HeurEngine.ZeroDayThreat, Computer slower than normal, videos/music freezing

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
I’m having lots of problems with my computer acting up lately, windows not responding and restarting, firefox not responding, videos and music freezing,fans randomly speeding up and getting really loud (my coworker asks when my laptop is going to take off my fans get so loud) etc and the other day PC Doctor said it found the HeurEngine.ZeroDayThreat and blocked it, but didn’t say anything about it being removed.
Even after it blocked it, my computer is still acting weird…Word has frozen SIX times while typing this so far!
I have three HiJackThis logs because the first one ended with a warning that “for some reason your system denied write access to the host files…” and restarted and scanned again. Then while running DDS program my computer randomly shutdown and restarted, so I rescanned with HJT just in case it would show something…
HJT #1:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:38 PM, on 1/16/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files (x86)\gPhotoShow\ControlSS.exe
C:\Program Files (x86)\Jumi\jumi.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\2talll\Downloads\HijackThis.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/ble...FD9DEC75EF61A6204FE4FBE8FF&tbp=homepage&v=2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
O4 - HKLM\..\Run: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
O4 - HKCU\..\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'Default user')
O4 - Startup: Dropbox.lnk = 2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 21393 bytes
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
Forum wouldn't let me post all at once so I guess I'll post each log separately, sorry.

HJT #2:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:36 AM, on 1/16/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\gPhotoShow\ControlSS.exe
C:\Program Files (x86)\Jumi\jumi.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\PCPitstop\PC Matic\PCMatic.exe
C:\Users\2talll\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/ble...FD9DEC75EF61A6204FE4FBE8FF&tbp=homepage&v=2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
O4 - HKLM\..\Run: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
O4 - HKCU\..\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'Default user')
O4 - Startup: Dropbox.lnk = 2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 21422 bytes
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
HJT #3:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:38 PM, on 1/16/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files (x86)\gPhotoShow\ControlSS.exe
C:\Program Files (x86)\Jumi\jumi.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\2talll\Downloads\HijackThis.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/ble...FD9DEC75EF61A6204FE4FBE8FF&tbp=homepage&v=2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
O4 - HKLM\..\Run: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
O4 - HKCU\..\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'Default user')
O4 - Startup: Dropbox.lnk = 2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 21393 bytes
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17153 BrowserJavaVersion: 1.6.0_35
Run by 2talll at 12:56:00 on 2013-01-16
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.5942.3494 [GMT -5:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\gPhotoShow\ControlSS.exe
C:\Program Files (x86)\Jumi\jumi.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\sdclt.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=E3CEACFD9DEC75EF61A6204FE4FBE8FF&tbp=homepage&v=2_0
mStart Page = hxxp://www.google.com
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
dURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
uRun: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
StartupFolder: C:\Users\2talll\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\2talll\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\140535D27457563747 : DHCPNameServer = 10.12.1.29 10.12.1.19
TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\14E637F6E69616 : DHCPNameServer = 10.12.1.29 10.12.1.19
TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\234716C6C6C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\C696E6B6379737 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\E4544574541425D22343D274 : DHCPNameServer = 192.168.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
x64-Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\2talll\AppData\Roaming\Mozilla\Firefox\Profiles\w78q3sfb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=3&q={searchTerms}&CUI=UN93946749887457599
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-03-26 11:07; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-12-4 426616]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-12-4 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-12-4 1096176]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 30568]
R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2010-1-29 20056]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2011-12-4 251560]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\amppal.sys [2012-1-9 195584]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-1-15 96896]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-10-2 10342240]
R3 jumi;%Jumi%;C:\Windows\System32\drivers\jumi.sys [2010-6-3 15160]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2011-12-4 85224]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\amppal.sys [2012-1-9 195584]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-22 48488]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-9-25 7680512]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S4 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-12-4 341200]
S4 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-12-4 92928]
.
=============== Created Last 30 ================
.
2013-01-16 04:23:30 96896 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-01-16 04:20:45 -------- d-----w- C:\ProgramData\PCPitstopDat
2013-01-12 15:59:31 -------- d-----w- C:\Users\2talll\AppData\Local\Mixxx
2013-01-12 15:23:39 -------- d-----w- C:\Program Files (x86)\TuneUpMedia
2013-01-12 15:23:34 -------- d-----w- C:\Users\2talll\AppData\Roaming\OpenCandy
2013-01-12 15:23:12 -------- d-----w- C:\ProgramData\PACE
2013-01-12 15:23:09 -------- d-----w- C:\Program Files (x86)\Common Files\PACE
2013-01-12 15:16:57 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll
2013-01-12 15:15:17 -------- d-----w- C:\Program Files (x86)\Mixxx
2013-01-12 15:14:46 798720 ----a-w- C:\Windows\SysWow64\fmodex.dll
2013-01-12 15:14:43 368640 ----a-w- C:\Windows\SysWow64\QtXml_Torq_2.0.0.3_4.dll
2013-01-12 15:14:43 3166208 ----a-w- C:\Windows\SysWow64\QtXmlPatterns_Torq_2.0.0.3_4.dll
2013-01-12 15:14:40 614400 ----a-w- C:\Windows\SysWow64\QtSql_Torq_2.0.0.3_4.dll
2013-01-12 15:14:37 1339392 ----a-w- C:\Windows\SysWow64\QtScript_Torq_2.0.0.3_4.dll
2013-01-12 15:14:35 720896 ----a-w- C:\Windows\SysWow64\QtOpenGL_Torq_2.0.0.3_4.dll
2013-01-12 15:14:33 864256 ----a-w- C:\Windows\SysWow64\QtNetwork_Torq_2.0.0.3_4.dll
2013-01-12 15:14:32 8491008 ----a-w- C:\Windows\SysWow64\QtGui_Torq_2.0.0.3_4.dll
2013-01-12 15:14:30 2666496 ----a-w- C:\Windows\SysWow64\QtDeclarative_Torq_2.0.0.3_4.dll
2013-01-12 15:14:22 2363392 ----a-w- C:\Windows\SysWow64\QtCore_Torq_2.0.0.3_4.dll
2013-01-12 15:14:20 -------- d-----r- C:\Program Files (x86)\Avid
2013-01-11 22:47:12 -------- dc-h--w- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
2013-01-11 22:42:49 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2013-01-11 22:42:28 -------- dc-h--w- C:\ProgramData\{51B0C2F8-BB02-4FF9-83E6-6BBD135AD344}
2013-01-11 22:41:35 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2013-01-11 22:41:31 -------- d-----w- C:\ProgramData\Native Instruments
2013-01-11 22:41:31 -------- d-----w- C:\Program Files\Native Instruments
2013-01-11 22:41:31 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2013-01-11 22:05:49 -------- d-----w- C:\Users\2talll\AppData\Roaming\Soundflavor
2013-01-11 22:04:37 -------- d-----w- C:\Users\2talll\AppData\Local\SwvUpdater
2013-01-11 22:04:15 -------- d-----w- C:\Users\2talll\AppData\Roaming\TuneUpMedia
2013-01-11 22:04:00 -------- d-----w- C:\ProgramData\TuneUpMedia
2013-01-11 22:02:14 -------- d-----w- C:\Users\2talll\AppData\Roaming\PerformerSoft
2013-01-11 22:02:14 -------- d-----w- C:\ProgramData\IBUpdaterService
2013-01-11 22:02:07 -------- d-----w- C:\Program Files (x86)\PC Performer
2013-01-11 22:01:02 -------- d-----w- C:\Program Files (x86)\PCFixSpeed
2013-01-11 22:00:51 -------- d-----w- C:\Program Files (x86)\Soundflavor DJ
2013-01-11 01:43:35 -------- d-----w- C:\Users\2talll\AppData\Local\Threat Expert
2013-01-11 00:52:16 -------- d-----w- C:\Program Files\iPod
2013-01-11 00:52:15 -------- d-----w- C:\Program Files\iTunes
2013-01-11 00:52:15 -------- d-----w- C:\Program Files (x86)\iTunes
2013-01-09 19:17:14 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 19:17:14 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-12-22 08:00:37 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 08:00:37 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 08:00:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 08:00:37 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-22 02:43:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-01-09 05:25:33 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 05:25:33 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-19 20:53:34 19632 ----a-w- C:\Windows\System32\roboot64.exe
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:45:35 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:55:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 05:10:07 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 19:19:45 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-02 05:30:41 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-02 05:30:40 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:50:33 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-02 04:50:33 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec
2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 16:15:51.30 ===============
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2010 8:39:09 AM
System Uptime: 1/16/2013 12:49:46 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 144B
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU | 2267/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 573 GiB total, 28.105 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 3.323 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.082 GiB free.
F: is CDROM ()
H: is FIXED (NTFS) - 233 GiB total, 50.682 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 1320 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: hp LaserJet 1320 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: HP LaserJet P2035n
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: HP LaserJet P2035n
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID:
Description: HP LaserJet P3005
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer:
Name: HP LaserJet P3005
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: PC Tools Data Store
Device ID: ROOT\LEGACY_PCTDS\0000
Manufacturer:
Name: PC Tools Data Store
PNP Device ID: ROOT\LEGACY_PCTDS\0000
Service: pctDS
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVG 2012
AVG Security Toolbar
Bejeweled 2 Deluxe
Bing Bar
BitTorrent
Blackhawk Striker 2
Blasterball 3
Bonjour
Browser Guard 4.0
BufferChm
Build-a-lot 2
C4700
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
Coupon Printer for Windows
CyberLink DVD Suite
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DeviceIO
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dropbox
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
FPDownloadManager
Free Studio version 5.1.4
Google Chrome
Google Drive
Google Update Helper
GPBaseService2
gPhotoShow Pro v4.8.2
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP Imaging Device Functions 14.0
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Movies and TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Quick Launch
HP QuickWeb Installer
HP Setup
HP SimplePass Identity Protection
HP Smart Web Printing 4.60
HP Software Framework
HP Solution Center 14.0
HP Tone Control
HP Update
HP User Guides 0177
HP Wireless Assistant
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Hulu Desktop
ICA
iCloud
iCopyBot for Windows 7.2.5
IDT Audio
InstallIQ Updater
Intel AppUp(SM) center
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Intel® PROSet/Wireless WiFi Software
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
iTunes
Java Auto Updater
Java(TM) 6 Update 17 (64-bit)
Java(TM) 6 Update 35
JDownloader
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
License Support
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Mixman Spin Control
Mixxx
Mobile Mouse Server
MobileMe Control Panel
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MPlayer (remove only)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
MyTomTom 3.1.0.432
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor 2
Network64
Norton Online Backup
PC Matic 1.1.0.48
PC Pitstop Info Center 1.0.0.13
PC Tools Spyware Doctor with AntiVirus 9.0
PCDJ VJ
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PS_AIO_06_C4700_SW_Min
PSPPContent
PSPPRO_DCRAW
PureHD
PX Profile Update
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Rinse
Roxio CinemaNow 2.0
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Setup
Share
Share64
Shop for HP Supplies
Shutterfly Express Uploader
SmartWebPrinting
SolutionCenter
Soundflavor DJ 1.30
SpyHunter
Status
Synaptics Pointing Device Driver
TextTwist 2
TidySongs
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
Torq 2.0.2
TrayApp
TuneUp 2.4.6.4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Validity Sensors DDK
Veetle TV 0.9.18
VIO
Virtual Families
Virtual Villagers - The Secret City
VirtualDJ Home FREE
VirtualDJ Toolbar
VirtualDJ Toolbar Updater
Visual C++ 8.0 Runtime Setup Package (x64)
Visual C++ Redistributables
Visual Studio 2008 x64 Redistributables
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.5
VSClassic
vShare.tv plugin 1.3
VSPro
Wallpaper SlideShow Pro 2.6.0
WD SmartWare
WebReg
Wheel of Fortune 2
WinCalendarV3
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (05/11/2012 7.12.0.7708)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
Xirrus Wi-Fi Inspector
Xvid Video Codec
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
1/16/2013 12:58:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Office Software Protection Platform service to connect.
1/16/2013 12:58:54 PM, Error: Service Control Manager [7000] - The Office Software Protection Platform service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2013 12:57:14 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/16/2013 12:51:57 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/16/2013 12:50:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffffffdc3cbab8, 0x0000000000000002, 0x0000000000000000, 0xfffff880012a2fd7). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011613-54303-01.
1/16/2013 12:14:29 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/13/2013 9:36:17 PM, Error: PCTCore [280] -
1/12/2013 10:18:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
1/11/2013 7:38:54 PM, Error: NetBT [4321] - The name "2TALLL-PC :0" could not be registered on the interface with IP address 192.168.10.41. The computer with the IP address 192.168.10.46 did not allow the name to be claimed by this computer.
1/11/2013 7:36:29 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
1/11/2013 5:04:38 PM, Error: Service Control Manager [7034] - The vToolbarUpdater13.2.0 service terminated unexpectedly. It has done this 1 time(s).
1/10/2013 8:10:02 AM, Error: Service Control Manager [7034] - The Validity VCS Fingerprint Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
Ark.log:
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-16 15:38:20
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596.17GB
Running: fl9vxukl.exe; Driver: C:\Users\2talll\AppData\Local\Temp\pwdirpod.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x24d000a]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [8A, 71]
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x7197001e]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x7184001e]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x7187001e]}
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
? C:\Windows\system32\mssprxy.dll [2832] entry point in ".rdata" section 000000006dec71e6
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1612] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076fe1ea8 5 bytes JMP 000000010026f3c0
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x35000a]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x13000a]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1b000a]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x29000a]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3c000a]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x17000a]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3e000a]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x23000a]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1c000a]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x4f000a]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3a000a]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
? C:\Windows\system32\mssprxy.dll [7196] entry point in ".rdata" section 000000006dec71e6
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}

---- Threads - GMER 2.0 ----

Thread C:\Windows\SysWOW64\ntdll.dll [3096:3100] 000000000042007b
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3104] 00000000004375e0
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3108] 000000000043a240
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3128] 000000000040ad70
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3132] 000000000040a860
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3140] 0000000000433910
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3976] 000000000040ac50
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3148] 00000000004cebe4
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3388] 0000000000443ca8
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3392] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3404] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3408] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3412] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3508] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3880] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3932] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3936] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3944] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3948] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3952] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3956] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1520] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1928] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1364] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1244] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3648] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1408] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1228] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1240] 000000007446eddc
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1372] 000000007446ea7c
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1160] 000000000b7a2199
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4192] 00000000747011e8
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4196] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4200] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4300] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4304] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4308] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4312] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4316] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4320] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4324] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4328] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4332] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4336] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4340] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4344] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4348] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4352] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4356] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4360] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4456] 000000000a7e92f0
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4468] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4476] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4856] 00000000740f32fb
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6312] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6316] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6320] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6324] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6328] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7600] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7604] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7608] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7612] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7640] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7644] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7648] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7652] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7660] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4076] 00000000005dc736
Thread C:\Windows\SysWOW64\ntdll.dll [4072:3308] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:3316] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:2796] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:2792] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:1456] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:492] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:1368] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4672] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4676] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4680] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4684] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4688] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4692] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4696] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4700] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4704] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4708] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4712] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4716] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:5108] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4484] 0000000000543368
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4580] 00000000004446b0
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4588] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4600] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4612] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4616] 000000000044c7f8
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3096] 0000000077750000
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3144] 000000000af70000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6012] 000007fefbae0000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}\Conn[email protected] isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\{4145EB60-6B7E-407A-9941-9748B5167C5C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{D8520883-445B-44B7-A89E-AC852DB6471F}"?"{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}"?"{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}"?"{826A854E-5EDC-46AE-A5B6-308451BC0F48}"?"{4145EB60-6B7E-407A-9941-9748B5167C5C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\TCPIP6TUNNEL_{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\TCPIP6TUNNEL_{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\TCPIP6TUNNEL_{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\TCPIP6TUNNEL_{4145EB60-6B7E-407A-9941-9748B5167C5C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@InterfaceName isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@ReusableType 0

---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.0 ----
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
Ark.log:
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-16 15:38:20
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596.17GB
Running: fl9vxukl.exe; Driver: C:\Users\2talll\AppData\Local\Temp\pwdirpod.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x24d000a]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [8A, 71]
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x7197001e]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x7184001e]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x7187001e]}
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
? C:\Windows\system32\mssprxy.dll [2832] entry point in ".rdata" section 000000006dec71e6
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1612] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076fe1ea8 5 bytes JMP 000000010026f3c0
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x35000a]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x13000a]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1b000a]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x29000a]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3c000a]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x17000a]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3e000a]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x23000a]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1c000a]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x4f000a]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3a000a]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
? C:\Windows\system32\mssprxy.dll [7196] entry point in ".rdata" section 000000006dec71e6
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}

---- Threads - GMER 2.0 ----

Thread C:\Windows\SysWOW64\ntdll.dll [3096:3100] 000000000042007b
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3104] 00000000004375e0
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3108] 000000000043a240
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3128] 000000000040ad70
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3132] 000000000040a860
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3140] 0000000000433910
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3976] 000000000040ac50
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3148] 00000000004cebe4
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3388] 0000000000443ca8
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3392] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3404] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3408] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3412] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3508] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3880] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3932] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3936] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3944] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3948] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3952] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3956] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1520] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1928] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1364] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1244] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3648] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1408] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1228] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1240] 000000007446eddc
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1372] 000000007446ea7c
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1160] 000000000b7a2199
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4192] 00000000747011e8
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4196] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4200] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4300] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4304] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4308] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4312] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4316] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4320] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4324] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4328] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4332] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4336] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4340] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4344] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4348] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4352] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4356] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4360] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4456] 000000000a7e92f0
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4468] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4476] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4856] 00000000740f32fb
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6312] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6316] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6320] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6324] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6328] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7600] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7604] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7608] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7612] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7640] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7644] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7648] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7652] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7660] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4076] 00000000005dc736
Thread C:\Windows\SysWOW64\ntdll.dll [4072:3308] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:3316] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:2796] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:2792] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:1456] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:492] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:1368] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4672] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4676] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4680] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4684] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4688] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4692] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4696] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4700] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4704] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4708] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4712] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4716] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:5108] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4484] 0000000000543368
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4580] 00000000004446b0
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4588] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4600] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4612] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4616] 000000000044c7f8
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3096] 0000000077750000
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3144] 000000000af70000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6012] 000007fefbae0000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}\[email protected] isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\{4145EB60-6B7E-407A-9941-9748B5167C5C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{D8520883-445B-44B7-A89E-AC852DB6471F}"?"{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}"?"{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}"?"{826A854E-5EDC-46AE-A5B6-308451BC0F48}"?"{4145EB60-6B7E-407A-9941-9748B5167C5C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\TCPIP6TUNNEL_{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\TCPIP6TUNNEL_{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\TCPIP6TUNNEL_{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\TCPIP6TUNNEL_{4145EB60-6B7E-407A-9941-9748B5167C5C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@InterfaceName isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@ReusableType 0

---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.0 ----
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
Ark.log:
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-16 15:38:20
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596.17GB
Running: fl9vxukl.exe; Driver: C:\Users\2talll\AppData\Local\Temp\pwdirpod.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x24d000a]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [8A, 71]
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x7197001e]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x7184001e]}
.text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x7187001e]}
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
? C:\Windows\system32\mssprxy.dll [2832] entry point in ".rdata" section 000000006dec71e6
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1612] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076fe1ea8 5 bytes JMP 000000010026f3c0
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x35000a]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x13000a]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1b000a]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x29000a]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3c000a]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x17000a]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3e000a]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x23000a]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1c000a]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x4f000a]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3a000a]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
.text ... * 9
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
? C:\Windows\system32\mssprxy.dll [7196] entry point in ".rdata" section 000000006dec71e6
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
.text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
 

2talll

Thread Starter
Joined
Apr 30, 2004
Messages
461
---- Threads - GMER 2.0 ----

Thread C:\Windows\SysWOW64\ntdll.dll [3096:3100] 000000000042007b
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3104] 00000000004375e0
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3108] 000000000043a240
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3128] 000000000040ad70
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3132] 000000000040a860
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3140] 0000000000433910
Thread C:\Windows\SysWOW64\ntdll.dll [3096:3976] 000000000040ac50
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3148] 00000000004cebe4
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3388] 0000000000443ca8
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3392] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3404] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3408] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3412] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3508] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3880] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3932] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3936] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3944] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3948] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3952] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3956] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1520] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1928] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1364] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1244] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:3648] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1408] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1228] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1240] 000000007446eddc
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1372] 000000007446ea7c
Thread C:\Windows\SysWOW64\ntdll.dll [3144:1160] 000000000b7a2199
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4192] 00000000747011e8
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4196] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4200] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4300] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4304] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4308] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4312] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4316] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4320] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4324] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4328] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4332] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4336] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4340] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4344] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4348] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4352] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4356] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4360] 000000000bdc9b90
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4456] 000000000a7e92f0
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4468] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4476] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:4856] 00000000740f32fb
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6312] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6316] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6320] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6324] 000000000a8d5e80
Thread C:\Windows\SysWOW64\ntdll.dll [3144:6328] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7600] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7604] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7608] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7612] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7640] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7644] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7648] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7652] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [3144:7660] 000000000044bf60
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4076] 00000000005dc736
Thread C:\Windows\SysWOW64\ntdll.dll [4072:3308] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:3316] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:2796] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:2792] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:1456] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:492] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:1368] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4672] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4676] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4680] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4684] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4688] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4692] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4696] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4700] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4704] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4708] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4712] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:4716] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4072:5108] 00000000003360c0
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4484] 0000000000543368
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4580] 00000000004446b0
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4588] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4600] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4612] 000000000044c7f8
Thread C:\Windows\SysWOW64\ntdll.dll [4480:4616] 000000000044c7f8
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3096] 0000000077750000
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3144] 000000000af70000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6012] 000007fefbae0000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}\[email protected] isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\{4145EB60-6B7E-407A-9941-9748B5167C5C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{D8520883-445B-44B7-A89E-AC852DB6471F}"?"{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}"?"{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}"?"{826A854E-5EDC-46AE-A5B6-308451BC0F48}"?"{4145EB60-6B7E-407A-9941-9748B5167C5C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\TCPIP6TUNNEL_{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\TCPIP6TUNNEL_{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\TCPIP6TUNNEL_{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\TCPIP6TUNNEL_{4145EB60-6B7E-407A-9941-9748B5167C5C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@InterfaceName isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@ReusableType 0

---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top