1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

google search engine virus?

Discussion in 'Virus & Other Malware Removal' started by sweetcheekies, Feb 13, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. sweetcheekies

    sweetcheekies Thread Starter

    Joined:
    Aug 23, 2001
    Messages:
    1,218
    I have tried using all the methods I can find on the search engines and tried what I could.. the root kit virus removals, malware antibytes, i am running eset nod32.

    I did a hijack log and the others the sticky note suggest i post, so u could see it and maybe see if there is something you can help me with..

    Thanks in advance

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:43:57 PM, on 2/13/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\proXPN\bin\proxpn.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\MamaD\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Adobe PDF Link Helper - {491C440D-305E-0124-0099-0F3E390C7E87} - C:\Windows\SysWOW64\cfgbbkend.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.dell.com
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9575 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by MamaD at 12:47:18 on 2013-02-13
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6038.4111 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\proXPN\bin\proxpn.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\MamaD\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.facebook.com/
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {491C440D-305E-0124-0099-0F3E390C7E87} - C:\Windows\SysWOW64\cfgbbkend.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    mRun: [Driver Genius] <no file>
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Trusted Zone: dell.com
    TCP: NameServer = 192.168.4.1
    TCP: Interfaces\{0CD3B9C8-E5A9-4CF2-B6E8-CAB35F3A1E24} : DHCPNameServer = 192.168.4.1
    TCP: Interfaces\{D340790D-24ED-4181-83EA-D40ED799F43B} : DHCPNameServer = 8.8.8.8 4.2.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: WgaLogon - <no file>
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-10-30 651832]
    R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-30 28216]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-12-21 213416]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-12-12 98208]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-18 1095616]
    R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-18 1333184]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-18 1124288]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-12-21 1333424]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-12-21 139768]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-12 14904]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-1-8 201360]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-12 365376]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-5-21 111104]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-6-9 849408]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-9-21 248624]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-9-21 76592]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-12 317440]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-8 766096]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-14 19456]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-12-12 250984]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-14 57856]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-14 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-12 08:21:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AF48C27-196D-42FF-A9D0-F8E1AD1D678F}\offreg.dll
    2013-02-10 03:46:40 -------- d-----w- C:\Users\MamaD\AppData\Roaming\Melesta
    2013-02-10 00:11:28 -------- d-----w- C:\Program Files (x86)\Green City
    2013-02-07 21:57:48 -------- d-----w- C:\Users\MamaD\AppData\Roaming\Building the Great Wall of China
    2013-02-07 20:05:02 -------- d-----w- C:\Windows\Building the Great Wall of China
    2013-02-07 20:05:02 -------- d-----w- C:\Program Files (x86)\Building the Great Wall of China
    2013-02-07 18:57:18 -------- d-----w- C:\Users\MamaD\AppData\Local\ESET
    2013-02-07 18:30:21 -------- d-----w- C:\Program Files\ESET
    2013-02-03 19:47:22 -------- d-----w- C:\Users\MamaD\AppData\Roaming\LegacyGames
    2013-02-03 19:46:01 -------- d-----w- C:\Program Files (x86)\Legends of Atlantis - Exodus Updated
    2013-01-26 03:57:59 -------- d-----w- C:\Users\MamaD\AppData\Roaming\AlawarEntertainment
    2013-01-26 03:56:11 -------- d-----w- C:\Windows\Meridian Age of Invention
    2013-01-24 21:27:04 -------- d-----w- C:\Users\MamaD\AppData\Roaming\DivoGames
    2013-01-24 21:24:03 -------- d-----w- C:\Windows\Be Richest
    2013-01-24 21:05:55 -------- d-----w- C:\Users\MamaD\AppData\Local\PutLockerDownloader
    2013-01-24 21:05:52 -------- d-----w- C:\ProgramData\Tarma Installer
    2013-01-24 21:05:47 -------- d-----w- C:\Program Files (x86)\PutLockerDownloader
    2013-01-24 21:00:37 -------- d-----w- C:\Windows\SysWow64\1018
    2013-01-24 00:22:41 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AF48C27-196D-42FF-A9D0-F8E1AD1D678F}\mpengine.dll
    2013-01-17 01:34:38 -------- d-----w- C:\Users\MamaD\AppData\Roaming\Anuman
    2013-01-17 01:33:29 -------- d-----w- C:\Windows\Monument Builders 3- Statue of Liberty
    2013-01-17 01:32:46 -------- d-----w- C:\Windows\SysWow64\1017
    .
    ==================== Find3M ====================
    .
    2013-01-29 18:52:31 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2013-01-24 18:51:39 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-24 18:51:39 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-14 00:08:52 419840 ----a-w- C:\Windows\System32\systemcpl.dll
    2013-01-14 00:08:52 14848 ----a-w- C:\Windows\System32\slwga.dll
    2013-01-14 00:08:52 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
    2013-01-14 00:08:51 833024 ----a-w- C:\Windows\SysWow64\user32.dll
    2013-01-14 00:08:51 1008640 ----a-w- C:\Windows\System32\user32.dll
    2012-12-21 18:09:28 139768 ----a-w- C:\Windows\System32\drivers\epfwwfpr.sys
    2012-12-21 18:08:54 150616 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
    2012-12-21 18:08:18 213416 ----a-w- C:\Windows\System32\drivers\eamonm.sys
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-14 21:17:50 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-12-14 21:17:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-12-12 21:29:13 468480 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-12-06 17:11:40 11518976 ----a-w- C:\Windows\System32\drivers\Netwsw00.sys
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    .
    ============= FINISH: 12:48:45.68 ===============
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-13 13:22:19
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006c ATA_____ rev.0002 931.51GB
    Running: 9isw9dvs.exe; Driver: C:\Users\MamaD\AppData\Local\Temp\pgloypow.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000752387b1 4 bytes [C2, 04, 00, 00]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1732] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007762f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007762f99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007762fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007762fa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007762fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007762fb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007762fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007762fbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007762fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007762fc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007762fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007762fc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007762fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007762fc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007762fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007762fc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007762fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007762fcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007762fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007762fd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007762fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007762fd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007762fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007762fdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007762fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007762fe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007762ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007762ff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077630099 8 bytes {MOV EDX, 0x90028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000776300a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077630781 8 bytes {MOV EDX, 0x90268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007763078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077630ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077631007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007763105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077631067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776310a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000776310af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007763111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077631127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077631321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007763132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007523103d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075231072 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000074d6119f 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000074d611cf 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075114de0 5 bytes JMP 00000001000b03b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000075114f70 5 bytes JMP 00000001000b05f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000751151a2 5 bytes JMP 00000001000b08f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SetTextColor 000000007511522d 5 bytes JMP 00000001000b0a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000075115689 5 bytes JMP 00000001000b01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000751158b3 5 bytes JMP 00000001000b0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000075116bad 5 bytes JMP 00000001000b0370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000075116e05 5 bytes JMP 00000001000b0570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000075116ead 5 bytes JMP 00000001000b0530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075117180 5 bytes JMP 00000001000b06b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000075117435 5 bytes JMP 00000001000b0770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075117bcc 5 bytes JMP 00000001000b00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000075117dc4 5 bytes JMP 00000001000b03f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000075117fd5 5 bytes JMP 00000001000b0d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000751182b2 5 bytes JMP 00000001000b0e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000075118401 5 bytes JMP 00000001000b09f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 000000007511879f 5 bytes JMP 00000001000b02f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000075118916 5 bytes JMP 00000001000b05b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000075118b7a 5 bytes JMP 00000001000b0970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000075118ee6 5 bytes JMP 00000001000b0470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000075119875 5 bytes JMP 00000001000b0c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000075119936 5 bytes JMP 00000001000b0d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007511a53a 5 bytes JMP 00000001000b09b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetClipBox 000000007511af9f 5 bytes JMP 00000001000b0330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!LineTo 000000007511b9e5 5 bytes JMP 00000001000b0430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SetICMMode 000000007511bd55 5 bytes JMP 00000001000b0db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007511c040 5 bytes JMP 00000001000b0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007511c107 5 bytes JMP 00000001000b0670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007511c269 5 bytes JMP 00000001000b06f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007511d1f1 5 bytes JMP 00000001000b0df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007511d349 5 bytes JMP 00000001000b0630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007511dce4 5 bytes JMP 00000001000b0930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007511e743 5 bytes JMP 00000001000b00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000751203b7 5 bytes JMP 00000001000b02b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!Escape 0000000075121bda 5 bytes JMP 00000001000b0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000075121e89 5 bytes JMP 00000001000b0cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000075124843 5 bytes JMP 00000001000b0b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000075125690 5 bytes JMP 00000001000b0b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!EndPage 0000000075126bde 5 bytes JMP 00000001000b0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!ResetDCW 000000007512e2db 5 bytes JMP 00000001000b0ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007513940d 5 bytes JMP 00000001000b0cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007513c621 5 bytes JMP 00000001000b0bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007513d2b2 5 bytes JMP 00000001000b0bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007513d919 5 bytes JMP 00000001000b0c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075143adc 5 bytes JMP 00000001000b0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075143f29 5 bytes JMP 00000001000b01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!StartPage 000000007514401a 5 bytes JMP 00000001000b0730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075144c51 5 bytes JMP 00000001000b07f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000751453fd 5 bytes JMP 00000001000b0830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075145454 5 bytes JMP 00000001000b0af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000751454af 5 bytes JMP 00000001000b0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!EndPath 0000000075145506 5 bytes JMP 00000001000b0a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007514573f 5 bytes JMP 00000001000b07b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!FillPath 00000000751457d2 5 bytes JMP 00000001000b0870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075145c44 5 bytes JMP 00000001000b04f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075145cd5 5 bytes JMP 00000001000b04b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075145d87 5 bytes JMP 00000001000b08b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007563819d 5 bytes JMP 00000001000c0570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007563c55d 5 bytes JMP 00000001000c02b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000756405ff 5 bytes JMP 00000001000c02f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000756408e5 7 bytes JMP 00000001000c05b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetParent 0000000075640b0e 7 bytes JMP 00000001000c06f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075640cd5 7 bytes JMP 00000001000c06b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075640f14 5 bytes JMP 00000001000c05f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000756427db 7 bytes JMP 00000001000c0630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007564361b 7 bytes JMP 00000001000c0670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075644076 5 bytes JMP 00000001000c0530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000075647a54 7 bytes JMP 00000001000c0730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000756487c9 5 bytes JMP 00000001000c00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000756487e9 5 bytes JMP 00000001000c0330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000756491f4 5 bytes JMP 00000001000c00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000075649232 5 bytes JMP 00000001000c0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000075649485 5 bytes JMP 00000001000c04f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007564b779 5 bytes JMP 00000001000c01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007564b798 5 bytes JMP 00000001000c03f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007564b7b6 5 bytes JMP 00000001000c01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007564b7e6 5 bytes JMP 00000001000c04b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007564cee9 5 bytes JMP 00000001000c0370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000075650880 5 bytes JMP 00000001000c0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007565ec67 5 bytes JMP 00000001000c0430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 000000007565f66f 5 bytes JMP 00000001000c0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075678de7 5 bytes JMP 00000001000c0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075679c8d 5 bytes JMP 00000001000c0770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075679f3b 5 bytes JMP 00000001000c0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075697e49 5 bytes JMP 00000001000c0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000756982a1 5 bytes JMP 00000001000c0470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000756984bf 5 bytes JMP 00000001000c03b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074d09606 5 bytes JMP 00000001000d00f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074d10581 5 bytes JMP 00000001000d0130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074d10bb9 5 bytes JMP 00000001000d0270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074d10c2e 5 bytes JMP 00000001000d01b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074d10f2e 5 bytes JMP 00000001000d0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074d11096 5 bytes JMP 00000001000d00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074d1124e 5 bytes JMP 00000001000d01f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074d1129d 5 bytes JMP 00000001000d0230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074d11527 5 bytes JMP 00000001000d0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074d11590 5 bytes JMP 00000001000d0170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075430045 5 bytes JMP 00000001000e0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000754336b2 5 bytes JMP 00000001000e0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007545fdcd 5 bytes JMP 00000001000e00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075643f54 5 bytes JMP 00000001727e9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075652a3e 5 bytes JMP 0000000172938fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075652a62 5 bytes JMP 0000000172741893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007567cc1a 5 bytes JMP 0000000172938f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007567cf72 5 bytes JMP 000000017293901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007568fd61 5 bytes JMP 0000000172938ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007568fe2d 5 bytes JMP 0000000172938e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007568fe66 5 bytes JMP 0000000172938dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007568fe8a 5 bytes JMP 0000000172938d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076a693ec 5 bytes JMP 00000001729391d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007257388e 5 bytes JMP 0000000072939080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072617922 5 bytes JMP 0000000072939128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[352] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076ce2694 5 bytes JMP 00000001729393c8
    ? C:\Windows\system32\mssprxy.dll [352] entry point in ".rdata" section 00000000649271e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000776425fd 6 bytes JMP 0000000172808042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077652a63 6 bytes JMP 00000001727a9805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000752334b5 5 bytes JMP 00000001727a75db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075638b9a 5 bytes JMP 00000001728103cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007563a5e6 5 bytes JMP 00000001727b363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075643f54 5 bytes JMP 00000001727e9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000756506b3 5 bytes JMP 00000001727e25ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075652a3e 5 bytes JMP 0000000172938fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075652a62 5 bytes JMP 0000000172741893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!CallNextHookEx 000000007565f006 5 bytes JMP 0000000172807fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075660efc 5 bytes JMP 000000017282ed00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007567cc1a 5 bytes JMP 0000000172938f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007567cf72 5 bytes JMP 000000017293901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007568fd61 5 bytes JMP 0000000172938ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007568fe2d 5 bytes JMP 0000000172938e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007568fe66 5 bytes JMP 0000000172938dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007568fe8a 5 bytes JMP 0000000172938d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000753d6143 5 bytes JMP 0000000172939784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076a03e59 5 bytes JMP 000000017293987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076a03eae 5 bytes JMP 00000001729398fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076a04731 5 bytes JMP 00000001729397ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076a05dee 5 bytes JMP 000000017293989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076a693ec 5 bytes JMP 00000001729391d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007257388e 5 bytes JMP 0000000072939080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072617922 5 bytes JMP 0000000072939128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3860] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076ce2694 5 bytes JMP 00000001729393c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000776425fd 6 bytes JMP 0000000172808042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077652a63 6 bytes JMP 00000001727a9805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000752334b5 5 bytes JMP 00000001727a75db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075638b9a 5 bytes JMP 00000001728103cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007563a5e6 5 bytes JMP 00000001727b363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075643f54 5 bytes JMP 00000001727e9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000756506b3 5 bytes JMP 00000001727e25ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075652a3e 5 bytes JMP 0000000172938fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075652a62 5 bytes JMP 0000000172741893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!CallNextHookEx 000000007565f006 5 bytes JMP 0000000172807fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075660efc 5 bytes JMP 000000017282ed00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007567cc1a 5 bytes JMP 0000000172938f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007567cf72 5 bytes JMP 000000017293901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007568fd61 5 bytes JMP 0000000172938ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007568fe2d 5 bytes JMP 0000000172938e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007568fe66 5 bytes JMP 0000000172938dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007568fe8a 5 bytes JMP 0000000172938d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000753d6143 5 bytes JMP 0000000172939784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076a03e59 5 bytes JMP 000000017293987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076a03eae 5 bytes JMP 00000001729398fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076a04731 5 bytes JMP 00000001729397ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076a05dee 5 bytes JMP 000000017293989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076a693ec 5 bytes JMP 00000001729391d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007257388e 5 bytes JMP 0000000072939080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000072617922 5 bytes JMP 0000000072939128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5776] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076ce2694 5 bytes JMP 00000001729393c8

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef97e2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef97e2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef97e7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef97e8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef97e1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef97e1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef97e81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef97e2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef97e7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef97e6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef97e77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef97e7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef97e6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1164] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef97e5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3664:3640] 000007fefba92a7c
    Thread C:\Windows\System32\svchost.exe [4176:4992] 000007fef2be9688

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb424c551c
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb424c551c (not active ControlSet)
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\temp\aulauncher.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Users\MamaD\Downloads\Monument Builders 3 \x2013 Statue of Liberty\Monument Builders 3 \x2013 Statue of Liberty.exe 1

    ---- EOF - GMER 2.0 ----
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have not posted the Attach.txt log from DDS, please do so, it should be on your desktop.

    I am guessing that you are getting redirects using Google, you didn't actually explain what was happening. Please confirm if the problem is happening on any other browser and if you have any other performance issues.

    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  3. sweetcheekies

    sweetcheekies Thread Starter

    Joined:
    Aug 23, 2001
    Messages:
    1,218
    sorry here is the attach.txt from dds and the other two reports

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/12/2012 6:50:45 PM
    System Uptime: 2/13/2013 11:45:47 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0YH79Y
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU | 775/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 880.169 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP42: 1/23/2013 7:22:01 PM - Windows Update
    RP43: 1/31/2013 5:57:05 PM - Scheduled Checkpoint
    RP44: 2/10/2013 11:14:07 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Building the Great Wall of China
    CleanMyPC - Registry Cleaner
    D3DX10
    Dell Support Center
    Dell System Detect
    Dell Touchpad
    Digital Line Detect
    Driver Genius
    EasyBCD 2.2
    eReg
    ESET NOD32 Antivirus
    Fresco Logic USB3.0 Host Controller
    Green City
    IncrediMail
    IncrediMail 2.0
    IncrediMail JunkFilter Plus
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor 2.0
    Intel® Trusted Connect Service Client
    Java(TM) 6 Update 21 (64-bit)
    JunkFilterPlus
    Legends of Atlantis - Exodus Updated
    Logitech SetPoint 6.51
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Modem Diagnostic Tool
    Movie Maker
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    Photo Common
    Photo Gallery
    proXPN 2.5.2
    Quickset64
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Skype Click to Call
    Skype&#8482; 6.0
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip 15.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/7/2013 1:30:59 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/6/2013 12:59:21 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    .
    ==== End Of File ===========================

    RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : MamaD [Admin rights]
    Mode : Scan -- Date : 02/14/2013 16:48:47
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
    [TASK][ROGUE ST] 4629 : wscript.exe C:\Users\MamaD\AppData\Local\Temp\launchie.vbs //B -> FOUND
    [TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\MamaD\AppData\Local\gameflakeSA\bin\1.0.10.0\GameFlakeSA.exe" [x] -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ATA ST1000LM024 HN-M SCSI Disk Device +++++
    --- User ---
    [MBR] 4755528d43c9be517091d63e5cef2a76
    [BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02142013_02d1648.txt >>
    RKreport[1]_S_02142013_02d1648.txt



    # AdwCleaner v2.112 - Logfile created 02/14/2013 at 16:37:55
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : MamaD - MAMAD-PC
    # Boot Mode : Normal
    # Running from : C:\Users\MamaD\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\Babylon.lnk
    File Deleted : C:\Windows\Tasks\AmiUpdXp.job
    Folder Deleted : C:\Program Files (x86)\Babylon
    Folder Deleted : C:\Program Files (x86)\BabylonToolbar
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\Program Files\Babylon
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\MamaD\AppData\Local\Babylon
    Folder Deleted : C:\Users\MamaD\AppData\Local\Conduit
    Folder Deleted : C:\Users\MamaD\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\MamaD\AppData\Local\Temp\Babylon
    Folder Deleted : C:\Users\MamaD\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\MamaD\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\MamaD\AppData\Roaming\Mozilla\Firefox\Profiles\oq6mr9xh.default\extensions\[email protected]
    Folder Deleted : C:\Users\MamaD\AppData\Roaming\Mozilla\Firefox\Profiles\oq6mr9xh.default\extensions\[email protected]

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Babylon
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\b
    Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
    Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
    Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\MamaD\AppData\Roaming\Mozilla\Firefox\Profiles\oq6mr9xh.default\prefs.js

    C:\Users\MamaD\AppData\Roaming\Mozilla\Firefox\Profiles\oq6mr9xh.default\user.js ... Deleted !

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\MamaD\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [2630 octets] - [13/02/2013 12:39:21]
    AdwCleaner[S1].txt - [384 octets] - [13/02/2013 12:40:22]
    AdwCleaner[S2].txt - [12553 octets] - [14/02/2013 16:37:55]

    ########## EOF - C:\AdwCleaner[S2].txt - [12614 octets] ##########

    ty for help
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You didn't answer this:
    Please reply to this and tell me if anything has improved since running ADWCleaner.



    Please run RogueKiller again, after the pre-scan completes hit the Scan Button, when that completes hit the Delete button, then hit the Report button and post the log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089344

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice