1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

LiveSearchNow Hijacker Removal

Discussion in 'Virus & Other Malware Removal' started by Dokoni, Jan 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Dokoni

    Dokoni Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    6
    Please help me remove this Livesearchnow.com virus. T_T Spybot, GooredFix and antivirus scan didn't work. :(

    1. HighjackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:26:27 AM, on 21/01/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
    C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
    C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\jennifer\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\jennifer\Downloads\SavemyComputer\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=100581
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/solidyoutube/{0AC7AD17-6B08-4F56-B940-63F69EF2A86E}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbhelper.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Solid YouTube Downloader and Converter DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll
    O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
    O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [JP595IR86O] C:\Users\jennifer\AppData\Local\Temp\Dxp.exe
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
    O4 - HKCU\..\Run: [EPSON WorkForce 630 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_S2F78.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2206683441-4128516360-3638181318-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2206683441-4128516360-3638181318-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Dropbox.lnk = C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Facebook Messenger.lnk = C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
    O4 - Global Startup: FILSHtray.lnk = C:\Program Files (x86)\FILSHtray\FILSHtray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 18829 bytes

    2. DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: BrowserJavaVersion: 10.10.2
    Run by jennifer at 1:28:20 on 2013-01-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3839.1334 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\Windows\System32\spool\drivers\x64\3\E_IATIGBA.EXE
    C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
    C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe
    C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Windows\explorer.exe
    C:\Windows\explorer.exe
    C:\Users\jennifer\Downloads\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/home?AF=100581
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{0AC7AD17-6B08-4F56-B940-63F69EF2A86E}
    uURLSearchHooks: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbhelper.dll
    mWinlogon: Userinit = userinit.exe
    BHO: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Solid YouTube Downloader and Converter DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll
    TB: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.6\iobitToolbarIE.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [JP595IR86O] C:\Users\jennifer\AppData\Local\Temp\Dxp.exe
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
    uRun: [EPSON WorkForce 630 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_S2F78.tmp" /EF "HKCU"
    uRun: [Akamai NetSession Interface] "C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Facebook Update] "C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\jennifer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\jennifer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FILSHT~1.LNK - C:\Program Files (x86)\FILSHtray\FILSHtray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 64.71.255.198
    TCP: Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC} : DHCPNameServer = 64.71.255.198
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://acer.msn.com
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\r8n8vqg9.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=100581
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100581
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - def
    FF - user.js: extensions.BabylonToolbar_i.id - 3c11370f00000000000000262d4f2404
    FF - user.js: extensions.BabylonToolbar_i.hardId - 3c11370f00000000000000262d4f2404
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15336
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:19:12
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - std
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-1-21 17720]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-22 353168]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-11-28 793600]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-7-7 821592]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-8-22 103472]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-12-21 6583160]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-12-21 528760]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-26 243232]
    S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-25 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-1 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-12-21 13312]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-20 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-21 05:48:00 -------- d-s---w- C:\Users\jennifer\Google Drive
    2013-01-21 03:23:42 -------- d-----w- C:\Users\jennifer\AppData\Local\{9635598F-0BD4-46E4-A886-0E31BA0B2608}
    2013-01-20 15:23:21 -------- d-----w- C:\Users\jennifer\AppData\Local\{A851AF06-1690-47D0-880E-D525D1239520}
    2013-01-20 10:10:53 -------- d-----w- C:\Users\jennifer\AppData\Roaming\AVG2013
    2013-01-20 10:09:59 -------- d-----w- C:\Users\jennifer\AppData\Roaming\TuneUp Software
    2013-01-20 10:07:39 -------- d--h--w- C:\$AVG
    2013-01-20 10:07:39 -------- d-----w- C:\ProgramData\AVG2013
    2013-01-20 10:07:24 -------- d-----w- C:\Program Files (x86)\AVG
    2013-01-20 10:05:22 -------- d--h--w- C:\ProgramData\Common Files
    2013-01-20 10:05:22 -------- d-----w- C:\Users\jennifer\AppData\Local\MFAData
    2013-01-20 10:05:22 -------- d-----w- C:\Users\jennifer\AppData\Local\Avg2013
    2013-01-20 10:05:22 -------- d-----w- C:\ProgramData\MFAData
    2013-01-20 03:22:56 -------- d-----w- C:\Users\jennifer\AppData\Local\{A4CB1163-4779-42AB-94FA-002750A537E3}
    2013-01-19 13:30:39 -------- d-----w- C:\Users\jennifer\AppData\Local\{46862A73-7F50-4C34-A229-DF444B0633AD}
    2013-01-19 02:45:49 131072 --sha-r- C:\Windows\SysWow64\mmcbasew.dll
    2013-01-19 01:43:21 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FFD48468-19EF-48BC-A183-7EDBB723255D}\mpengine.dll
    2013-01-19 01:30:29 -------- d-----w- C:\Users\jennifer\AppData\Local\{EC9EA501-E93C-4D25-8537-5D6C88DA0D16}
    2013-01-18 12:23:52 -------- d-----w- C:\Users\jennifer\AppData\Local\{960BB81E-352E-43FA-99E8-505A448AB05B}
    2013-01-18 00:23:30 -------- d-----w- C:\Users\jennifer\AppData\Local\{074A36D8-0B06-4F8F-9141-AA45C5FC9A50}
    2013-01-17 12:23:20 -------- d-----w- C:\Users\jennifer\AppData\Local\{A6356196-359C-413C-8E7F-BF306154700C}
    2013-01-17 00:17:15 -------- d-----w- C:\Users\jennifer\AppData\Local\{32C3CA14-3DE0-4239-8764-EBF4D67B4913}
    2013-01-16 10:10:32 -------- d-----w- C:\Users\jennifer\AppData\Local\{933D2918-1B2B-4584-A878-34C1B318446F}
    2013-01-15 22:10:19 -------- d-----w- C:\Users\jennifer\AppData\Local\{94DA138B-0C71-4F73-AE21-F6F5B3C770E4}
    2013-01-15 08:46:22 -------- d-----w- C:\Users\jennifer\AppData\Local\{6AF800A4-CCD1-4F7D-AC05-8EEC67A262DF}
    2013-01-14 20:46:00 -------- d-----w- C:\Users\jennifer\AppData\Local\{E23F8B8F-1AC0-4BCC-89F7-92DBC1540ABE}
    2013-01-14 08:45:25 -------- d-----w- C:\Users\jennifer\AppData\Local\{73F9B55E-6885-4E8B-8D24-CF83680F0098}
    2013-01-13 20:45:13 -------- d-----w- C:\Users\jennifer\AppData\Local\{3ED26B78-D7BE-4B33-847F-0EAA71B7F0C4}
    2013-01-13 04:20:05 -------- d-----w- C:\Users\jennifer\AppData\Local\{8E7FB457-088F-420C-80EA-443D8E41E1CA}
    2013-01-12 16:19:54 -------- d-----w- C:\Users\jennifer\AppData\Local\{A0D891F8-9147-4537-8422-CFA78EF49994}
    2013-01-11 21:21:48 -------- d-----w- C:\Users\jennifer\AppData\Local\{660DECFB-CD54-41BC-8F48-CB921488F8B6}
    2013-01-11 06:11:05 -------- d-----w- C:\Users\jennifer\AppData\Local\Apple Computer
    2013-01-11 06:07:07 -------- d-----w- C:\Users\jennifer\AppData\Local\Apple
    2013-01-11 06:06:16 -------- d-----w- C:\Users\jennifer\AppData\Local\{1D64DB8D-174A-4E0C-A496-B368FC0E1462}
    2013-01-11 03:01:52 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2013-01-10 18:06:05 -------- d-----w- C:\Users\jennifer\AppData\Local\{8A65571F-1B6E-414F-9A12-9451D7116AA8}
    2013-01-10 18:02:19 -------- d-sh--w- C:\found.002
    2013-01-10 01:19:05 -------- d-----w- C:\Users\jennifer\AppData\Local\{83AF7034-2FD0-414C-832F-F8F04E780F4C}
    2013-01-09 13:18:43 -------- d-----w- C:\Users\jennifer\AppData\Local\{AC09B0FB-9F23-4969-9622-FA1C62972395}
    2013-01-09 01:42:16 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 01:42:16 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 01:42:02 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 01:42:02 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 01:42:01 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 01:42:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 01:42:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-09 01:42:00 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-09 01:40:31 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-09 01:40:29 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-09 01:18:31 -------- d-----w- C:\Users\jennifer\AppData\Local\{FC90FC8B-9CF1-410F-9C46-EB6FB59B840B}
    2013-01-08 11:01:08 -------- d-----w- C:\Users\jennifer\AppData\Local\{38091742-50FA-437C-B998-EF54368D54F2}
    2013-01-07 23:00:57 -------- d-----w- C:\Users\jennifer\AppData\Local\{CBC6ABB2-F696-4585-A7A9-FE90E42E4AF0}
    2013-01-07 08:07:38 -------- d-----w- C:\Users\jennifer\AppData\Local\{ED8006B3-16F8-4AD3-9B6D-D059BFCC227A}
    2013-01-06 20:07:16 -------- d-----w- C:\Users\jennifer\AppData\Local\{DE10451D-D419-48AC-9A22-0105FB94DB88}
    2013-01-06 08:06:54 -------- d-----w- C:\Users\jennifer\AppData\Local\{B538D525-A07A-45B1-82A0-1F4A0298E385}
    2013-01-05 20:06:32 -------- d-----w- C:\Users\jennifer\AppData\Local\{CD6A0129-F2CC-4F93-AB19-7FD5D98A9C29}
    2013-01-05 08:06:09 -------- d-----w- C:\Users\jennifer\AppData\Local\{E5777075-D68C-4134-BB4C-71A45DB14387}
    2013-01-04 20:05:58 -------- d-----w- C:\Users\jennifer\AppData\Local\{578FDF67-BF6C-4F9A-83FA-0373A7AFA657}
    2013-01-04 03:22:10 -------- d-----w- C:\Users\jennifer\AppData\Local\{B49BB081-B0CF-45EB-A64B-01242D0A6CB9}
    2013-01-03 15:21:59 -------- d-----w- C:\Users\jennifer\AppData\Local\{7397B21E-E552-43DF-8A39-EABEA8BFC2FC}
    2013-01-03 02:58:41 -------- d-----w- C:\Users\jennifer\AppData\Local\{675CED9F-B8F0-4DF6-A418-069A0BD2B6FF}
    2013-01-02 14:58:06 -------- d-----w- C:\Users\jennifer\AppData\Local\{C9334A27-1D71-4144-8FF5-8608A1C6DB4E}
    2013-01-02 02:57:44 -------- d-----w- C:\Users\jennifer\AppData\Local\{5BE4F006-71D0-4118-A425-5B864AAD661B}
    2013-01-01 14:57:33 -------- d-----w- C:\Users\jennifer\AppData\Local\{4320B049-E7CC-4C78-ACF9-B65C6E74D2FC}
    2013-01-01 01:03:18 -------- d-----w- C:\Users\jennifer\AppData\Local\{BA29DD98-760B-4176-9708-77D6AC675E33}
    2012-12-31 13:03:07 -------- d-----w- C:\Users\jennifer\AppData\Local\{CD461BA6-D96B-41AF-B3A4-BCF5889B8864}
    2012-12-30 16:40:49 -------- d-----w- C:\Users\jennifer\AppData\Local\{C5698774-52EC-4143-9832-27A60E93ADB1}
    2012-12-30 04:40:34 -------- d-----w- C:\Users\jennifer\AppData\Local\{B594A0C8-1FFA-4EA7-BFED-1D7BF51EC007}
    2012-12-29 15:15:41 -------- d-----w- C:\Users\jennifer\AppData\Local\{CB149706-632D-4CFA-8C51-64A0538CD393}
    2012-12-29 03:15:19 -------- d-----w- C:\Users\jennifer\AppData\Local\{3681B97E-3F8C-4944-BEEB-A7C55D5B7AF6}
    2012-12-28 15:15:08 -------- d-----w- C:\Users\jennifer\AppData\Local\{1488D0EF-49D5-4D02-8A0A-A0B4DA4AEDF1}
    2012-12-28 15:11:49 -------- d-----w- C:\Users\jennifer\AppData\Local\{EF366975-11C9-48ED-9443-C940DEDEEE61}
    2012-12-28 15:08:26 -------- d-----w- C:\Users\jennifer\AppData\Local\{118D74A8-B765-43D4-BEEF-3B82443C76A6}
    2012-12-27 20:31:46 -------- d-----w- C:\Users\jennifer\AppData\Local\{BA6DFB9E-8BCD-4DC8-89C7-A6D01500CDC4}
    2012-12-27 08:17:09 -------- d-----w- C:\Users\jennifer\AppData\Local\{6998DFD4-77F2-4910-B870-72B13BFFC755}
    2012-12-26 20:16:47 -------- d-----w- C:\Users\jennifer\AppData\Local\{B90BCB1B-C2B1-4CBA-AA20-6A2AB07B00B9}
    2012-12-26 08:16:24 -------- d-----w- C:\Users\jennifer\AppData\Local\{48B30C69-F0EC-4B12-9B6A-120981591FAB}
    2012-12-25 20:16:02 -------- d-----w- C:\Users\jennifer\AppData\Local\{29A4CF81-0F71-4314-92BD-72DD384F6B06}
    2012-12-25 08:15:51 -------- d-----w- C:\Users\jennifer\AppData\Local\{84EEAE94-3CCD-45D0-A96F-6DF8C34BFC53}
    2012-12-24 15:58:19 -------- d-----w- C:\Users\jennifer\AppData\Local\{EBB6EF5D-994C-4E09-BEA8-B42DA8F7BA2A}
    2012-12-24 03:58:08 -------- d-----w- C:\Users\jennifer\AppData\Local\{8AEA70F3-0ECC-40CF-83DA-B5E578D721B3}
    2012-12-23 12:51:39 -------- d-----w- C:\Users\jennifer\AppData\Local\{09E49B87-D0D2-4793-9F42-CCB10E689F5A}
    2012-12-23 00:51:29 -------- d-----w- C:\Users\jennifer\AppData\Local\{9BB3DBFA-83D8-4C8F-8CAC-BC36C8A7972C}
    2012-12-22 08:42:04 -------- d-----w- C:\Users\jennifer\AppData\Local\{CCCEF9F7-0F45-4D2D-A6D9-8745EDE8331B}
    .
    ==================== Find3M ====================
    .
    2013-01-09 01:37:51 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 01:37:51 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-21 08:57:50 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-21 08:57:50 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-12-21 08:57:50 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-18 08:48:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-11-18 08:48:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2006-05-03 17:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 18:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 20:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
    2010-01-07 05:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
    .
    ============= FINISH: 1:30:03.22 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 19/01/2011 4:42:38 PM
    System Uptime: 20/01/2013 3:11:01 PM (10 hours ago)
    .
    Motherboard: Acer | | Aspire X3400
    Processor: AMD Athlon(tm) II X3 445 Processor | CPU 1 | 3100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 914 GiB total, 794.603 GiB free.
    D: is CDROM (CDFS)
    E: is Removable
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&47E29E2&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&47E29E2&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP267: 11/01/2013 1:07:46 AM - Installed QuickTime
    RP268: 11/01/2013 3:00:16 AM - Windows Update
    RP269: 15/01/2013 5:21:26 PM - Windows Update
    RP270: 18/01/2013 8:41:52 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    18 Wheels of Steel - American Long Haul
    Acer Arcade Deluxe
    Acer Arcade Movie
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop Lightroom 4.1 64-bit
    Adobe Reader XI (11.0.01)
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    Advanced SystemCare 4
    Advertising Center
    Agatha Christie - Death on the Nile
    AHV content for Acrobat and Flash
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Any Video Converter Professional 3.3.2
    Apple Application Support
    Apple Software Update
    AVG 2013
    Babylon
    Bamboo
    Bamboo Dock
    Bejeweled 2 Deluxe
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software Updater
    Blackhawk Striker 2
    Build-a-lot 2
    Chuzzle Deluxe
    CutePDF Writer 2.8
    D3DX10
    Diner Dash 2 Restaurant Rescue
    DivX Setup
    Dora's Carnival Adventure
    DragonNest
    Dream Video Converter Ultimate 4.3.8
    Dropbox
    eBay Worldwide
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 630 Series Printer Uninstall
    Facebook Messenger 2.1.4651.0
    FATE
    FILSHtray
    FireArc Arcade
    Google Chrome
    Google Drive
    Google Update Helper
    HandBrake 0.9.5
    Hotkey Utility
    Identity Card
    ImagXpress
    IObit Malware Fighter
    IObit Toolbar v6.6
    IZArc 4.1.2
    Java 7 Update 10
    Java Auto Updater
    Java(TM) 6 Update 29
    Jewel Quest - Heritage
    Jewel Quest Solitaire 2
    John Deere Drive Green
    Junk Mail filter update
    MapleStory
    McAfee SiteAdvisor
    MediaShow Espresso
    Messenger Companion
    Messenger Plus! 5
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MKV Converter Studio V2.0.2
    Mozilla Firefox 18.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyWinLocker
    MyWinLocker Suite
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    Nexon Game Manager
    Norton Online Backup
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    PaintTool SAI Ver.1
    Pando Media Booster
    PDF Settings
    Penguins!
    Plants vs. Zombies
    Polar Bowler
    Polar Golfer
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Shredder
    Skype Toolbars
    Skype™ 6.0
    Smart Defrag 2
    Solid YouTube Downloader and Converter DB Toolbar
    Spybot - Search & Destroy
    SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vegas Pro 11.0
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.5
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinX Video Converter 4.5.11
    Wondershare Photo Recovery (build 3.0.3)
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    21/01/2013 12:11:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    20/01/2013 4:55:58 AM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    18/01/2013 8:30:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    18/01/2013 8:30:16 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
    16/01/2013 7:59:00 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    .
    ==== End Of File ===========================


    3. GMER

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-21 03:13:50
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD10 rev.80.0 931.51GB
    Running: t423tk5j.exe; Driver: C:\Users\jennifer\AppData\Local\Temp\awddrkog.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Update\FacebookUpdate.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Akamai\netsession_win.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4148] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    ? C:\Windows\system32\mssprxy.dll [4680] entry point in ".rdata" section 000000006f6a71e6
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ff1401 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ff1419 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ff1431 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ff144a 2 bytes [FF, 76]
    .text ... * 9
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ff14dd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ff14f5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ff150d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ff1525 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ff153d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ff1555 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ff156d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ff1585 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ff159d 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ff15b5 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ff15cd 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ff16b2 2 bytes [FF, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ff16bd 2 bytes [FF, 76]

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe [2244:3508] 0000000071171854
    Thread C:\Windows\system32\svchost.exe [2432:4272] 000007feeb385f1c
    Thread C:\Windows\system32\svchost.exe [2432:4664] 000007feeb2e8470
    Thread C:\Windows\system32\svchost.exe [2432:1572] 000007feeb2f2418
    Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2952:1832] 000007fefa592a7c
    Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2952:3344] 000007fefa776204
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4884:2688] 000007fefa592a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4884:1716] 000007fef5bc5124
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:5548] 0000000077072e25
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2612] 00000000764ad864
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2740] 0000000077073e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:3088] 0000000077073e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:3224] 0000000065978f48
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:1212] 00000000764ad864
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:4988] 00000000725c345e
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:3840] 00000000718162ee
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:4900] 00000000658b0c8d
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:768] 0000000077073e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2672] 0000000064a98408
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2720] 0000000076aa97be
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:4788] 0000000077073e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:2824] 0000000072aa32fb
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:4864] 0000000076aae44f
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:3676] 0000000077073e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:6972] 0000000077073e45
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:5432] 00000000764ad864
    Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [5556:5484] 0000000077073e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe [2244] 0000000072300000
    Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2432] 000007fef9c10000
    Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2912] 000007fefb100000
    Library ? (*** suspicious ***) @ C:\Windows\System32\WUDFHost.exe [3916] 000007fef8640000
    Library ? (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2952] 000007fefc4a0000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4884] 000007fefc060000

    ---- EOF - GMER 2.0 ----
     
  2. Dokoni

    Dokoni Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    6
    Sorry I'm posting again so soon but I didn't describe the problem in enough detail. When I click on a google link in firefox, sometimes livesearch now redirects me to a random page that is blank. And on Chrome some links I clicked on google didn't load.
     
  3. Dokoni

    Dokoni Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    6
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,632
    Hi Dokoni,
    Quite a bit to do here in the beginning.
    Please do each task in the sequence given. Just take one at a time.
    Please Don't perform any scans, install, or delete anything unless I ask, until we are finished cleaning.
    -------------------------------------------------------------------
    Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
    Temporarily Disable Spybot's TeaTimer Protection
    Start Spybot Search & Destroy
    In the top menu, click Mode
    Check Advanced Mode if it is not already checked. OK the selection if necessary.
    In the bottom of the left pane, click on Tools
    From the new left pane list, click on Resident
    Uncheck the box in the middle labeled Resident "TeaTimer"(Protection of overall system settings) active.
    From the top menu, click on File, Exit.
    -----------------------------------------------------------
    Download the Microsoft Security Essentials Installer
    The download is here: http://www.microsoft.com/security_essentials/
    Save it to your desktop, and make sure you can find it, but don't run it yet.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Advanced SystemCare 4
    AVG 2013
    Babylon
    IObit Malware Fighter
    IObit Toolbar v6.6
    Java 7 Update 10
    Java Auto Updater
    Java(TM) 6 Update 29
    Pando Media Booster
    Smart Defrag 2
    SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49

    Please do all these Uninstalls, and DO NOT surf the Internet in between.
    Rebooting in between removals is OK if necessary.
    You may get antivirus warnings from Windows. Just ignore. We will fix that.
    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -----------------------------------------------------------
    Install Microsoft Security Essentials
    Double Click the icon for the Microsoft Security Essentials installer on your desktop.
    Let it install, update itself, run a scan and delete anything it finds.
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator" to run it.
    • Check the box at the top, labeled Include 64 bit scans
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    askey127
     
  5. Dokoni

    Dokoni Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    6
    It won't scan with OTL. :( It freezes at scanning firefox settings. And the only thing I had open was sticky notes which I can't close.
    Also I stopped getting redirected these past couple of days for some reason.. But my internet is a bit slow. I believe livesearchnow is still on my computer though.
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,632
    Dokoni,
    ---------------------------------------------
    Run CKScanner
    Download CKScanner from HERE
    Important - Save it to your desktop.
    Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
    After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
    A message box will verify the file saved. Please run the program just once.
    Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
    -----------------------------------------------------------
    Download and Run ComboFix
    IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
    ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
    You will need to disable all your antivirus software BEFORE running ComboFix.
    .
    • Download ComboFix from here
    • Rename it while saving the download as zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or an infection may prevent you from using it.
      **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
    • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
    • OK any disclaimers and start the Scan.
    • Do not touch the computer AT ALL while ComboFix is running.
    • It will run through about 50 tasks, and take a while to assemble the report.
      When finished, the report will open. Post the log in your next reply, and then Reenable the real time protection in the Microsoft Security Essentials software
    A copy of the log will be located here if you need it-> C:\ComboFix.txt
    If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

    So we are looking for the logs from CKScanner and Combofix.
    askey127
     
  7. Dokoni

    Dokoni Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    6
    Do I google search another download link for ComboFix? The one you gave me doesn't work.

    CKSCanner log:

    CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11.CRAPTC
    ----- EOF -----
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,632
    Dokoni,
    OK. That Combofix site is not working for me either.
    ------------------------------------------------
    Download and Run Rkill
    Please download and run the tool named Rkill, which may help in allowing other programs to run.
    There are different versions with different names. If one of them won't run ,then download and try to run one of the other ones.
    After the download, Vista and Win7 users will need to right click the icon and choose Run as Administrator. XP Users can just double-click.
    You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools. Either ignore the warnings or shutdown your antivirus.
    Please download Rkill from one of the following links (note the different names) and save to your Desktop:
    iExplore.exe
    Rkill.exe
    eXplorer.exe
    RKill.com
    RKill.scr
    Rkill.pif
    uSeRiNiT.exe
    • Double-click on the iExplore, Rkill, eXplorer, or uSeRiNiT desktop icon to run the tool.(If using Vista or Windows 7 right-click on it and choose Run As Administrator).
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. You can go to the next step below
    • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
    • If it doesn't run on the first try, please try to run it another two or three times.
    • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided after trying each a few times, please let me know.
    -------------------------------------------------
    Please download RogueKiller.exe and save it to your desktop.

    Run RogueKiller
    • First, quit all running programs.
    • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
    • Note: If the program is blocked, do not hesitate to try several times.
      If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
    • Wait until prescan has finished.
    • Click on the Scan button in the upper right. Wait for it to finish.
    • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
    • Please double click that file RKreport.txt and post its contents in your next Reply.
      (You can also open the report by clicking the Report button on the right).
    • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
    -------------------------------------------------------------
    AdwCleaner Download
    Please download AdwCleaner from HERE and save it to your desktop or somewhere you can find it.
    -------------------------------------------------------------
    AdwCleaner Scan
    • Close all open programs and internet browsers.
    • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
    • Click on the Search button.
    • When the results log pops up, please copy and paste the contents in your reply.
    The log file is saved in the C: drive main directory with this filepath: C:\AdwCleaner[R1].txt. (x in the filename represents the run number)
    When you close/exit adwCleaner, if you get a message about not performing any Deletions, that's OK. We need to evaluate the scan log first.

    So we are looking for the logs from RogueKiller and adwCleaner.
    askey127
     
  9. Dokoni

    Dokoni Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    6
    Rogue Killer log:

    RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : jennifer [Admin rights]
    Mode : Scan -- Date : 01/31/2013 20:34:43
    | ARK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] FacebookMessenger.exe -- C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : JP595IR86O (C:\Users\jennifer\AppData\Local\Temp\Dxp.exe) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2206683441-4128516360-3638181318-1000[...]\Run : JP595IR86O (C:\Users\jennifer\AppData\Local\Temp\Dxp.exe) -> FOUND
    [TASK][SUSP PATH] {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job : C:\Users\jennifer\AppData\Local\Temp\Dxr.exe -> FOUND
    [TASK][SUSP PATH] {62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job : C:\Windows\Dbejua.exe -> FOUND
    [TASK][SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\Users\jennifer\AppData\Local\Temp\Dxp.exe -> FOUND
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
    [STARTUP][SUSP PATH] Facebook Messenger.lnk @jennifer : C:\Users\jennifer\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD10 EARS-22Y5B1 SCSI Disk Device +++++
    --- User ---
    [MBR] 6878e0928dc890a1839f29b93865b899
    [BSP] 9ecc7c73e0c59a98c85ff7b4d12c2dd1 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 36866048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37070848 | Size: 935767 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_01312013_02d2034.txt >>
    RKreport[1]_S_01312013_02d2034.txt


    adwCleaner log:

    # AdwCleaner v2.109 - Logfile created 01/31/2013 at 20:38:08
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : jennifer - JENNIFER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\jennifer\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\user.js
    File Found : C:\Users\Public\Desktop\eBay.lnk
    Folder Found : C:\Program Files\Babylon
    Folder Found : C:\Users\jennifer\AppData\Local\Temp\BabylonToolbar
    Folder Found : C:\Users\jennifer\AppData\LocalLow\boost_interprocess
    Folder Found : C:\Users\jennifer\AppData\LocalLow\Toolbar4

    ***** [Registry] *****

    Key Found : HKCU\Software\Somoto Toolbar
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Found : HKCU\Software\SMTTB2009
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
    Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
    Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
    Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKU\S-1-5-21-2206683441-4128516360-3638181318-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKU\S-1-5-21-2206683441-4128516360-3638181318-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/home?AF=100581
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/home?AF=100581&babsrc=NT_def
    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/solidyoutube/{0AC7AD17-6B08-4F56-B940-63F69EF2A86E}

    -\\ Mozilla Firefox v18.0.1 (en-GB)

    File : C:\Users\jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\r8n8vqg9.default\prefs.js

    Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/home?AF=100581");
    Found : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
    Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100581");
    Found : user_pref("extensions.BabylonToolbar_i.hardId", "3c11370f00000000000000262d4f2404");
    Found : user_pref("extensions.BabylonToolbar_i.id", "3c11370f00000000000000262d4f2404");
    Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15336");
    Found : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
    Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100581&babsrc=NT_d[...]
    Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Found : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
    Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:19:12");
    Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Found : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"7\": {\"id\": \"7\",\"title[...]
    Found : user_pref("extensions.ntk.recentClosedPers", "hxxp://www.babylon.com/redirects/redir.cgi?type=postun[...]

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\jennifer\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [11064 octets] - [31/01/2013 20:38:08]

    ########## EOF - C:\AdwCleaner[R1].txt - [11125 octets] ##########
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,632
    Dokoni,
    Combofix was off the air for a while. Should be OK now.
    -------------------------------------------------------------
    AdwCleaner Removals
    • Close all open programs and internet browsers.
    • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
    • This time, click on the Delete button.
    • Click OK to the prompts.
    • Your computer will be rebooted automatically. A log will open after the restart.
    • Post the contents of the log in your next reply.
    You can also find the log in the main directory of the C: drive as C:\AdwCleaner[S1].txt
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -----------------------------------------------------------
    Download and Run ComboFix
    IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
    ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
    You will need to disable all your antivirus software BEFORE running ComboFix.
    .
    • Download ComboFix from here
    • Rename it while saving the download as zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or an infection may prevent you from using it.
      **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
    • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
    • OK any disclaimers and start the Scan.
    • Do not touch the computer AT ALL while ComboFix is running.
    • It will run through about 50 tasks, and take a while to assemble the report.
      When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
    A copy of the log will be located here if you need it-> C:\ComboFix.txt
    If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

    askey127
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086205