16 146928]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-25 321104]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-3-24 868896]
    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-12-30 179296]
    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-12-30 151648]
    R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2012-12-30 135824]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-17 144640]
    R2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [2012-10-9 111664]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-24 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-19 243232]
    R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
    R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-10 40448]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-24 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-25 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-25 271872]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-12-10 246224]
    S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2012-12-10 114304]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-17 50432]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-2 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-02-21 12:51:49 -------- d-s---w- C:\ComboFix
    2013-02-19 16:04:57 -------- d-----w- C:\Users\Tracy\AppData\Roaming\NCdownloader
    2013-02-17 14:15:34 -------- d-----w- C:\ProgramData\RightClick
    2013-02-17 14:09:28 -------- d-----w- C:\Program Files (x86)\BrowseToSave
    2013-02-17 14:09:16 -------- d-----w- C:\ProgramData\Browse2save
    2013-02-17 14:09:11 -------- d-----w- C:\Program Files (x86)\EasyLife
    2013-02-17 14:08:21 -------- d-----w- C:\ProgramData\InstallMate
    2013-02-15 14:08:43 -------- d-----w- C:\Users\Tracy\AppData\Roaming\PrimoPDF
    2013-02-15 14:07:51 -------- d-----w- C:\Users\Tracy\AppData\Roaming\Nitro
    2013-02-15 14:07:51 -------- d-----w- C:\Users\Tracy\AppData\Roaming\FileOpen
    2013-02-15 14:07:51 -------- d-----w- C:\ProgramData\FileOpen
    2013-02-15 13:53:37 29712 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
    2013-02-15 13:53:37 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll
    2013-02-15 13:53:29 -------- d-----w- C:\Program Files\Common Files\Nitro
    2013-02-15 13:53:29 -------- d-----w- C:\Program Files (x86)\Nitro
    2013-02-15 13:53:29 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro
    2013-02-15 13:53:28 -------- d-----w- C:\ProgramData\Nitro
    2013-02-15 13:46:08 95008 ----a-w- C:\Windows\System32\Primomonnt.dll
    2013-02-15 13:46:07 -------- d-----w- C:\Users\Tracy\AppData\Roaming\OpenCandy
    2013-02-15 13:46:06 -------- d-----w- C:\Program Files (x86)\Nitro PDF
    2013-02-15 08:18:47 -------- d-----w- C:\Users\Tracy\AppData\Local\Adobe
    2013-02-14 19:28:03 -------- d-----w- C:\Users\Tracy\AppData\Roaming\PDAppFlex
    2013-02-13 11:28:32 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-02-12 09:28:33 120320 ----a-w- C:\Windows\System32\E_ILMILE.DLL
    2013-02-12 09:28:31 83968 ----a-w- C:\Windows\System32\E_IBCBILE.DLL
    2013-02-10 18:35:21 -------- d-----w- C:\Users\Tracy\AppData\Local\{CCA997F0-A9BC-4450-A3F6-587CD9E96F62}
    2013-02-04 11:51:36 -------- d-----w- C:\Program Files (x86)\Citrix
    2013-02-04 11:51:12 -------- d-----w- C:\Users\Tracy\AppData\Local\Citrix
    2013-01-24 16:33:25 -------- d-----w- C:\Users\Tracy\AppData\Roaming\Aleo Software
    .
    ==================== Find3M ====================
    .
    2013-02-08 12:59:36 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-08 12:59:36 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-26 16:48:25 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2013-01-08 03:41:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 03:12:29 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-05 05:57:43 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:02:17 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:02:17 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll
    2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe
    2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-12-20 14:07:05 1198080 ----a-w- C:\Windows\System32\wininet.dll
    2012-12-20 14:03:01 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2012-12-20 12:59:24 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-12-20 12:56:56 482816 ----a-w- C:\Windows\System32\html.iec
    2012-12-20 12:01:14 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2012-12-20 11:28:50 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    .
    ============= FINISH: 12:58:45.19 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 30/06/2011 21:20:23
    System Uptime: 21/02/2013 08:38:10 (4 hours ago)
    .
    Motherboard: Acer | | JE70_CP
    Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 2667/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 235.763 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP146: 07/02/2013 16:43:16 - Removed Adobe Acrobat XI Pro.
    RP147: 07/02/2013 16:51:54 - Installed Adobe Acrobat XI Pro.
    RP148: 11/02/2013 17:18:54 - Removed Yammer
    RP149: 14/02/2013 09:15:33 - Windows Update
    RP150: 14/02/2013 16:14:01 - Removed Adobe Acrobat XI Pro.
    RP151: 14/02/2013 16:21:10 - Installed Adobe Acrobat XI Pro.
    RP152: 18/02/2013 00:44:45 - Windows Update
    RP153: 19/02/2013 23:14:06 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Leawo MP4 Converter version 5.0.0.0
    ABBYY FineReader 9.0 Sprint
    Acer Backup Manager
    Acer Crystal Eye webcam Ver:1.1.199.107
    Acer ePower Management
    Acer eRecovery Management
    Acer GameZone Console
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Adobe Acrobat XI Pro
    Adobe AIR
    Adobe Community Help
    Adobe Dreamweaver CS5
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop Lightroom 4.1 64-bit
    Adobe Reader XI (11.0.01)
    Airport Mania First Flight
    Alcor Micro USB Card Reader
    ALPS Touch Pad Driver
    Amazonia
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    Backup Manager Basic
    Balsamiq Mockups For Desktop
    Basic Operation Guide EPSON XP-302 303 305 306 Series
    Bonjour
    Broadcom Gigabit NetLink Controller
    Browse2save
    BrowseToSave 1.74
    Cake Mania
    Camtasia Studio 8
    CardRecovery 6.00
    Corel Shell Extension - 64Bit
    CorelDRAW Essentials 4
    CorelDRAW Essentials 4 - Content
    CorelDRAW Essentials 4 - Draw
    CorelDRAW Essentials 4 - Extra Content
    CorelDRAW Essentials 4 - Filters
    CorelDRAW Essentials 4 - ICA
    CorelDRAW Essentials 4 - IPM - No VBA
    CorelDRAW Essentials 4 - Lang BR
    CorelDRAW Essentials 4 - Lang DE
    CorelDRAW Essentials 4 - Lang EN
    CorelDRAW Essentials 4 - Lang ES
    CorelDRAW Essentials 4 - Lang FR
    CorelDRAW Essentials 4 - Lang IT
    CorelDRAW Essentials 4 - Lang NL
    CorelDRAW Essentials 4 - PHOTO-PAINT
    CorelDRAW Essentials 4 - Windows Shell Extension
    CyberLink PowerDVD 9
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Download Navigator
    Dream Day First Home
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Event Manager
    EPSON Scan
    EPSON XP-205 207 Series Printer Uninstall
    EPSON XP-302 303 305 306 Series Printer Uninstall
    EpsonNet Print
    eSobi v2
    exPressit SE
    Facebook Video Calling 1.0.0.7367
    Facebook Video Calling 1.2.0.287
    Farm Frenzy 2
    Flash2X Flash Player version 3.0.2
    Galapago
    Google Chrome
    Google Drive
    Google Earth
    Google Talk (remove only)
    Google Update Helper
    GoToMeeting 5.4.0.1082
    Heroes of Hellas
    iCloud
    Identity Card
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    Launch Manager
    MacroKey Manager
    Merriam Websters Spell Jam
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Project 2010 Service Pack 1 (SP1)
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Mozilla Firefox 18.0.2 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MyWinLocker
    MyWinLocker Suite
    Network Guide EPSON XP-205 207 Series
    Network Guide EPSON XP-302 303 305 306 Series
    Nitro Reader 3
    Norton Online Backup
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    O2 Broadband
    PandoraRecovery (Remove Only)
    Poker Pop
    Prezi Desktop
    PrimoPDF -- brought to you by Nitro PDF Software
    QuickTime
    Realtek High Definition Audio Driver
    RelevantKnowledge
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Shredder
    Skype Click to Call
    Skype™ 6.0
    Spin & Win
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    User's Guide EPSON XP-205 207 Series
    User's Guide EPSON XP-302 303 305 306 Series
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    VLC media player 0.9.8a
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    21/02/2013 08:46:24, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    21/02/2013 08:39:05, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    19/02/2013 20:21:02, Error: bowser [8003] - The master browser has received a server announcement from the computer BERNARD-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DD13919F-DF61-4BFD-9DE2-9C32EE1C8D7F}. The master browser is stopping or an election is being forced.
    19/02/2013 16:06:55, Error: Service Control Manager [7022] - The Intel(R) Management & Security Application User Notification Service service hung on starting.
    15/02/2013 13:57:59, Error: bowser [8003] - The master browser has received a server announcement from the computer BROOMSTICK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DD13919F-DF61-4BFD-9DE2-9C32EE1C8D7F}. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================




    GMER 2.1.19081 - http://www.gmer.net
    Rootkit scan 2013-02-21 15:33:42
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
    Running: snky8cj6.exe; Driver: C:\Users\Tracy\AppData\Local\Temp\fftdipog.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1723bb7e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1724e51e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x32134e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x321b3e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3220ce]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x32283e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x324f1e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3271fe]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x32da8e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CD, FF, CC, CC, CC, CC]
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x346d1e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x34dafe]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x34df1e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x34e18e]}
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\system32\Dwm.exe[2036] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A4, FF]
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb1e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e4be]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefc4e39f0 7 bytes JMP 0
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\SSPICLI.DLL!DecryptMessage 000007fefc4e3b44 7 bytes JMP 80000
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 6 bytes JMP 50b6ff00
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x71107e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x71186e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x711dfe]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x71256e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x714c4e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x716f2e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x71d7be]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 10 bytes {JMP QWORD [RIP-0x71d88e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x736a4e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x73d82e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x73dc4e]}
    .text C:\Windows\Explorer.EXE[2212] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x73debe]}
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 00000001029e5001
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 00000001029e3fdc
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 00000001029e1489
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 00000001029e2e14
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 00000001029d7b16
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 00000001029e6aa5
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001029e45e3
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 00000001029e2a61
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001029e63af
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 00000001029e3a52
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 00000001029e2574
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001029e35db
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001029e28ea
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 00000001029e4335
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001029e60bb
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 00000001029e3069
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 00000001029e3ceb
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 00000001029e4b72
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x3b134e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x3b1b3e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3b20ce]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x3b283e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x3b4f1e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3b71fe]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x3bda8e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [C4, FF, CC, CC, CC, CC]
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x3d6d1e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x3ddafe]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x3ddf1e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x3de18e]}
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\System32\igfxtray.exe[3368] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [9B, FF]
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [65, FF]
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\System32\SspiCli.dll!EncryptMessage 000007fefc4e39f0 7 bytes {JMP QWORD [RIP+0x4ac892]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\System32\SspiCli.dll!DecryptMessage 000007fefc4e3b44 7 bytes {JMP QWORD [RIP+0x4ac76e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x71134e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x711b3e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x7120ce]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x71283e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x714f1e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x7171fe]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x71da8e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [8E, FF, CC, CC, CC, CC]
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x736d1e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x73dafe]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x73df1e]}
    .text C:\Windows\System32\hkcmd.exe[3508] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x73e18e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x71134e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x711b3e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x7120ce]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x71283e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x714f1e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x7171fe]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x71da8e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [8E, FF, CC, CC, CC, CC]
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x736d1e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x73dafe]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x73df1e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x73e18e]}
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\System32\igfxpers.exe[3552] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [65, FF]
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x71134e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x711b3e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x7120ce]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x71283e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x714f1e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x7171fe]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x71da8e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [8E, FF, CC, CC, CC, CC]
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x736d1e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x73dafe]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x73df1e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x73e18e]}
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3468] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [65, FF]
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Windows\PLFSetI.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1723bb7e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1724e51e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefc4e39f0 7 bytes {JMP QWORD [RIP+0x49c892]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\SspiCli.dll!DecryptMessage 000007fefc4e3b44 7 bytes {JMP QWORD [RIP+0x49c76e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x72134e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x721b3e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x7220ce]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x72283e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x724f1e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x7271fe]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x72da8e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [8D, FF, CC, CC, CC, CC]
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x746d1e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x74dafe]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x74df1e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x74e18e]}
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files\Apoint2K\Apoint.exe[3672] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [64, FF]
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1723bb7e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1724e51e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x72134e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x721b3e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x7220ce]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x72283e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x724f1e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x7271fe]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x72da8e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [8D, FF, CC, CC, CC, CC]
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x746d1e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x74dafe]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x74df1e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x74e18e]}
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2076] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [64, FF]
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x31134e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x311b3e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3120ce]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x31283e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x314f1e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3171fe]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x31da8e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CE, FF, CC, CC, CC, CC]
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x336d1e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x33dafe]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x33df1e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x33e18e]}
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3836] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A5, FF]
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1723bb7e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1724e51e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x32134e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x321b3e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3220ce]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x32283e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x324f1e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3271fe]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x32da8e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CD, FF, CC, CC, CC, CC]
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x346d1e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x34dafe]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x34df1e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x34e18e]}
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\System32\WTMKM.exe[1012] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A4, FF]
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x3b134e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x3b1b3e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3b20ce]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x3b283e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x3b4f1e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3b71fe]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x3bda8e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [C4, FF, CC, CC, CC, CC]
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x3d6d1e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x3ddafe]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x3ddf1e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x3de18e]}
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\system32\igfxsrvc.exe[3784] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [9B, FF]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [65, FF]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefc4e39f0 7 bytes {JMP QWORD [RIP+0x4ac892]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\SspiCli.dll!DecryptMessage 000007fefc4e3b44 7 bytes {JMP QWORD [RIP+0x4ac76e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x71134e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x711b3e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x7120ce]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x71283e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x714f1e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x7171fe]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x71da8e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!WSASendTo + 4 000007fefd0addb4 6 bytes [8E, FF, CC, CC, CC, CC]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x736d1e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x73dafe]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x73df1e]}
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1616] C:\Windows\system32\ws2_32.DLL!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x73e18e]}
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe[3028] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000100625001
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000100623fdc
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000100621489
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000100622e14
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000100617b16
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001006245e3
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000100622a61
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001006263af
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000100623a52
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000100622574
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001006235db
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001006228ea
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000100624335
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001006260bb
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000100623069
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000100623ceb
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000100624b72
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000100626aa5
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000103b05001
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000103b03fdc
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000103b01489
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000103b02e14
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000103af7b16
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 0000000103b045e3
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000103b02a61
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 0000000103b063af
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000103b03a52
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000103b02574
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 0000000103b035db
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 0000000103b028ea
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000103b04335
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 0000000103b060bb
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000103b03069
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000103b03ceb
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000103b04b72
    .text C:\Program Files (x86)\Launch Manager\LManager.exe[4276] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000103b06aa5
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x3b134e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x3b1b3e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3b20ce]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x3b283e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x3b4f1e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3b71fe]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x3bda8e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [C4, FF, CC, CC, CC, CC]
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x3d6d1e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x3ddafe]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x3ddf1e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x3de18e]}
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\system32\igfxext.exe[4416] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [9B, FF]
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1723bb7e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1724e51e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x3c134e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x3c1b3e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3c20ce]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x3c283e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x3c4f1e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3c71fe]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x3cda8e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [C3, FF, CC, CC, CC, CC]
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x3e6d1e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x3edafe]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x3edf1e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x3ee18e]}
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\system32\wbem\unsecapp.exe[4552] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [9A, FF]
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x31134e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x311b3e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3120ce]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x31283e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x314f1e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3171fe]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x31da8e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CE, FF, CC, CC, CC, CC]
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x336d1e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x33dafe]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x33df1e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x33e18e]}
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4788] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A5, FF]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4816] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4816] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4816] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 00000001032b5001
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 00000001032b3fdc
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 00000001032b1489
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 00000001032b2e14
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 00000001032a7b16
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001032b45e3
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 00000001032b2a61
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001032b63af
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 00000001032b3a52
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 00000001032b2574
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001032b35db
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001032b28ea
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 00000001032b4335
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001032b60bb
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 00000001032b3069
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 00000001032b3ceb
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 00000001032b4b72
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4884] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 00000001032b6aa5
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x31134e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x311b3e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3120ce]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x31283e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x314f1e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3171fe]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x31da8e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CE, FF, CC, CC, CC, CC]
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x336d1e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x33dafe]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x33df1e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x33e18e]}
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files\Apoint2K\HidFind.exe[1224] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A5, FF]
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x31134e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x311b3e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3120ce]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x31283e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x314f1e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3171fe]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x31da8e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CE, FF, CC, CC, CC, CC]
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x336d1e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x33dafe]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x33df1e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x33e18e]}
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files\Apoint2K\Apntex.exe[3588] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A5, FF]
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\ws2_32.DLL!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 00000001057d5001
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 00000001057d3fdc
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 00000001057d1489
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 00000001057d2e14
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001057d45e3
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 00000001057d2a61
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001057d63af
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 00000001057d3a52
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 00000001057d2574
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001057d35db
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001057d28ea
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 00000001057d4335
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001057d60bb
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 00000001057d3069
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 00000001057d3ceb
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 00000001057d4b72
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 00000001057c7b16
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 00000001057d6aa5
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe[5904] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[7720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x31134e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x311b3e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3120ce]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x31283e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x314f1e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3171fe]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x31da8e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CE, FF, CC, CC, CC, CC]
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x336d1e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x33dafe]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x33df1e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x33e18e]}
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[7948] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A5, FF]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x31134e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x311b3e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3120ce]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x31283e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x314f1e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3171fe]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x31da8e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CE, FF, CC, CC, CC, CC]
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x336d1e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x33dafe]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x33df1e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x33e18e]}
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\system32\wuauclt.exe[2024] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A5, FF]
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007722bbc0 8 bytes {JMP QWORD [RIP-0x1722bb7e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\kernel32.dll!CreateProcessW 000000007723e590 12 bytes {JMP QWORD [RIP-0x1723e51e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefc4e39f0 7 bytes {JMP QWORD [RIP+0x8ac892]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\SspiCli.dll!DecryptMessage 000007fefc4e3b44 7 bytes {JMP QWORD [RIP+0x8ac76e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!WSASend 000007fefd0a14b0 10 bytes {JMP QWORD [RIP-0x31134e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd0a1be1 8 bytes {JMP QWORD [RIP-0x311b3e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefd0a2200 10 bytes {JMP QWORD [RIP-0x3120ce]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!recv 000007fefd0a2940 10 bytes {JMP QWORD [RIP-0x31283e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd0a4f61 6 bytes {JMP QWORD [RIP-0x314f1e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!send 000007fefd0a72d0 10 bytes {JMP QWORD [RIP-0x3171fe]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!sendto 000007fefd0adc80 7 bytes {JMP QWORD [RIP-0x31da8e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd0addb0 3 bytes [FF, 25, A2]
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd0addb4 6 bytes [CE, FF, CC, CC, CC, CC]
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd0c6eb0 7 bytes {JMP QWORD [RIP-0x336d1e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd0cdb70 7 bytes {JMP QWORD [RIP-0x33dafe]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd0ce140 7 bytes {JMP QWORD [RIP-0x33df1e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefd0ce350 7 bytes {JMP QWORD [RIP-0x33e18e]}
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd33de80 3 bytes [FF, 25, 62]
    .text C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNILE.EXE[7348] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile + 4 000007fefd33de84 2 bytes [A5, FF]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007753f9a0 5 bytes JMP 00000001747a84c0
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007753fa38 5 bytes JMP 00000001747dc400
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007753fbc8 5 bytes JMP 00000001747a83f0
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007753fdec 5 bytes JMP 00000001747a8550
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077540154 5 bytes JMP 00000001747dc490
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000775412cc 5 bytes JMP 00000001747a86d0
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\kernel32.dll!CloseHandle 00000000767613d0 5 bytes JMP 00000001747a82f0
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000767622fb 5 bytes JMP 00000001747a81b0
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\kernel32.dll!CreateFileA 000000007676ca6e 5 bytes JMP 00000001747a8070
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[10960] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    ? C:\Windows\system32\mssprxy.dll [10960] entry point in ".rdata" section 00000000749371e6
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x4df228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x4df268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x4df1a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x4df128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x4df328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x4df368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x4df2e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x4df2a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x4df068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x4df0a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x4df028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x4df1e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x4df168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x4df0e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x498e28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x498e68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 2 bytes [BA, A8]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8 000000007753fbb8 4 bytes {LEA ECX, [RCX+0x0]; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 2 bytes [BA, 28]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8 000000007753fbd0 4 bytes {LEA ECX, [RCX+0x0]; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x498f28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x498f68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x498ee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x498ea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x498c68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x498ca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x498c28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 2 bytes [BA, E8]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8 0000000077541058 4 bytes {LEA ECX, [RCX+0x0]; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 2 bytes [BA, 68]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8 00000000775410d0 4 bytes {LEA ECX, [RCX+0x0]; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x498ce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x33ce28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x33ce68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x33cda8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x33cd28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x33cf28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x33cf68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x33cee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x33cea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x33cc68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x33cca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x33cc28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x33cde8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x33cd68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x33cce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0xfba28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0xfba68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0xfb9a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0xfb928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0xfbb28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0xfbb68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0xfbae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0xfbaa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0xfb868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0xfb8a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0xfb828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0xfb9e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0xfb968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0xfb8e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x7b9628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x7b9668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x7b95a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x7b9528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x7b9728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x7b9768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x7b96e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x7b96a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x7b9468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x7b94a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x7b9428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x7b95e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x7b9568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x7b94e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x345228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x345268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x3451a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x345128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x345328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x345368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x3452e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x3452a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x345068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x3450a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x345028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x3451e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x345168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x3450e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4212] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000110045001
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000110043fdc
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000110041489
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000110042e14
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000110037b16
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 00000001100445e3
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000110042a61
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 00000001100463af
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000110043a52
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000110042574
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 00000001100435db
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 00000001100428ea
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000110044335
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 00000001100460bb
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000110043069
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000110043ceb
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000110044b72
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000110046aa5
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x479628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x479668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x4795a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x479528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x479728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x479768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x4796e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x4796a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x479468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x4794a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x479428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x4795e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x479568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x4794e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007676102d 5 bytes JMP 0000000102e55001
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000076779a8c 5 bytes JMP 0000000102e53fdc
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750a11a0 5 bytes JMP 0000000102e51489
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750a11ef 5 bytes JMP 0000000102e52e14
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000768ca394 5 bytes JMP 0000000102e47b16
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!sendto 00000000764f3aed 5 bytes JMP 0000000102e545e3
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000764f3bed 5 bytes JMP 0000000102e52a61
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000764f418d 5 bytes JMP 0000000102e563af
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!recv 00000000764f47df 5 bytes JMP 0000000102e53a52
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!connect 00000000764f48be 5 bytes JMP 0000000102e52574
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000764f68a7 5 bytes JMP 0000000102e535db
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764fbb9b 5 bytes JMP 0000000102e528ea
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000764fbf39 5 bytes JMP 0000000102e54335
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000764fc29f 5 bytes JMP 0000000102e560bb
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!send 00000000764fc4c8 5 bytes JMP 0000000102e53069
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 00000000764fe860 5 bytes JMP 0000000102e53ceb
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007650adc4 5 bytes JMP 0000000102e54b72
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9004] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076fe5bf0 5 bytes JMP 0000000102e56aa5
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0xe6b628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0xe6b668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0xe6b5a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0xe6b528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0xe6b728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0xe6b768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0xe6b6e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0xe6b6a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0xe6b468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0xe6b4a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0xe6b428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0xe6b5e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0xe6b568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0xe6b4e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076711465 2 bytes [71, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767114bb 2 bytes [71, 76]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1172:4980] 0000000076b57587
    Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1172:5020] 000000006e620cb3
    Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1172:5868] 0000000077572e3e
    Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1172:3512] 0000000077573e59
    Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1172:10560] 0000000077573e59
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5712:5860] 000007fefabe2a88

    ---- EOF - GMER 2.1 ----
     
  2. TechieRanger

    TechieRanger

    Joined:
    Nov 1, 2012
    Messages:
    505
    Hi, and welcome to our malware removal forum!

    My name is Richard and I'll be happy to help you with your computer problems.

    Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

    Please note the following:

    • The cleaning process is not instant as logs can take time to research. Sit tight and please be patient.
    • I will be working on your malware issues. This may or may not solve other issues you may have with your system.
    • While we are fixing your problems, do NOT install/re-install any programs or run any fixes or scanners unless told to do so.
    • Ensure that your anti-virus definitions are up-to-date.
    • I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
    • Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
    • During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
    • I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
    • Be sure to follow the directions and run tools/scans in the order listed.
    I will return as soon as possible with more instructions.



    Regards,

    Richard:D
     
  3. TechieRanger

    TechieRanger

    Joined:
    Nov 1, 2012
    Messages:
    505
    Could you let me know whether this is a business computer or your own personal PC? :)

    Next

    ADWCLEANER
    ----------------------------
    Download AdwCleaner from here and save it to your desktop.

    • Run AdwCleaner and select Delete.
    • Once done it will ask to reboot, allow the reboot.
    • On reboot a log will be produced, please attach the content of the log to your next reply.

    Next

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      DRIVES
      CREATERESTOREPOINT
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    In your next reply, please provide the following:

    • AdwCleaner log.
    • OTL log.
    • Description of how your PC is running.




    Regards,

    Richard:D
     
  4. Tracy100

    Tracy100 Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    11
    Hi Richard...

    Thanks so much for thaking the time to help me out! I really appreciate it!

    I use this laptop for both personal and work use. I have full ownership of it.

    I ran those programmes like you said and I haven't noticed much of a change to my laptops performance except when I browse a site, say amazon for example and the very small transparent windows that appear on the pages have disappeared. The easylife files still seem to be present though, I can see them when I go to about:config on firefox...when I type in easylife 6 results appear.

    I put in a screen grab below just incase it is of use/interest to you.




    Other than these things I cannot see any differences in my computers performance..if I notice something else soon I will reply here again.

    Here are the logs of the scans:


    OTL logfile created on: 24/02/2013 16:31:35 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    5.68 Gb Total Physical Memory | 3.41 Gb Available Physical Memory | 60.10% Memory free
    11.35 Gb Paging File | 8.95 Gb Available in Paging File | 78.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.42 Gb Total Space | 234.99 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
    Drive E: | 3.76 Gb Total Space | 3.24 Gb Free Space | 86.11% Space Free | Partition Type: FAT32

    Computer Name: TRACY1 | User Name: Tracy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Tracy\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    PRC - C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
    PRC - C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Windows\PLFSetI.exe ()
    PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
    PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
    PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    PRC - C:\Users\Tracy\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\_elementtree.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\pysqlite2._sqlite.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32com.shell.shell.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32api.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\wx._html2.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\_socket.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32ts.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\windows._cacheinvalidation.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\wx._gdi_.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\pyexpat.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32crypt.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\wx._misc_.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\pythoncom26.dll ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32security.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\PyWinTypes26.dll ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\_ctypes.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32profile.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\wx._core_.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\_ssl.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32process.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32pdh.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\_hashlib.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\wx._windows_.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\wx._wizard.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32file.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32inet.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\wx._controls_.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\win32event.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\unicodedata.pyd ()
    MOD - C:\Users\Tracy\AppData\Local\Temp\_MEI50882\select.pyd ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\libglesv2.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\libegl.dll ()
    MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll ()
    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Windows\PLFSetI.exe ()
    MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
    MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (NitroReaderDriverReadSpool3) -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Nitro PDF Software)
    SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
    SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
    SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (WTService) -- C:\Windows\SysNative\atwtusb.exe ()
    SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
    SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
    SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
    SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
    DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
    DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\walvhid.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
    DRV:64bit: - (moufiltr) -- C:\Windows\SysNative\drivers\moufiltr.sys (Windows (R) Codename Longhorn DDK provider)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
    DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/?pid=686&r=2013/02/17&hid=882856990&lg=EN&cc=IE
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=686&r=2013/02/17&hid=882856990&lg=EN&cc=IE
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://ie.yahoo.com/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=686&r=2013/02/17&hid=882856990&lg=EN&cc=IE
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "EasyLife"
    FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "http://search.easylifeapp.com/?pid=686&abc=ff1&r=2013/02/17&hid=882856990&lg=EN&cc=IE&l=1&q="
    FF - prefs.js..browser.search.order.1: "EasyLife"
    FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk"
    FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
    FF - prefs.js..browser.startup.homepage: "https://www.google.ie/"
    FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10
    FF - prefs.js..extensions.enabledAddons: tiletabs%40DW-dev:8.6
    FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
    FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.3
    FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - prefs.js..keyword.URL: "http://www.google.com/search?hl=en-GB&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Tracy\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tracy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/02/14 16:24:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 08:57:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 08:57:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/03/23 18:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions
    [2013/02/24 16:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions
    [2012/12/14 21:22:28 | 000,102,559 | ---- | M] () (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions\[email protected]
    [2012/08/28 22:52:01 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
    [2013/02/12 15:41:30 | 000,013,838 | ---- | M] () (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
    [2013/01/07 14:14:49 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2013/02/21 08:43:26 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
    [2013/02/17 14:09:11 | 000,000,580 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\searchplugins\EasyLife.xml
    [2013/02/06 08:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/02/06 08:57:51 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/12/05 16:08:34 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/09/11 09:44:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/12/05 16:08:34 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/12/05 16:08:33 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/10/12 15:17:11 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/12/05 16:08:33 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Relevant-Knowledge (Enabled) = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins/rlcm.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Tracy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Webpage & WebCam Screenshot = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.3_0\
    CHR - Extension: Google Search = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
    CHR - Extension: AT_NikDaum = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfmpelgahgacpphlbdgphkeidgjeigme\2_0\
    CHR - Extension: Ajax Animator = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ginffkjapdobanedcblllenliboglpkp\1.0.2_0\
    CHR - Extension: Rummikub = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\inkiliggodjonlfmnpchdgikolcbopif\1.0.0.5_0\
    CHR - Extension: StumbleUpon = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.12.6.1_0\
    CHR - Extension: Gmail = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Astrid Tasks = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmjlnfgnkpknjgkpohcgoeiakkbofpjo\1.1.13_0\

    O1 HOSTS File: ([2012/11/26 20:27:12 | 000,001,805 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
    O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\Program Files (x86)\Flash2X\Flash Player\FlashPlayer.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\ACROBAT\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" File not found
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Tracy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [GoogleChromeAutoLaunch_01CA19FABFA3145EF0091BC706EED4AD] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [googletalk] C:\Users\Tracy\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
    O4 - Startup: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093B5DA7-BFCE-4049-87E0-231D76686F2F}: DhcpNameServer = 10.10.0.44 10.10.0.45
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E1FE7A1-61FD-4354-B79A-6AA7618467F7}: NameServer = 62.40.32.33 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6EC42EA-8168-4075-8C55-F89EE9940DA0}: NameServer = 62.40.32.33 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD13919F-DF61-4BFD-9DE2-9C32EE1C8D7F}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{438a8745-4379-11e2-979e-90a4de28483e}\Shell - "" = AutoRun
    O33 - MountPoints2\{438a8745-4379-11e2-979e-90a4de28483e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{ad1a7f41-4300-11e2-8b99-206a8a376313}\Shell - "" = AutoRun
    O33 - MountPoints2\{ad1a7f41-4300-11e2-8b99-206a8a376313}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{ad1a7f52-4300-11e2-8b99-206a8a376313}\Shell - "" = AutoRun
    O33 - MountPoints2\{ad1a7f52-4300-11e2-8b99-206a8a376313}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/22 14:38:47 | 000,000,000 | ---D | C] -- C:\Users\Tracy\Desktop\Viclarity glitch
    [2013/02/21 12:51:49 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2013/02/21 12:44:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/21 12:43:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/02/21 12:43:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2013/02/21 12:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/02/20 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Nitro PDF
    [2013/02/19 16:04:57 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\NCdownloader
    [2013/02/17 14:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
    [2013/02/17 14:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife
    [2013/02/15 14:08:43 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\PrimoPDF
    [2013/02/15 14:07:51 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Nitro
    [2013/02/15 14:07:51 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\FileOpen
    [2013/02/15 14:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
    [2013/02/15 13:53:37 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
    [2013/02/15 13:53:37 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
    [2013/02/15 13:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
    [2013/02/15 13:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
    [2013/02/15 13:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
    [2013/02/15 13:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
    [2013/02/15 13:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
    [2013/02/15 13:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
    [2013/02/15 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\Adobe
    [2013/02/14 19:28:03 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\PDAppFlex
    [2013/02/14 15:06:37 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Adobe
    [2013/02/13 11:29:26 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/02/13 11:29:24 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/02/13 11:29:24 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/02/13 11:29:04 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/13 11:29:02 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/02/13 11:29:02 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/02/13 11:29:02 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/02/13 11:29:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/02/13 11:29:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/02/13 11:29:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/02/13 11:29:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/02/13 11:29:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/02/13 11:29:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/02/13 11:29:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/02/13 11:29:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/02/13 11:29:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/02/13 11:29:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/02/13 11:29:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/02/13 11:28:32 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013/02/13 11:28:32 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013/02/13 11:28:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/02/13 11:28:32 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/02/13 11:28:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013/02/13 11:28:31 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/02/13 11:28:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/02/13 11:28:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/02/13 11:28:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/02/13 11:28:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/02/13 11:28:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/02/13 11:28:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/02/13 11:28:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/02/13 11:28:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/02/13 11:28:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013/02/13 11:28:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/02/13 11:28:27 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013/02/13 11:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/02/12 09:28:33 | 000,120,320 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMILE.DLL
    [2013/02/12 09:28:31 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBILE.DLL
    [2013/02/10 19:02:51 | 000,000,000 | ---D | C] -- C:\Users\Tracy\Documents\window
    [2013/02/10 19:02:01 | 000,000,000 | ---D | C] -- C:\Users\Tracy\Documents\Windows Movie Maker
    [2013/02/10 18:35:21 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\{CCA997F0-A9BC-4450-A3F6-587CD9E96F62}
    [2013/02/06 08:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/02/04 11:51:44 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
    [2013/02/04 11:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2013/02/04 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\Citrix
    [2013/01/31 11:12:07 | 000,000,000 | ---D | C] -- C:\Users\Tracy\Desktop\Adobe Acrobat XI
    [2013/01/31 11:09:12 | 000,000,000 | ---D | C] -- C:\Users\Tracy\Desktop\ADOBE_ACROBAT_XI_PRO_MULTI-XFORCE
    [2013/01/31 11:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2013/01/29 17:42:26 | 000,000,000 | ---D | C] -- C:\Users\Tracy\Desktop\New folder
    [2013/01/26 17:31:45 | 000,000,000 | ---D | C] -- C:\Users\Tracy\Documents\Fragments
    [1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/24 16:31:09 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/24 16:31:09 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/24 16:23:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/24 16:23:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/24 16:22:41 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
    [2013/02/24 16:22:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/24 16:22:30 | 276,115,455 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/24 16:20:48 | 000,000,108 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/24 15:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/24 15:24:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2481750509-1763966615-1250076404-1001UA.job
    [2013/02/24 15:24:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2481750509-1763966615-1250076404-1001Core.job
    [2013/02/24 14:44:11 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/02/22 10:42:47 | 000,000,132 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2013/02/22 09:44:22 | 000,038,069 | ---- | M] () -- C:\Users\Tracy\Desktop\haus-steht-kopf.jpg
    [2013/02/22 09:02:26 | 000,002,287 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/02/21 16:40:39 | 001,655,136 | ---- | M] () -- C:\Users\Tracy\Desktop\Sample homepage4.jpg
    [2013/02/21 16:40:06 | 035,005,066 | ---- | M] () -- C:\Users\Tracy\Desktop\Sample homepage4.psd
    [2013/02/21 16:16:56 | 001,863,498 | ---- | M] () -- C:\Users\Tracy\Desktop\Sample homepage3.jpg
    [2013/02/21 16:14:56 | 036,226,035 | ---- | M] () -- C:\Users\Tracy\Desktop\Sample homepage3.psd
    [2013/02/21 09:27:04 | 002,268,104 | ---- | M] () -- C:\Users\Tracy\Desktop\how_to_use_pinterest_for_business-01.pdf
    [2013/02/21 09:26:57 | 001,475,018 | ---- | M] () -- C:\Users\Tracy\Desktop\Introduction-to-SEO-eBook.pdf
    [2013/02/20 17:07:59 | 004,504,354 | ---- | M] () -- C:\Users\Tracy\Desktop\sample homepage 2.jpg
    [2013/02/20 17:07:35 | 017,994,561 | ---- | M] () -- C:\Users\Tracy\Desktop\sample homepage 2.psd
    [2013/02/20 16:25:35 | 018,195,232 | ---- | M] () -- C:\Users\Tracy\Desktop\sample homepage.psd
    [2013/02/20 16:21:53 | 005,152,074 | ---- | M] () -- C:\Users\Tracy\Desktop\sample homepage.jpg
    [2013/02/19 23:21:05 | 000,765,218 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/02/19 23:21:05 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/19 23:21:05 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/19 23:21:00 | 000,765,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/17 22:10:12 | 000,251,925 | ---- | M] () -- C:\Users\Tracy\Desktop\data.png
    [2013/02/17 21:38:36 | 000,093,189 | ---- | M] () -- C:\Users\Tracy\Desktop\65946ff378717d4ae8550c1b5b20f835.jpg
    [2013/02/17 20:56:38 | 000,051,463 | ---- | M] () -- C:\Users\Tracy\Desktop\183091_10150104097547713_392737_n.jpg
    [2013/02/17 20:52:25 | 000,033,863 | ---- | M] () -- C:\Users\Tracy\Desktop\308654df1cc0e2d9c842419d1e4b6285.jpg
    [2013/02/17 20:49:46 | 000,155,894 | ---- | M] () -- C:\Users\Tracy\Desktop\4d6f8b516441987cd8fda9aa29b3669c.jpg
    [2013/02/16 22:23:46 | 000,044,527 | ---- | M] () -- C:\Users\Tracy\Desktop\kc106-000_9.jpg
    [2013/02/15 13:53:33 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
    [2013/02/15 13:46:12 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
    [2013/02/15 13:46:07 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
    [2013/02/15 08:25:08 | 013,219,988 | ---- | M] () -- C:\Users\Tracy\Desktop\viclarity3.wav
    [2013/02/14 20:19:47 | 000,049,879 | ---- | M] () -- C:\Users\Tracy\Documents\Donal2.wma
    [2013/02/14 20:18:43 | 000,031,919 | ---- | M] () -- C:\Users\Tracy\Desktop\Donal Scannel.wma
    [2013/02/14 20:17:39 | 000,031,919 | ---- | M] () -- C:\Users\Tracy\Documents\Donal 1.wma
    [2013/02/14 20:17:01 | 000,031,919 | ---- | M] () -- C:\Users\Tracy\Desktop\Donal.wma
    [2013/02/14 19:55:25 | 013,201,746 | ---- | M] () -- C:\Users\Tracy\Desktop\viclarity2.wav
    [2013/02/14 19:38:22 | 001,141,962 | ---- | M] () -- C:\Users\Tracy\Desktop\Risk Management Paul V5-1.pdf
    [2013/02/14 19:21:53 | 005,011,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/14 16:27:23 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
    [2013/02/14 16:27:22 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
    [2013/02/12 17:01:00 | 000,215,615 | ---- | M] () -- C:\Users\Tracy\Desktop\ViClarityStand-Proof.jpg
    [2013/02/12 09:29:53 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\Network Guide EPSON XP-205 207 Series.lnk
    [2013/02/12 09:29:42 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\User's Guide EPSON XP-205 207 Series.lnk
    [2013/02/12 09:28:06 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2013/02/11 08:56:17 | 000,000,963 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk
    [2013/02/08 13:03:01 | 000,085,065 | ---- | M] () -- C:\Users\Tracy\Desktop\videos.jpg
    [2013/02/08 12:59:36 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/02/08 12:59:36 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/02/08 12:54:38 | 000,073,594 | ---- | M] () -- C:\Users\Tracy\Desktop\wordpress.jpg
    [2013/02/07 16:45:33 | 000,000,112 | -H-- | M] () -- C:\B2269A398CA7
    [2013/02/06 11:21:04 | 001,692,603 | ---- | M] () -- C:\Users\Tracy\Desktop\Untitled-1.jpg
    [2013/02/06 08:44:20 | 013,487,996 | ---- | M] () -- C:\Users\Tracy\Desktop\viclarity_b (1).wav
    [2013/02/04 11:51:44 | 000,001,380 | ---- | M] () -- C:\Users\Tracy\Desktop\GoToMeeting.lnk
    [2013/02/01 16:07:05 | 000,908,639 | ---- | M] () -- C:\Users\Tracy\Desktop\Corporate Governance Paper - 4 November (3) Amended 23 Feb 2011.pdf
    [2013/02/01 11:46:28 | 000,000,112 | -H-- | M] () -- C:\BBE5D4D1340F
    [2013/02/01 11:46:28 | 000,000,112 | -H-- | M] () -- C:\4BA50CC0126D
    [2013/02/01 11:46:28 | 000,000,040 | -H-- | M] () -- C:\37DE66D910DB
    [2013/01/26 16:48:25 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/24 16:20:16 | 000,000,108 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/22 09:44:21 | 000,038,069 | ---- | C] () -- C:\Users\Tracy\Desktop\haus-steht-kopf.jpg
    [2013/02/21 16:40:36 | 001,655,136 | ---- | C] () -- C:\Users\Tracy\Desktop\Sample homepage4.jpg
    [2013/02/21 16:40:03 | 035,005,066 | ---- | C] () -- C:\Users\Tracy\Desktop\Sample homepage4.psd
    [2013/02/21 16:16:53 | 001,863,498 | ---- | C] () -- C:\Users\Tracy\Desktop\Sample homepage3.jpg
    [2013/02/21 16:14:52 | 036,226,035 | ---- | C] () -- C:\Users\Tracy\Desktop\Sample homepage3.psd
    [2013/02/21 12:27:33 | 000,002,287 | ---- | C] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/02/21 12:27:33 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/02/21 09:27:04 | 002,268,104 | ---- | C] () -- C:\Users\Tracy\Desktop\how_to_use_pinterest_for_business-01.pdf
    [2013/02/21 09:26:56 | 001,475,018 | ---- | C] () -- C:\Users\Tracy\Desktop\Introduction-to-SEO-eBook.pdf
    [2013/02/20 17:07:56 | 004,504,354 | ---- | C] () -- C:\Users\Tracy\Desktop\sample homepage 2.jpg
    [2013/02/20 17:07:33 | 017,994,561 | ---- | C] () -- C:\Users\Tracy\Desktop\sample homepage 2.psd
    [2013/02/20 16:03:32 | 005,152,074 | ---- | C] () -- C:\Users\Tracy\Desktop\sample homepage.jpg
    [2013/02/20 16:03:24 | 018,195,232 | ---- | C] () -- C:\Users\Tracy\Desktop\sample homepage.psd
    [2013/02/17 22:10:12 | 000,251,925 | ---- | C] () -- C:\Users\Tracy\Desktop\data.png
    [2013/02/17 21:38:36 | 000,093,189 | ---- | C] () -- C:\Users\Tracy\Desktop\65946ff378717d4ae8550c1b5b20f835.jpg
    [2013/02/17 20:56:37 | 000,051,463 | ---- | C] () -- C:\Users\Tracy\Desktop\183091_10150104097547713_392737_n.jpg
    [2013/02/17 20:52:24 | 000,033,863 | ---- | C] () -- C:\Users\Tracy\Desktop\308654df1cc0e2d9c842419d1e4b6285.jpg
    [2013/02/17 20:49:45 | 000,155,894 | ---- | C] () -- C:\Users\Tracy\Desktop\4d6f8b516441987cd8fda9aa29b3669c.jpg
    [2013/02/16 22:23:45 | 000,044,527 | ---- | C] () -- C:\Users\Tracy\Desktop\kc106-000_9.jpg
    [2013/02/15 13:53:33 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
    [2013/02/15 13:53:32 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
    [2013/02/15 13:46:12 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
    [2013/02/15 13:46:08 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
    [2013/02/15 08:24:34 | 013,219,988 | ---- | C] () -- C:\Users\Tracy\Desktop\viclarity3.wav
    [2013/02/14 20:19:47 | 000,049,879 | ---- | C] () -- C:\Users\Tracy\Documents\Donal2.wma
    [2013/02/14 20:18:43 | 000,031,919 | ---- | C] () -- C:\Users\Tracy\Desktop\Donal Scannel.wma
    [2013/02/14 20:17:38 | 000,031,919 | ---- | C] () -- C:\Users\Tracy\Documents\Donal 1.wma
    [2013/02/14 20:17:01 | 000,031,919 | ---- | C] () -- C:\Users\Tracy\Desktop\Donal.wma
    [2013/02/14 19:52:00 | 013,201,746 | ---- | C] () -- C:\Users\Tracy\Desktop\viclarity2.wav
    [2013/02/14 19:38:18 | 001,141,962 | ---- | C] () -- C:\Users\Tracy\Desktop\Risk Management Paul V5-1.pdf
    [2013/02/14 16:27:23 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
    [2013/02/14 16:27:22 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
    [2013/02/14 16:27:22 | 000,002,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
    [2013/02/14 16:27:22 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
    [2013/02/14 16:27:22 | 000,002,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
    [2013/02/12 17:00:59 | 000,215,615 | ---- | C] () -- C:\Users\Tracy\Desktop\ViClarityStand-Proof.jpg
    [2013/02/12 09:29:53 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\Network Guide EPSON XP-205 207 Series.lnk
    [2013/02/12 09:29:42 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\User's Guide EPSON XP-205 207 Series.lnk
    [2013/02/08 13:03:01 | 000,085,065 | ---- | C] () -- C:\Users\Tracy\Desktop\videos.jpg
    [2013/02/08 12:54:37 | 000,073,594 | ---- | C] () -- C:\Users\Tracy\Desktop\wordpress.jpg
    [2013/02/07 16:45:33 | 000,000,112 | -H-- | C] () -- C:\B2269A398CA7
    [2013/02/06 11:21:00 | 001,692,603 | ---- | C] () -- C:\Users\Tracy\Desktop\Untitled-1.jpg
    [2013/02/06 08:43:38 | 013,487,996 | ---- | C] () -- C:\Users\Tracy\Desktop\viclarity_b (1).wav
    [2013/02/04 11:51:44 | 000,001,380 | ---- | C] () -- C:\Users\Tracy\Desktop\GoToMeeting.lnk
    [2013/02/01 16:07:05 | 000,908,639 | ---- | C] () -- C:\Users\Tracy\Desktop\Corporate Governance Paper - 4 November (3) Amended 23 Feb 2011.pdf
    [2013/02/01 11:46:28 | 000,000,112 | -H-- | C] () -- C:\BBE5D4D1340F
    [2013/02/01 11:46:28 | 000,000,112 | -H-- | C] () -- C:\4BA50CC0126D
    [2013/02/01 11:46:28 | 000,000,040 | -H-- | C] () -- C:\37DE66D910DB
    [2013/01/23 09:23:30 | 000,000,132 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2013/01/18 17:03:36 | 000,007,168 | ---- | C] () -- C:\Users\Tracy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/08/19 18:53:16 | 000,001,456 | ---- | C] () -- C:\Users\Tracy\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012/02/28 19:54:10 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2012/02/28 19:54:10 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2012/02/21 16:17:53 | 000,000,132 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2011/12/06 10:43:11 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/12/06 10:20:17 | 000,008,229 | ---- | C] () -- C:\Windows\aiptbl.ini
    [2011/07/01 22:36:57 | 000,765,218 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/25 01:56:19 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
    [2011/03/25 01:49:26 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011/03/25 01:49:26 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2011/03/25 01:49:26 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2011/03/25 01:49:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2011/03/25 01:49:25 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2011/03/25 01:48:53 | 000,001,705 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2011/03/24 18:12:09 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2011/03/24 18:12:09 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
    [2011/03/24 18:12:09 | 000,000,321 | ---- | C] () -- C:\Windows\PidList_C.ini
    [2010/11/19 03:57:51 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/24 16:33:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Aleo Software
    [2012/12/15 19:34:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AVG2013
    [2011/09/26 14:19:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
    [2011/07/17 17:19:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/11/26 16:13:06 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/01/18 16:55:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.prezi.PreziDesktop
    [2013/02/11 18:09:09 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Epson
    [2013/02/15 14:07:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FileOpen
    [2012/01/05 11:22:13 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Leawo
    [2011/12/09 17:11:47 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LEGO Company
    [2013/02/19 16:04:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\NCdownloader
    [2013/02/15 14:07:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Nitro
    [2013/02/20 14:25:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Nitro PDF
    [2012/04/21 11:24:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PandoraRecovery
    [2013/02/14 19:28:03 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PDAppFlex
    [2013/02/15 14:08:43 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PrimoPDF
    [2011/09/30 19:12:58 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SecondLife
    [2011/07/01 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SoftGrid Client
    [2012/11/30 10:10:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TechSmith
    [2012/01/05 11:24:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\tiger-k
    [2011/07/01 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TP
    [2012/12/15 19:21:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TuneUp Software
    [2013/01/17 15:11:47 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Yammer

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
    [2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2010/11/19 03:10:57 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/19 02:59:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/19 03:10:57 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2010/11/19 02:59:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/19 03:10:57 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2010/11/19 02:59:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2010/11/19 03:10:57 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2010/11/19 02:59:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
    [2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2010/11/19 03:10:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2010/11/19 03:10:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
    [2010/11/19 03:10:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD6400BEVT-22A0RT0
    Partitions: 3
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
    Interface type: USB
    Media Type: Removable Media
    Model: USB Disk
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 15.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 15729688576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 581.00GB
    Starting Offset: 15834546176
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 4.00GB
    Starting Offset: 4194304
    Hidden sectors: 0


    ========== Files - Unicode (All) ==========
    [2012/08/28 23:24:40 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?Â) -- C:\Windows\SysNative\&#50096;Â
    [2012/08/28 23:24:39 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?Â) -- C:\Windows\SysNative\&#50096;Â
    [2012/07/16 22:31:51 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\??) -- C:\Windows\SysNative\&#50096;&#154;
    [2012/07/16 22:31:51 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\??) -- C:\Windows\SysNative\&#50096;&#154;

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4D066AD2
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

    < End of report >


    OTL Extras logfile created on: 24/02/2013 16:31:35 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    5.68 Gb Total Physical Memory | 3.41 Gb Available Physical Memory | 60.10% Memory free
    11.35 Gb Paging File | 8.95 Gb Available in Paging File | 78.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.42 Gb Total Space | 234.99 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
    Drive E: | 3.76 Gb Total Space | 3.24 Gb Free Space | 86.11% Space Free | Partition Type: FAT32

    Computer Name: TRACY1 | User Name: Tracy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{15376E1A-75CC-4D02-9FED-6590B2B092F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{160B1A06-3FB5-449A-91E2-81DA2ED2CF90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{28ABF4B6-2962-4481-88B6-E23D951084B5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2DEAA04C-078D-4FA3-B5EE-0516B7E10E35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{63236C0E-6577-4100-86E4-BCEBCFFC49BA}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6D187FF7-017A-493B-BD0C-F764EF487D70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6EE04AB8-D7D2-44C6-B626-DFDCCE9291AF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{75529653-6D49-4692-B9B1-46C10DF69756}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8CF38E9F-9515-44FB-95E5-A66A5DF50C9D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8FB6B769-826A-4B2E-96C1-DF93ADEB761F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{97A46360-9AEA-4F4E-B3B4-939D804609E2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{99670C62-75AB-44F2-A387-F117F2F69F8D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9D7BD6E0-9ED4-4926-8401-3089D7A6BE0B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A7962555-F9F4-4943-B492-EF7ECEDAE82B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{AB83132B-3715-4D97-810A-AAA2B5524D2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{ADB671D2-C0CA-4690-A74E-B906898D1593}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AE775989-B03F-42CA-859E-C579FAD88B87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B20587D7-9A14-45F6-ABD3-F69B9B615E0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B69A3036-C24E-428F-925A-86015B54FC07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{BFC48868-2BF6-4AC9-9E56-C82B8E2F499B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E44EF3F1-AEFA-4D03-97EC-AE7C633DE0B6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E67D0525-9406-4E4A-AB46-5F8C70B8020B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EB793147-B55C-431A-9735-7CC725B9B3FA}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F09C6E24-923A-4B63-A383-EF9CDC6D97C6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FB62FC71-2174-4C63-9A9F-5584DE3159AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{FD910834-59BA-41EE-8BA8-442534FD1A14}" = rport=138 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03188DBE-EBCD-4C20-BD3A-DD56C9F50F7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{04ACFC1F-0472-444F-A2BA-8067786E2DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{04BA7C60-BD12-454C-988D-CB22D502872D}" = protocol=6 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe |
    "{08258190-D948-4CAE-9DF8-7C583851E8D4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{0866CDAA-EDF2-4D43-878C-0F630AAB7175}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{09473508-12CD-4B07-BE97-14A27577B8F4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{0D51BF34-FA21-4A3D-8C46-A13F8C76B665}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0EBE9824-D009-487F-91E6-DA82D8853D67}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{1321D838-B670-4AAB-B316-D1EBFC8E7B80}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{148E8D97-FC1C-41A4-80AF-358FBEA7276C}" = protocol=58 | dir=out | [email protected],-28546 |
    "{18411596-9EEC-466B-8D72-0C8490E44F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{1883D411-7EC7-4E72-9CE8-A2B73CC32E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
    "{1D162C0E-4783-4B00-BF33-D515DF41D3A6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{24AE9A82-F358-4031-A379-3D829DE38693}" = protocol=17 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe |
    "{2987D715-2C46-4EB7-B958-E822BDE7EA84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2FAB7F8B-4311-4916-A112-A784442F941F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{3088F91E-29C2-4065-AC0C-90A126908BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
    "{31A18812-A6A8-4855-A22D-1855EE3503CC}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
    "{335CDC96-66ED-4026-96CD-A4DB5006CF52}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{34AB455E-7375-4AF4-9BD1-E6A695EAF168}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{387071A9-6FF4-405A-AB73-D4BD3E69BBC0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{398203DA-20FD-4173-B9B7-A3BD5608D013}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3B199B40-162A-447D-91E5-5D67E5605AAE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{3DC07E41-FE09-4EA0-89A2-AB514B21F825}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{4074498A-BEB1-43BB-B938-1DD35EF9C412}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{4084408C-7C25-4F83-9222-347E9620CA0B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{4133BCEA-CF36-4CA6-91FF-490BA2C85C28}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4207B47A-C0AD-4A48-8BFB-525CAD43D3D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{4B53C515-5E66-44A0-83E4-4EDAA34E9729}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{52BE3AB9-6E23-432D-BC28-5063EA73C888}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{566DAE26-E236-461A-AB8A-453470D0223E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5CEF5142-0D6B-4A1D-B104-6650C6488515}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{5CFB3A8A-9273-4473-857A-B5E739E15CB4}" = protocol=6 | dir=out | app=system |
    "{63554F39-0AEA-47FD-AA1B-1409F07D1920}" = protocol=58 | dir=in | [email protected],-28545 |
    "{6C672EEB-F617-43B1-B40B-0947740B254D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{6E95A8FF-CEBC-4079-88E1-9108BB4FDFCF}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{70544B32-C709-477A-B4A9-CA6E94E4460D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{78FB959A-F6D8-4E05-98E3-B66CF1F989FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8A92D7C4-F83F-4254-ABEB-494AA033B2F5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{8BF0007A-7AA6-46A5-940F-A309E3A4B32C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{8E3174D1-860D-4FAD-A36E-3EA3DB886F85}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{8EA9041D-352C-43B4-ADD8-E6C1BDC4FEE9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{912DC427-FDD1-4F74-86EB-B9E7BAB6653C}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
    "{926C4F12-99B5-42CC-A06A-76BE0557C59E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{9296F18D-9768-459F-BDF1-826C0906D50A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{97ACEEFC-C48D-4A44-A6CC-FF37787DA1F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{9BA8B30F-A15D-4E21-BD79-742EB466F1A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A181AEDF-E2C2-474C-9AFD-966BBBD78E87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AEB81B8A-08E0-4DB9-B470-943799CEE838}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
    "{B0FDA6FD-FFB7-4ADE-B57E-72C75DC9B49E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B1B5A62E-5E79-4E24-9516-0CA1A772382A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B1F074A3-99AC-4FAF-AE6E-6A4C71327DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{B4701533-77BF-48F9-A1B8-6CC0BAE89E46}" = dir=in | app=c:\users\tracy\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{B49C56C9-04FF-497F-87C8-CEB069CBDE85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{B98F2776-F853-4276-84B1-2146BD86F99D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{BF51B109-2613-4DC7-BE28-65D7AC752188}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{C7E170A7-C19F-4E32-B342-DAC94A52943D}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
    "{DAF72F4B-E913-452C-BCD5-F5DCBE27D251}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{DB0D7C2A-3985-4A4A-8657-38F479E2F669}" = protocol=1 | dir=in | [email protected],-28543 |
    "{E07E2501-323F-41F2-9C60-1F29E51A87BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E9BE28A1-ACBE-49E0-9FAE-81B84B471D98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EF0E4762-C121-4827-AE78-465369652242}" = protocol=1 | dir=out | [email protected],-28544 |
    "{F1772E87-4FA4-4435-BEAF-BAA30DADCE18}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{F49AC23C-91F0-45B5-A350-277E16AB34BA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    "{F4CDA6D6-307C-4CD1-B419-D581F4DF3007}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F8BDE8BF-82AB-4729-8E37-CE9997651812}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FA90F8C7-64D0-4018-B4D8-26B682D9FBEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{22ED43A9-ECD2-4E8D-B8CF-0C8FD1C25F2F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{52268031-9D9E-4D63-B05A-1E02543B8202}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{57BAC338-C6FD-4E7E-8B2E-B0B2A841EF2E}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
    "TCP Query User{66AFED31-3620-4AC5-B213-E824192D1ECF}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe |
    "TCP Query User{6A452CA4-200C-4147-BDED-FC4C656FE345}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe |
    "TCP Query User{9F7FC054-FE43-46D2-9940-EE8CFB2209D2}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{A2F6B395-4A14-4769-8B7B-8445C43E0F32}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{EC748161-E7A6-4E7A-BF9C-558BACD11613}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
    "TCP Query User{F09AF48D-59DB-4EA8-9461-41AD6F87808F}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
    "UDP Query User{0E642DAD-2D36-4A1C-87A0-926727FE3E83}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{28B9CC6E-2582-43C6-B217-A68083E91B2D}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
    "UDP Query User{29F16CF3-34E7-4974-8B98-2850158AB55C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{5DFDE98D-6265-4C14-8A0C-8F8D247BF2CA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{87371653-9E8F-4E45-B155-E610A4AB036D}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
    "UDP Query User{8C2B9BB5-0578-449D-A06E-7A7E33A8BA58}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{9EC1BC3D-ACFB-45BE-8B70-4F825C974609}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe |
    "UDP Query User{B380D459-0387-42F9-ADDC-E6AB98154131}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe |
    "UDP Query User{F0B247B4-EDE2-4B4A-B987-C62C63D51B0B}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{3C1F302A-CC25-488D-9C24-A76B95BC916F}" = Nitro Reader 3
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
    "AVG" = AVG 2013
    "EPSON XP-205 207 Series" = EPSON XP-205 207 Series Printer Uninstall
    "EPSON XP-302 303 305 306 Series" = EPSON XP-302 303 305 306 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
    "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
    "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{14021E77-2FC1-4972-8C51-08808CD62838}_is1" = Leawo MP4 Converter version 5.0.0.0
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
    "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2EB28256-1D66-49F1-AF66-691BF9A27C79}" = Camtasia Studio 8
    "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
    "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6AB3FD47-7FF0-4BDA-B61D-702330C561B5}" = Facebook Video Calling 1.0.0.7367
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
    "{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
    "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
    "{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
    "{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
    "{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
    "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
    "{BB42C935-456E-4A6C-B357-FDEE7A59FE21}" = exPressit SE
    "{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
    "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C38FC27A-C586-44F6-A47D-6193FB3024AB}" = Prezi Desktop
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
    "{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
    "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.199.107
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ECCF7B94-E936-34F2-07D7-AFFD0FAAA387}" = Balsamiq Mockups For Desktop
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "EPSON Scanner" = EPSON Scan
    "EPSON XP-205 207 Series Netg" = Network Guide EPSON XP-205 207 Series
    "EPSON XP-205 207 Series Useg" = User's Guide EPSON XP-205 207 Series
    "EPSON XP-302 303 305 306 Series Bog" = Basic Operation Guide EPSON XP-302 303 305 306 Series
    "EPSON XP-302 303 305 306 Series Netg" = Network Guide EPSON XP-302 303 305 306 Series
    "EPSON XP-302 303 305 306 Series Useg" = User's Guide EPSON XP-302 303 305 306 Series
    "Flash2X Flash Player_is1" = Flash2X Flash Player version 3.0.2
    "Google Chrome" = Google Chrome
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "LManager" = Launch Manager
    "Mozilla Firefox 18.0.2 (x86 en-GB)" = Mozilla Firefox 18.0.2 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "O2 Broadband" = O2 Broadband
    "Office14.PRJPRO" = Microsoft Project Professional 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PandoraRecovery" = PandoraRecovery (Remove Only)
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "SP_f2a323db" = BrowseToSave 1.74
    "VLC media player" = VLC media player 0.9.8a
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "GoToMeeting" = GoToMeeting 5.4.0.1082

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 18/10/2012 00:47:06 | Computer Name = Tracy1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 23945717

    Error - 18/10/2012 00:47:07 | Computer Name = Tracy1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 18/10/2012 00:47:07 | Computer Name = Tracy1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 23946887

    Error - 18/10/2012 00:47:07 | Computer Name = Tracy1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 23946887

    Error - 18/10/2012 00:47:08 | Computer Name = Tracy1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 18/10/2012 00:47:08 | Computer Name = Tracy1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 23947885

    Error - 18/10/2012 00:47:08 | Computer Name = Tracy1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 23947885

    Error - 18/10/2012 00:47:15 | Computer Name = Tracy1 | Source = Google Update | ID = 20
    Description =

    Error - 19/10/2012 14:07:58 | Computer Name = Tracy1 | Source = Google Update | ID = 20
    Description =

    Error - 21/10/2012 14:00:01 | Computer Name = Tracy1 | Source = Windows Backup | ID = 4103
    Description =

    [ System Events ]
    Error - 22/02/2013 05:04:00 | Computer Name = Tracy1 | Source = Service Control Manager | ID = 7022
    Description = The Windows Search service hung on starting.

    Error - 22/02/2013 05:06:30 | Computer Name = Tracy1 | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.

    Error - 22/02/2013 13:57:26 | Computer Name = Tracy1 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 23/02/2013 12:49:45 | Computer Name = Tracy1 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 23/02/2013 12:49:58 | Computer Name = Tracy1 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/02/2013 10:56:59 | Computer Name = Tracy1 | Source = BROWSER | ID = 8032
    Description =

    Error - 24/02/2013 11:45:03 | Computer Name = Tracy1 | Source = bowser | ID = 8003
    Description =

    Error - 24/02/2013 12:21:20 | Computer Name = Tracy1 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/02/2013 12:22:43 | Computer Name = Tracy1 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/02/2013 12:22:51 | Computer Name = Tracy1 | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5


    < End of report >



    # AdwCleaner v2.113 - Logfile created 02/24/2013 at 16:20:07
    # Updated 23/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Tracy - TRACY1
    # Boot Mode : Normal
    # Running from : C:\Users\Tracy\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : RelevantKnowledge

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\RelevantKnowledge
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Browse2save
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
    Folder Deleted : C:\ProgramData\RightClick
    Folder Deleted : C:\Users\Tracy\AppData\Local\Babylon
    Folder Deleted : C:\Users\Tracy\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\Tracy\AppData\LocalLow\Browse2save
    Folder Deleted : C:\Users\Tracy\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\extensions\[email protected]
    Folder Deleted : C:\Users\Tracy\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\Tracy\AppData\Roaming\yourfiledownloader

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\sprote~1.dll
    Key Deleted : HKCU\Software\AppDataLow\SProtector
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D10CE1F-A14A-7463-F326-8F0C6A8BEA5F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D10CE1F-A14A-7463-F326-8F0C6A8BEA5F}
    Key Deleted : HKCU\Software\YourFileDownloader
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D10CE1F-A14A-7463-F326-8F0C6A8BEA5F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D10CE1F-A14A-7463-F326-8F0C6A8BEA5F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
    Key Deleted : HKLM\Software\YourFileDownloader

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.17197

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-GB)

    File : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\prefs.js

    Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Deleted : user_pref("aol_toolbar.default.search.check", false);
    Deleted : user_pref("extensions.5120eb1406d6c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
    Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife");
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife");
    Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=6[...]
    Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=686&abc=ff1&r=[...]
    Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

    -\\ Google Chrome v25.0.1364.97

    File : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [4258 octets] - [24/02/2013 16:20:07]

    ########## EOF - C:\AdwCleaner[S1].txt - [4318 octets] ##########
     
  5. TechieRanger

    TechieRanger

    Joined:
    Nov 1, 2012
    Messages:
    505
    Thanks for the update.:)(y)

    ComboFix is a very powerful tool. It is not recommended to run ComboFix without expert guidance.

    If a ComboFix log was produced, please post that.

    ComboFix logs are located at c:\ComboFix.txt, while older logs are at c:\qoobox\ComboFix2.txt, c:\qoobox\ComboFix3.txt, etc.

    Next

    Please go to VirusTotal.

    • Click Choose File and browse to the file listed below in bold and click Scan it!.

      C:\B2269A398CA7
    • There might be a short wait.
    • Select Reanalyse file and post back with the results of the scan.
    • Do the same for:

      C:\BBE5D4D1340F
      C:\4BA50CC0126D
      C:\37DE66D910DB

    Next

    Please run OTL.exe.

    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL 
    FF - prefs.js..browser.search.defaultenginename: "EasyLife"
    FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
    FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
    FF - prefs.js..browser.search.defaulturl:  "http://search.easylifeapp.com/?pid=686&abc=ff1&r=2013/02/17&hid=882856990&lg=EN&cc=IE&l=1&q="
    FF - prefs.js..browser.search.order.1: "EasyLife"
    FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
    [2013/02/17 14:09:11 | 000,000,580 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\searchplugins\EasyLife.xml 
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
    O4:64bit: - HKLM..\Run: [] File not found 
    O4 - Startup: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = File not found 
    O4 - HKLM..\Run: [] File not found 
    O33 - MountPoints2\{438a8745-4379-11e2-979e-90a4de28483e}\Shell - "" = AutoRun 
    O33 - MountPoints2\{438a8745-4379-11e2-979e-90a4de28483e}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
    O33 - MountPoints2\{ad1a7f41-4300-11e2-8b99-206a8a376313}\Shell - "" = AutoRun 
    O33 - MountPoints2\{ad1a7f41-4300-11e2-8b99-206a8a376313}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
    O33 - MountPoints2\{ad1a7f52-4300-11e2-8b99-206a8a376313}\Shell - "" = AutoRun 
    O33 - MountPoints2\{ad1a7f52-4300-11e2-8b99-206a8a376313}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
    [2013/01/17 15:11:47 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Yammer 
    [2013/02/17 14:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife 
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4D066AD2 
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE 
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D 
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0 
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 
     
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot when it is done.
    • Then post the results of the log it produces.

    In your next reply, please provide the following:

    • ComboFix log.
    • VirusTotal results.
    • OTL Fix log.
    • Description of how your PC is running.




    Regards,

    Richard:D
     
  6. Tracy100

    Tracy100 Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    11
    Helo again :D

    Sorry for the delay!

    Ok I tried doing the virustotal scans but when I clicked browse and searched for the c:/ files I only came up with the same OTl.txt document for all of them. I did the scan on that and this is the results:

    SHA256: 3437f91bd15837514cd485546e94af2f1fa73a392594081e1478e3eefc51718b SHA1: a4ae5d7d9124d0d340684261e66f078540e9b586 MD5: c8070ede2f4f1cfc556d769d9d5dacfc File size: 178.6 KB ( 182924 bytes ) File name: OTL.Txt File type: MP3 Tags: mp3 Detection ratio: 0 / 44 Analysis date: 2013-02-27 20:24:22 UTC ( 26 minutes ago )
    Next I did the OTL.exe and this is the result:


    All processes killed
    ========== OTL ==========
    Prefs.js: "EasyLife" removed from browser.search.defaultenginename
    Prefs.js: S", "EasyLife" removed from browser.search.defaultenginename,S
    Prefs.js: S", "EasyLife" removed from browser.search.selectedEngine,S
    Prefs.js: "http://search.easylifeapp.com/?pid=686&abc=ff1&r=2013/02/17&hid=882856990&lg=EN&cc=IE&l=1&q=" removed from browser.search.defaulturl
    Prefs.js: "EasyLife" removed from browser.search.order.1
    Prefs.js: S", "EasyLife" removed from browser.search.order.1,S
    C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\6sh7mn0f.default\searchplugins\EasyLife.xml moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{438a8745-4379-11e2-979e-90a4de28483e}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438a8745-4379-11e2-979e-90a4de28483e}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{438a8745-4379-11e2-979e-90a4de28483e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438a8745-4379-11e2-979e-90a4de28483e}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1a7f41-4300-11e2-8b99-206a8a376313}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1a7f41-4300-11e2-8b99-206a8a376313}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1a7f41-4300-11e2-8b99-206a8a376313}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1a7f41-4300-11e2-8b99-206a8a376313}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1a7f52-4300-11e2-8b99-206a8a376313}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1a7f52-4300-11e2-8b99-206a8a376313}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad1a7f52-4300-11e2-8b99-206a8a376313}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad1a7f52-4300-11e2-8b99-206a8a376313}\ not found.
    File F:\AutoRun.exe not found.
    C:\Users\Tracy\AppData\Roaming\Yammer\Local Store\logs folder moved successfully.
    C:\Users\Tracy\AppData\Roaming\Yammer\Local Store\#SharedObjects\RemotePage.html folder moved successfully.
    C:\Users\Tracy\AppData\Roaming\Yammer\Local Store\#SharedObjects folder moved successfully.
    C:\Users\Tracy\AppData\Roaming\Yammer\Local Store\#ApplicationUpdater folder moved successfully.
    C:\Users\Tracy\AppData\Roaming\Yammer\Local Store folder moved successfully.
    C:\Users\Tracy\AppData\Roaming\Yammer folder moved successfully.
    C:\Program Files (x86)\EasyLife folder moved successfully.
    ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
    ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
    ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
    ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
    ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
    ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
    ADS C:\ProgramData\Temp:798A3728 deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users


    I haven't done a combo fix and therefore there is no log on my computer, I am not sure if you want me to do one or not?

    As for my computer..it seems an awful lot better! Earlier today I came across one of the pages I was browsing had hyperlinks on random words and when I hoovered over them a little yello tag came appeared which said "powered by browsetobuy" or something very close to that wording. I haven't come across that since so hopefully that is a good sign.

    Thanks :)
    Tracy
     
  7. Tracy100

    Tracy100 Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    11
    I am actually looking through my list of programmes in my control panel - pogrammes - programme and features and I have ust found one listed as browes to save.

    I am not sure what this is, I am assuming it is an extention of the browsetobuy I've been seeing on the hyperlinked words on webpages.



    I hope this is of use to you

    Thanks

    Tracy
     
  8. TechieRanger

    TechieRanger

    Joined:
    Nov 1, 2012
    Messages:
    505
    No worries. Thanks for the update.:D

    In the logs you have provided, ComboFix seems to have been used on 2013/02/21 and encountered problems. :cool:

    ComboFix creates folders named 32788R22FWJFW on drive C: after failed attempts to run.:)

    If you have uninstalled ComboFix then hidden files are not visible anymore. We will unhide them in the next step.;)(y)

    Next

    Unhide hidden files

    • Open the Control Panel, click Appearance and Personalization, and then click Folder Options.
    • Click the View tab.
    • Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.

    Next

    Please go to VirusTotal.

    • Click Choose File and browse to the file listed below in bold and click Scan it!.

      C:\B2269A398CA7
    • There might be a short wait.
    • Select Reanalyse file and post back with the results of the scan.
    • Do the same for:

      C:\BBE5D4D1340F
      C:\4BA50CC0126D
      C:\37DE66D910DB

    Next

    Please remove the following items:

    • Click on Start > Control Panel.
    • Click on Programs and Features.
    • Select the following from the list:


      Java 7 Update 9
      Java(tm) 6 Update 31
      BrowseToSave 1.74
    • Click the Uninstall button.

    In your next reply, please provide the following:

    • VirusTotal results.
    • Description of how your PC is running.




    Regards,

    Richard:D
     
  9. TechieRanger

    TechieRanger

    Joined:
    Nov 1, 2012
    Messages:
    505
    It has been two days or more since my last post. Do you still need help or more time?:)



    Regards,

    Richard:cool:
     
  10. Tracy100

    Tracy100 Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    11
    Hi Richard, Thanks for your reply.

    Here are the results of the scans and I removed those items.

    C:\B2269A398CA7

    HA256: f2e9bd44950f7da76a469f365191df320a3d801a0c0eecafa5549c21db8ca4db SHA1: 4a36cf626401bb43d2a0525212649a379a24403a MD5: 939dfe12c1cd0771d5536dbddf0d7e3b File size: 112 bytes ( 112 bytes ) File name: B2269A398CA7 File type: unknown Detection ratio: 0 / 46 Analysis date: 2013-03-05 12:25:18 UTC ( 0 minutes ago ) [​IMG]
    0


    0




    Less details

    Antivirus Result Update Agnitum - 20130305 AhnLab-V3 - 20130305 AntiVir - 20130305 Antiy-AVL - 20130305 Avast - 20130305 AVG - 20130305 BitDefender - 20130305 ByteHero - 20130304 CAT-QuickHeal - 20130305 ClamAV - 20130304 Commtouch - 20130305 Comodo - 20130305 DrWeb - 20130305 Emsisoft - 20130305 eSafe - 20130211 ESET-NOD32 - 20130305 F-Prot - 20130305 F-Secure - 20130305 Fortinet - 20130305 GData - 20130305 Ikarus - 20130305 Jiangmin - 20130304 K7AntiVirus - 20130304 Kaspersky - 20130305 Kingsoft - 20130304 Malwarebytes - 20130305 McAfee - 20130305 McAfee-GW-Edition - 20130305 Microsoft - 20130305 MicroWorld-eScan - 20130305 NANO-Antivirus - 20130305 Norman - 20130305 nProtect - 20130305 Panda - 20130304 PCTools - 20130305 Rising - 20130305 Sophos - 20130305 SUPERAntiSpyware - 20130305 Symantec - 20130305 TheHacker - 20130305 TotalDefense - 20130305 TrendMicro - 20130305 TrendMicro-HouseCall - 20130305 VBA32 - 20130305 VIPRE - 20130305 ViRobot - 20130305















    C:\BBE5D4D1340F

    SHA256: 3eebb34eed94e73cd99b6a65ea639ce4bd73933cba8995f01d75223a4f0f6a66 SHA1: 80494275366a6e33952349661cb92afc35283a9e MD5: 3da73bfdb5215dad4fbf716b039fe384 File size: 112 bytes ( 112 bytes ) File name: BBE5D4D1340F File type: unknown Detection ratio: 0 / 46 Analysis date: 2013-03-05 12:24:04 UTC ( 0 minutes ago ) [​IMG]
    0


    0




    Less details

    Antivirus Result Update Agnitum - 20130305 AhnLab-V3 - 20130305 AntiVir - 20130305 Antiy-AVL - 20130305 Avast - 20130305 AVG - 20130305 BitDefender - 20130305 ByteHero - 20130304 CAT-QuickHeal - 20130305 ClamAV - 20130304 Commtouch - 20130305 Comodo - 20130305 DrWeb - 20130305 Emsisoft - 20130305 eSafe - 20130211 ESET-NOD32 - 20130305 F-Prot - 20130305 F-Secure - 20130305 Fortinet - 20130305 GData - 20130305 Ikarus - 20130305 Jiangmin - 20130304 K7AntiVirus - 20130304 Kaspersky - 20130305 Kingsoft - 20130304 Malwarebytes - 20130305 McAfee - 20130305 McAfee-GW-Edition - 20130305 Microsoft - 20130305 MicroWorld-eScan - 20130305 NANO-Antivirus - 20130305 Norman - 20130305 nProtect - 20130305 Panda - 20130304 PCTools - 20130305 Rising - 20130305 Sophos - 20130305 SUPERAntiSpyware - 20130305 Symantec - 20130305 TheHacker - 20130305 TotalDefense - 20130305 TrendMicro - 20130305 TrendMicro-HouseCall - 20130305 VBA32 - 20130305 VIPRE - 20130305 ViRobot - 20130305















    C:\4BA50CC0126D
    SHA256: 3f603c10bf3ca9fc1d95e20e9f71e0d1ed663a40d22582214f80194233b257bb SHA1: 41c0689df5540496f4d053b278b71f14f8f56402 MD5: c800a893be84d76a93d8a708806ec5b6 File size: 112 bytes ( 112 bytes ) File name: 4BA50CC0126D File type: unknown Detection ratio: 0 / 46 Analysis date: 2013-03-05 12:21:31 UTC ( 0 minutes ago ) [​IMG]
    0


    0




    Less details

    Antivirus Result Update Agnitum - 20130305 AhnLab-V3 - 20130305 AntiVir - 20130305 Antiy-AVL - 20130305 Avast - 20130305 AVG - 20130305 BitDefender - 20130305 ByteHero - 20130304 CAT-QuickHeal - 20130305 ClamAV - 20130304 Commtouch - 20130305 Comodo - 20130305 DrWeb - 20130305 Emsisoft - 20130305 eSafe - 20130211 ESET-NOD32 - 20130305 F-Prot - 20130305 F-Secure - 20130305 Fortinet - 20130305 GData - 20130305 Ikarus - 20130305 Jiangmin - 20130304 K7AntiVirus - 20130304 Kaspersky - 20130305 Kingsoft - 20130304 Malwarebytes - 20130305 McAfee - 20130305 McAfee-GW-Edition - 20130305 Microsoft - 20130305 MicroWorld-eScan - 20130305 NANO-Antivirus - 20130305 Norman - 20130305 nProtect - 20130305 Panda - 20130304 PCTools - 20130305 Rising - 20130305 Sophos - 20130305 SUPERAntiSpyware - 20130305 Symantec - 20130305 TheHacker - 20130305 TotalDefense - 20130305 TrendMicro - 20130305 TrendMicro-HouseCall - 20130305 VBA32 - 20130305 VIPRE - 20130305 ViRobot - 20130305

    C:\37DE66D910DB

    SHA256: 9259d67c206076a5ccfb9be657c58c04e31f9aa82a178db4bc871d4367109a15 SHA1: c145953ae2e393e0e738b712b5f709fc1f18ceb2 MD5: 41b5135c0be2b53d600ebe6171bb3a9c File size: 40 bytes ( 40 bytes ) File name: 37DE66D910DB File type: Text Detection ratio: 0 / 46 Analysis date: 2013-03-05 12:22:37 UTC ( 0 minutes ago ) [​IMG]
    0


    0




    Less details

    Antivirus Result Update Agnitum - 20130305 AhnLab-V3 - 20130305 AntiVir - 20130305 Antiy-AVL - 20130305 Avast - 20130305 AVG - 20130305 BitDefender - 20130305 ByteHero - 20130304 CAT-QuickHeal - 20130305 ClamAV - 20130304 Commtouch - 20130305 Comodo - 20130305 DrWeb - 20130305 Emsisoft - 20130305 eSafe - 20130211 ESET-NOD32 - 20130305 F-Prot - 20130305 F-Secure - 20130305 Fortinet - 20130305 GData - 20130305 Ikarus - 20130305 Jiangmin - 20130304 K7AntiVirus - 20130304 Kaspersky - 20130305 Kingsoft - 20130304 Malwarebytes - 20130305 McAfee - 20130305 McAfee-GW-Edition - 20130305 Microsoft - 20130305 MicroWorld-eScan - 20130305 NANO-Antivirus - 20130305 Norman - 20130305 nProtect - 20130305 Panda - 20130304 PCTools - 20130305 Rising - 20130305 Sophos - 20130305 SUPERAntiSpyware - 20130305 Symantec - 20130305 TheHacker - 20130305 TotalDefense - 20130305 TrendMicro - 20130305 TrendMicro-HouseCall - 20130305 VBA32 - 20130305 VIPRE - 20130305 ViRobot - 20130305

    My computer is running nicely now, I could notice it was faster and more fluent after your help the last time.

    Thanks you :)
     
  11. TechieRanger

    TechieRanger

    Joined:
    Nov 1, 2012
    Messages:
    505
    Thanks for the results. ^_^

    COMBOFIX
    ---------------
    Please download ComboFix from one of the following locations:

    • Location #1
    • Location #2
      ***IMPORTANT!!! Save ComboFix.exe to your Desktop.
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
    • Double click on ComboFix.exe and follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Windows Vista/Windows 7, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a Congratulations!!! message.

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    WARNING: ComboFix will disconnect your machine from the Internet as soon as it starts.

    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no internet connection after running ComboFix, then restart your computer to restore back your connection.

    In your next reply, please provide the following:

    • ComboFix log.
    • Update on how your PC is running.




    Regards,

    Richard:D
     
  12. TechieRanger

    TechieRanger

    Joined:
    Nov 1, 2012
    Messages:
    505
    It has been two days or more since my last post. Do you still need help or more time?:)



    Regards,

    Richard:cool:
     
  13. Tracy100

    Tracy100 Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    11
    Hi Richard...very very sorry for the delay, I have been away and busy at work so I wasn't able to reply until now. I am going to do the combo fix now and I will post the results.

    Sorry again and thanks
     
  14. Tracy100

    Tracy100 Thread Starter

    Joined:
    Feb 21, 2013
    Messages:
    11
    Hi Richard...
    Unfortunately I didn't get to run the combo fix last night. I use the internet for work so I can't run it during the day time but I will try and do it asap and get back to you.
    Thanks and sorry for the delay
     
  15. TechieRanger

    TechieRanger

    Joined:
    Nov 1, 2012
    Messages:
    505
    Ok:cool: Thank you for the update.:)(y)



    Regards,

    Richard:D
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090457

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice