1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HeurEngine.ZeroDayThreat, Computer slower than normal, videos/music freezing

Discussion in 'Virus & Other Malware Removal' started by 2talll, Jan 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    I’m having lots of problems with my computer acting up lately, windows not responding and restarting, firefox not responding, videos and music freezing,fans randomly speeding up and getting really loud (my coworker asks when my laptop is going to take off my fans get so loud) etc and the other day PC Doctor said it found the HeurEngine.ZeroDayThreat and blocked it, but didn’t say anything about it being removed.
    Even after it blocked it, my computer is still acting weird…Word has frozen SIX times while typing this so far!
    I have three HiJackThis logs because the first one ended with a warning that “for some reason your system denied write access to the host files…” and restarted and scanned again. Then while running DDS program my computer randomly shutdown and restarted, so I rescanned with HJT just in case it would show something…
    HJT #1:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:53:38 PM, on 1/16/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17153)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
    C:\Program Files (x86)\gPhotoShow\ControlSS.exe
    C:\Program Files (x86)\Jumi\jumi.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
    C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\2talll\Downloads\HijackThis.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/ble...FD9DEC75EF61A6204FE4FBE8FF&tbp=homepage&v=2_0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
    O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    O4 - HKLM\..\Run: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
    O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
    O4 - HKCU\..\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'Default user')
    O4 - Startup: Dropbox.lnk = 2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 21393 bytes
     
  2. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    Forum wouldn't let me post all at once so I guess I'll post each log separately, sorry.

    HJT #2:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:51:36 AM, on 1/16/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17153)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\gPhotoShow\ControlSS.exe
    C:\Program Files (x86)\Jumi\jumi.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
    C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
    C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\PCPitstop\PC Matic\PCMatic.exe
    C:\Users\2talll\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/ble...FD9DEC75EF61A6204FE4FBE8FF&tbp=homepage&v=2_0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
    O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    O4 - HKLM\..\Run: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
    O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
    O4 - HKCU\..\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'Default user')
    O4 - Startup: Dropbox.lnk = 2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 21422 bytes
     
  3. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    HJT #3:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:53:38 PM, on 1/16/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17153)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
    C:\Program Files (x86)\gPhotoShow\ControlSS.exe
    C:\Program Files (x86)\Jumi\jumi.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
    C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\2talll\Downloads\HijackThis.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/ble...FD9DEC75EF61A6204FE4FBE8FF&tbp=homepage&v=2_0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
    O4 - HKLM\..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    O4 - HKLM\..\Run: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
    O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
    O4 - HKCU\..\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c (User 'Default user')
    O4 - Startup: Dropbox.lnk = 2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 21393 bytes
     
  4. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    DDS.txt:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.17153 BrowserJavaVersion: 1.6.0_35
    Run by 2talll at 12:56:00 on 2013-01-16
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.5942.3494 [GMT -5:00]
    .
    AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\gPhotoShow\ControlSS.exe
    C:\Program Files (x86)\Jumi\jumi.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
    C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=E3CEACFD9DEC75EF61A6204FE4FBE8FF&tbp=homepage&v=2_0
    mStart Page = hxxp://www.google.com
    uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    dURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
    uRun: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
    uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
    mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    dRun: [WinCalendarV3] "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
    StartupFolder: C:\Users\2talll\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\2talll\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - C:\Users\2talll\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\140535D27457563747 : DHCPNameServer = 10.12.1.29 10.12.1.19
    TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\14E637F6E69616 : DHCPNameServer = 10.12.1.29 10.12.1.19
    TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\234716C6C6C6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\C696E6B6379737 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{FDE5A11D-DCB2-4A84-87A5-AC6F649D206A}\E4544574541425D22343D274 : DHCPNameServer = 192.168.10.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    x64-Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\2talll\AppData\Roaming\Mozilla\Firefox\Profiles\w78q3sfb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=3&q={searchTerms}&CUI=UN93946749887457599
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: !HIDDEN! 2011-03-26 11:07; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: extensions.autoDisableScopes - 14
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-12-4 426616]
    R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-12-4 453896]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-12-4 1096176]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 30568]
    R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2010-1-29 20056]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2011-12-4 251560]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\amppal.sys [2012-1-9 195584]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-1-15 96896]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
    R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-10-2 10342240]
    R3 jumi;%Jumi%;C:\Windows\System32\drivers\jumi.sys [2010-6-3 15160]
    R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2011-12-4 85224]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\amppal.sys [2012-1-9 195584]
    S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-22 48488]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-9-25 7680512]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S4 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-12-4 341200]
    S4 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-12-4 92928]
    .
    =============== Created Last 30 ================
    .
    2013-01-16 04:23:30 96896 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
    2013-01-16 04:20:45 -------- d-----w- C:\ProgramData\PCPitstopDat
    2013-01-12 15:59:31 -------- d-----w- C:\Users\2talll\AppData\Local\Mixxx
    2013-01-12 15:23:39 -------- d-----w- C:\Program Files (x86)\TuneUpMedia
    2013-01-12 15:23:34 -------- d-----w- C:\Users\2talll\AppData\Roaming\OpenCandy
    2013-01-12 15:23:12 -------- d-----w- C:\ProgramData\PACE
    2013-01-12 15:23:09 -------- d-----w- C:\Program Files (x86)\Common Files\PACE
    2013-01-12 15:16:57 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll
    2013-01-12 15:15:17 -------- d-----w- C:\Program Files (x86)\Mixxx
    2013-01-12 15:14:46 798720 ----a-w- C:\Windows\SysWow64\fmodex.dll
    2013-01-12 15:14:43 368640 ----a-w- C:\Windows\SysWow64\QtXml_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:43 3166208 ----a-w- C:\Windows\SysWow64\QtXmlPatterns_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:40 614400 ----a-w- C:\Windows\SysWow64\QtSql_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:37 1339392 ----a-w- C:\Windows\SysWow64\QtScript_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:35 720896 ----a-w- C:\Windows\SysWow64\QtOpenGL_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:33 864256 ----a-w- C:\Windows\SysWow64\QtNetwork_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:32 8491008 ----a-w- C:\Windows\SysWow64\QtGui_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:30 2666496 ----a-w- C:\Windows\SysWow64\QtDeclarative_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:22 2363392 ----a-w- C:\Windows\SysWow64\QtCore_Torq_2.0.0.3_4.dll
    2013-01-12 15:14:20 -------- d-----r- C:\Program Files (x86)\Avid
    2013-01-11 22:47:12 -------- dc-h--w- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
    2013-01-11 22:42:49 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
    2013-01-11 22:42:28 -------- dc-h--w- C:\ProgramData\{51B0C2F8-BB02-4FF9-83E6-6BBD135AD344}
    2013-01-11 22:41:35 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
    2013-01-11 22:41:31 -------- d-----w- C:\ProgramData\Native Instruments
    2013-01-11 22:41:31 -------- d-----w- C:\Program Files\Native Instruments
    2013-01-11 22:41:31 -------- d-----w- C:\Program Files\Common Files\Native Instruments
    2013-01-11 22:05:49 -------- d-----w- C:\Users\2talll\AppData\Roaming\Soundflavor
    2013-01-11 22:04:37 -------- d-----w- C:\Users\2talll\AppData\Local\SwvUpdater
    2013-01-11 22:04:15 -------- d-----w- C:\Users\2talll\AppData\Roaming\TuneUpMedia
    2013-01-11 22:04:00 -------- d-----w- C:\ProgramData\TuneUpMedia
    2013-01-11 22:02:14 -------- d-----w- C:\Users\2talll\AppData\Roaming\PerformerSoft
    2013-01-11 22:02:14 -------- d-----w- C:\ProgramData\IBUpdaterService
    2013-01-11 22:02:07 -------- d-----w- C:\Program Files (x86)\PC Performer
    2013-01-11 22:01:02 -------- d-----w- C:\Program Files (x86)\PCFixSpeed
    2013-01-11 22:00:51 -------- d-----w- C:\Program Files (x86)\Soundflavor DJ
    2013-01-11 01:43:35 -------- d-----w- C:\Users\2talll\AppData\Local\Threat Expert
    2013-01-11 00:52:16 -------- d-----w- C:\Program Files\iPod
    2013-01-11 00:52:15 -------- d-----w- C:\Program Files\iTunes
    2013-01-11 00:52:15 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-01-09 19:17:14 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 19:17:14 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-12-22 08:00:37 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-22 08:00:37 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-22 08:00:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-22 08:00:37 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-22 02:43:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 05:25:33 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 05:25:33 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-19 20:53:34 19632 ----a-w- C:\Windows\System32\roboot64.exe
    2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:45:35 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:55:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 05:10:07 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-08 19:19:45 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-11-02 05:30:41 2001408 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-02 05:30:40 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 04:50:33 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-02 04:50:33 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec
    2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 16:15:51.30 ===============
     
  5. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    Attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/19/2010 8:39:09 AM
    System Uptime: 1/16/2013 12:49:46 PM (4 hours ago)
    .
    Motherboard: Hewlett-Packard | | 144B
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU | 2267/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 573 GiB total, 28.105 GiB free.
    D: is FIXED (NTFS) - 23 GiB total, 3.323 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.082 GiB free.
    F: is CDROM ()
    H: is FIXED (NTFS) - 233 GiB total, 50.682 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: hp LaserJet 1320 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 1320 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2035n
    Device ID: ROOT\MULTIFUNCTION\0005
    Manufacturer:
    Name: HP LaserJet P2035n
    PNP Device ID: ROOT\MULTIFUNCTION\0005
    Service:
    .
    Class GUID:
    Description: HP LaserJet P3005
    Device ID: ROOT\MULTIFUNCTION\0006
    Manufacturer:
    Name: HP LaserJet P3005
    PNP Device ID: ROOT\MULTIFUNCTION\0006
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: PC Tools Data Store
    Device ID: ROOT\LEGACY_PCTDS\0000
    Manufacturer:
    Name: PC Tools Data Store
    PNP Device ID: ROOT\LEGACY_PCTDS\0000
    Service: pctDS
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    64 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    Adobe Shockwave Player
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    AVG 2012
    AVG Security Toolbar
    Bejeweled 2 Deluxe
    Bing Bar
    BitTorrent
    Blackhawk Striker 2
    Blasterball 3
    Bonjour
    Browser Guard 4.0
    BufferChm
    Build-a-lot 2
    C4700
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CinemaNow Media Manager
    Compatibility Pack for the 2007 Office system
    Contents
    Corel PaintShop Photo Pro X3
    Corel VideoStudio Pro X3
    Coupon Printer for Windows
    CyberLink DVD Suite
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DeviceIO
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Dropbox
    DVD Menu Pack for HP MediaSmart Video
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Faerie Solitaire
    FATE
    FPDownloadManager
    Free Studio version 5.1.4
    Google Chrome
    Google Drive
    Google Update Helper
    GPBaseService2
    gPhotoShow Pro v4.8.2
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP 3D DriveGuard
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Participation Program 14.0
    HP DVB-T TV Tuner 8.0.64.43
    HP Game Console
    HP Games
    HP Imaging Device Functions 14.0
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Movies and TV
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP Photo Creations
    HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    HP Quick Launch
    HP QuickWeb Installer
    HP Setup
    HP SimplePass Identity Protection
    HP Smart Web Printing 4.60
    HP Software Framework
    HP Solution Center 14.0
    HP Tone Control
    HP Update
    HP User Guides 0177
    HP Wireless Assistant
    HPDiagnosticAlert
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    Hulu Desktop
    ICA
    iCloud
    iCopyBot for Windows 7.2.5
    IDT Audio
    InstallIQ Updater
    Intel AppUp(SM) center
    Intel PROSet Wireless
    Intel(R) Management Engine Components
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    Intel® PROSet/Wireless WiFi Software
    IPM_PSP_Pro
    IPM_VS_Pro
    ISCOM
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 17 (64-bit)
    Java(TM) 6 Update 35
    JDownloader
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    License Support
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.60.0.1800
    MarketResearch
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Mixman Spin Control
    Mixxx
    Mobile Mouse Server
    MobileMe Control Panel
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    MPlayer (remove only)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The New York Fortune
    MyTomTom 3.1.0.432
    Native Instruments Controller Editor
    Native Instruments Service Center
    Native Instruments Traktor 2
    Network64
    Norton Online Backup
    PC Matic 1.1.0.48
    PC Pitstop Info Center 1.0.0.13
    PC Tools Spyware Doctor with AntiVirus 9.0
    PCDJ VJ
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PS_AIO_06_C4700_SW_Min
    PSPPContent
    PSPPRO_DCRAW
    PureHD
    PX Profile Update
    QuickTime
    QuickTransfer
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Rinse
    Roxio CinemaNow 2.0
    Safari
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Setup
    Share
    Share64
    Shop for HP Supplies
    Shutterfly Express Uploader
    SmartWebPrinting
    SolutionCenter
    Soundflavor DJ 1.30
    SpyHunter
    Status
    Synaptics Pointing Device Driver
    TextTwist 2
    TidySongs
    TomTom HOME 2.8.2.2264
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    Torq 2.0.2
    TrayApp
    TuneUp 2.4.6.4
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Validity Sensors DDK
    Veetle TV 0.9.18
    VIO
    Virtual Families
    Virtual Villagers - The Secret City
    VirtualDJ Home FREE
    VirtualDJ Toolbar
    VirtualDJ Toolbar Updater
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual C++ Redistributables
    Visual Studio 2008 x64 Redistributables
    Visual Studio C++ 10.0 Runtime
    VLC media player 2.0.5
    VSClassic
    vShare.tv plugin 1.3
    VSPro
    Wallpaper SlideShow Pro 2.6.0
    WD SmartWare
    WebReg
    Wheel of Fortune 2
    WinCalendarV3
    Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (05/11/2012 7.12.0.7708)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xirrus Wi-Fi Inspector
    Xvid Video Codec
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/16/2013 12:58:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Office Software Protection Platform service to connect.
    1/16/2013 12:58:54 PM, Error: Service Control Manager [7000] - The Office Software Protection Platform service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/16/2013 12:57:14 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/16/2013 12:51:57 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/16/2013 12:50:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffffffdc3cbab8, 0x0000000000000002, 0x0000000000000000, 0xfffff880012a2fd7). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011613-54303-01.
    1/16/2013 12:14:29 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    1/13/2013 9:36:17 PM, Error: PCTCore [280] -
    1/12/2013 10:18:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    1/11/2013 7:38:54 PM, Error: NetBT [4321] - The name "2TALLL-PC :0" could not be registered on the interface with IP address 192.168.10.41. The computer with the IP address 192.168.10.46 did not allow the name to be claimed by this computer.
    1/11/2013 7:36:29 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
    1/11/2013 5:04:38 PM, Error: Service Control Manager [7034] - The vToolbarUpdater13.2.0 service terminated unexpectedly. It has done this 1 time(s).
    1/10/2013 8:10:02 AM, Error: Service Control Manager [7034] - The Validity VCS Fingerprint Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  6. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    Ark.log:
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-16 15:38:20
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596.17GB
    Running: fl9vxukl.exe; Driver: C:\Users\2talll\AppData\Local\Temp\pwdirpod.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x24d000a]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [8A, 71]
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x7197001e]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x7184001e]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x7187001e]}
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    ? C:\Windows\system32\mssprxy.dll [2832] entry point in ".rdata" section 000000006dec71e6
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1612] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076fe1ea8 5 bytes JMP 000000010026f3c0
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x35000a]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x13000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1b000a]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x29000a]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3c000a]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x17000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3e000a]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x23000a]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1c000a]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x4f000a]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3a000a]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    ? C:\Windows\system32\mssprxy.dll [7196] entry point in ".rdata" section 000000006dec71e6
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}

    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3100] 000000000042007b
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3104] 00000000004375e0
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3108] 000000000043a240
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3128] 000000000040ad70
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3132] 000000000040a860
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3140] 0000000000433910
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3976] 000000000040ac50
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3148] 00000000004cebe4
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3388] 0000000000443ca8
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3392] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3404] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3408] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3412] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3508] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3880] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3932] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3936] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3944] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3948] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3952] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3956] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1520] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1928] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1364] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1244] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3648] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1408] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1228] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1240] 000000007446eddc
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1372] 000000007446ea7c
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1160] 000000000b7a2199
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4192] 00000000747011e8
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4196] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4200] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4300] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4304] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4308] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4312] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4316] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4320] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4324] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4328] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4332] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4336] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4340] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4344] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4348] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4352] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4356] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4360] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4456] 000000000a7e92f0
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4468] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4476] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4856] 00000000740f32fb
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6312] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6316] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6320] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6324] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6328] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7600] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7604] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7608] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7612] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7640] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7644] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7648] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7652] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7660] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4076] 00000000005dc736
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:3308] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:3316] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:2796] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:2792] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:1456] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:492] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:1368] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4672] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4676] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4680] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4684] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4688] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4692] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4696] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4700] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4704] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4708] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4712] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4716] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:5108] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4484] 0000000000543368
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4580] 00000000004446b0
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4588] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4600] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4612] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4616] 000000000044c7f8
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3096] 0000000077750000
    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3144] 000000000af70000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6012] 000007fefbae0000

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}\[email protected] isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\{4145EB60-6B7E-407A-9941-9748B5167C5C}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{D8520883-445B-44B7-A89E-AC852DB6471F}"?"{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}"?"{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}"?"{826A854E-5EDC-46AE-A5B6-308451BC0F48}"?"{4145EB60-6B7E-407A-9941-9748B5167C5C}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\TCPIP6TUNNEL_{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\TCPIP6TUNNEL_{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\TCPIP6TUNNEL_{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\TCPIP6TUNNEL_{4145EB60-6B7E-407A-9941-9748B5167C5C}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@InterfaceName isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@ReusableType 0

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.0 ----
     
  7. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    Ark.log:
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-16 15:38:20
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596.17GB
    Running: fl9vxukl.exe; Driver: C:\Users\2talll\AppData\Local\Temp\pwdirpod.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x24d000a]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [8A, 71]
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x7197001e]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x7184001e]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x7187001e]}
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    ? C:\Windows\system32\mssprxy.dll [2832] entry point in ".rdata" section 000000006dec71e6
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1612] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076fe1ea8 5 bytes JMP 000000010026f3c0
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x35000a]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x13000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1b000a]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x29000a]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3c000a]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x17000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3e000a]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x23000a]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1c000a]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x4f000a]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3a000a]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    ? C:\Windows\system32\mssprxy.dll [7196] entry point in ".rdata" section 000000006dec71e6
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}

    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3100] 000000000042007b
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3104] 00000000004375e0
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3108] 000000000043a240
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3128] 000000000040ad70
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3132] 000000000040a860
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3140] 0000000000433910
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3976] 000000000040ac50
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3148] 00000000004cebe4
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3388] 0000000000443ca8
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3392] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3404] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3408] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3412] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3508] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3880] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3932] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3936] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3944] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3948] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3952] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3956] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1520] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1928] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1364] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1244] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3648] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1408] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1228] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1240] 000000007446eddc
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1372] 000000007446ea7c
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1160] 000000000b7a2199
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4192] 00000000747011e8
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4196] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4200] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4300] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4304] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4308] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4312] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4316] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4320] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4324] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4328] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4332] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4336] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4340] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4344] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4348] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4352] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4356] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4360] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4456] 000000000a7e92f0
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4468] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4476] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4856] 00000000740f32fb
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6312] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6316] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6320] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6324] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6328] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7600] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7604] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7608] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7612] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7640] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7644] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7648] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7652] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7660] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4076] 00000000005dc736
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:3308] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:3316] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:2796] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:2792] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:1456] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:492] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:1368] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4672] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4676] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4680] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4684] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4688] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4692] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4696] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4700] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4704] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4708] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4712] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4716] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:5108] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4484] 0000000000543368
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4580] 00000000004446b0
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4588] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4600] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4612] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4616] 000000000044c7f8
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3096] 0000000077750000
    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3144] 000000000af70000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6012] 000007fefbae0000

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}\[email protected] isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\{4145EB60-6B7E-407A-9941-9748B5167C5C}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{D8520883-445B-44B7-A89E-AC852DB6471F}"?"{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}"?"{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}"?"{826A854E-5EDC-46AE-A5B6-308451BC0F48}"?"{4145EB60-6B7E-407A-9941-9748B5167C5C}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\TCPIP6TUNNEL_{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\TCPIP6TUNNEL_{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\TCPIP6TUNNEL_{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\TCPIP6TUNNEL_{4145EB60-6B7E-407A-9941-9748B5167C5C}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@InterfaceName isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@ReusableType 0

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.0 ----
     
  8. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    Ark.log:
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-16 15:38:20
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596.17GB
    Running: fl9vxukl.exe; Driver: C:\Users\2talll\AppData\Local\Temp\pwdirpod.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x24d000a]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [8A, 71]
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x7197001e]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x7184001e]}
    .text C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe[2460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x7187001e]}
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    ? C:\Windows\system32\mssprxy.dll [2832] entry point in ".rdata" section 000000006dec71e6
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[1612] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076fe1ea8 5 bytes JMP 000000010026f3c0
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[3416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\gPhotoShow\ControlSS.exe[4656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x35000a]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Jumi\jumi.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x13000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x10000a]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1b000a]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x29000a]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
     
  9. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3c000a]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Users\2talll\AppData\Roaming\Dropbox\bin\Dropbox.exe[5832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x17000a]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3e000a]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe[5420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x23000a]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x1c000a]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[6120] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x4f000a]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe[4252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x9000a]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe[2036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x28000a]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x3a000a]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe[7544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bb1401 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bb1419 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bb1431 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bb144a 2 bytes [BB, 77]
    .text ... * 9
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bb14dd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bb14f5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bb150d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bb1525 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bb153d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bb1555 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bb156d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bb1585 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bb159d 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bb15b5 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bb15cd 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bb16b2 2 bytes [BB, 77]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[7620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bb16bd 2 bytes [BB, 77]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x30000a]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\Downloads\dds.scr[7196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    ? C:\Windows\system32\mssprxy.dll [7196] entry point in ".rdata" section 000000006dec71e6
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x18000a]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\AppData\Local\Temp\nsrAC85.tmp\PEV.DAT[7188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075af2c91 4 bytes {CALL QWORD [RIP+0x27000a]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos 000000007766cdb4 3 bytes [FF, 25, 1E]
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowPos + 4 000000007766cdb8 2 bytes [A8, 71]
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000077671d34 6 bytes {JMP QWORD [RIP+0x71ae001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000776b092e 6 bytes {JMP QWORD [RIP+0x71a2001e]}
    .text C:\Users\2talll\Downloads\fl9vxukl.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExA 00000000776c6f30 6 bytes {JMP QWORD [RIP+0x71a5001e]}
     
  10. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3100] 000000000042007b
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3104] 00000000004375e0
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3108] 000000000043a240
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3128] 000000000040ad70
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3132] 000000000040a860
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3140] 0000000000433910
    Thread C:\Windows\SysWOW64\ntdll.dll [3096:3976] 000000000040ac50
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3148] 00000000004cebe4
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3388] 0000000000443ca8
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3392] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3404] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3408] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3412] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3508] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3880] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3932] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3936] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3944] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3948] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3952] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3956] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1520] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1928] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1364] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1244] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:3648] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1408] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1228] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1240] 000000007446eddc
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1372] 000000007446ea7c
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:1160] 000000000b7a2199
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4192] 00000000747011e8
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4196] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4200] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4300] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4304] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4308] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4312] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4316] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4320] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4324] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4328] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4332] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4336] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4340] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4344] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4348] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4352] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4356] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4360] 000000000bdc9b90
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4456] 000000000a7e92f0
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4468] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4476] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:4856] 00000000740f32fb
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6312] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6316] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6320] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6324] 000000000a8d5e80
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:6328] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7600] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7604] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7608] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7612] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7640] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7644] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7648] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7652] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [3144:7660] 000000000044bf60
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4076] 00000000005dc736
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:3308] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:3316] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:2796] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:2792] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:1456] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:492] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:1368] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4672] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4676] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4680] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4684] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4688] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4692] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4696] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4700] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4704] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4708] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4712] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:4716] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4072:5108] 00000000003360c0
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4484] 0000000000543368
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4580] 00000000004446b0
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4588] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4600] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4612] 000000000044c7f8
    Thread C:\Windows\SysWOW64\ntdll.dll [4480:4616] 000000000044c7f8
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3096] 0000000077750000
    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\ntdll.dll [3144] 000000000af70000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6012] 000007fefbae0000

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}\[email protected] isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\{4145EB60-6B7E-407A-9941-9748B5167C5C}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{D8520883-445B-44B7-A89E-AC852DB6471F}"?"{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}"?"{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}"?"{826A854E-5EDC-46AE-A5B6-308451BC0F48}"?"{4145EB60-6B7E-407A-9941-9748B5167C5C}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{D8520883-445B-44B7-A89E-AC852DB6471F}?\Device\TCPIP6TUNNEL_{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}?\Device\TCPIP6TUNNEL_{36EA2CD0-5F5A-4FA7-A5A7-3BC7F840C649}?\Device\TCPIP6TUNNEL_{826A854E-5EDC-46AE-A5B6-308451BC0F48}?\Device\TCPIP6TUNNEL_{4145EB60-6B7E-407A-9941-9748B5167C5C}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@InterfaceName isatap.{6270C68A-B555-4800-A15E-5BF2CFA1BCA9}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{29E0C012-6A8D-4F9E-82DE-039946AAA9CA}@ReusableType 0

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.0 ----
     
  11. 2talll

    2talll Thread Starter

    Joined:
    Apr 30, 2004
    Messages:
    446
    Can ANYONE help me?
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085600

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice