Multiple Adware and Spyware issues

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sabba

Thread Starter
Joined
Jan 29, 2013
Messages
1
Hi,

i have adware on my system, i am not sure if there are any other problems please could you have at look at the following logs i would be grateful.

Thanks, Sabba.

LOGS

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:27, on 29/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Users\sabba\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Vert...51e-b780c8db40c9&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Vert...51e-b780c8db40c9&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=Vert...491-5625-4896-951e-b780c8db40c9&searchtype=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Vert...51e-b780c8db40c9&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Vert...51e-b780c8db40c9&searchtype=ds&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\sabba\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Global Startup: E-POP.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.3.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11297 bytes

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by sabba at 18:40:12 on 2013-01-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.4289 [GMT 0:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\NOTEPAD.EXE
c:\program files\windows defender\MpCmdRun.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=GB&userid=36857491-5625-4896-951e-b780c8db40c9&searchtype=hp
uSearch Bar = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=GB&userid=36857491-5625-4896-951e-b780c8db40c9&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=GB&userid=36857491-5625-4896-951e-b780c8db40c9&searchtype=ds&q={searchTerms}
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=GB&userid=36857491-5625-4896-951e-b780c8db40c9&searchtype=ds&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Facebook Update] "C:\Users\sabba\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\E-POP.lnk - C:\Program Files (x86)\Samsung\E-POP\E-POP.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7175F74E-B701-42C9-B8D3-303291C51D18} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7175F74E-B701-42C9-B8D3-303291C51D18}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sabba\AppData\Roaming\mozilla\firefox\Profiles\1gqigqn2.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\sabba\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2012-12-07 01:13; [email protected]; C:\Users\sabba\AppData\Roaming\Mozilla\Firefox\Profiles\1gqigqn2.default\extensions\[email protected]
FF - ExtSQL: 2012-12-07 01:29; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Users\sabba\AppData\Roaming\Mozilla\Firefox\Profiles\1gqigqn2.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - ExtSQL: 2012-12-30 13:28; [email protected]; C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.17
FF - ExtSQL: 2013-01-21 18:52; {f34c9277-6577-4dff-b2d7-7d58092f272f}; C:\Users\sabba\AppData\Roaming\Mozilla\Firefox\Profiles\1gqigqn2.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
FF - ExtSQL: 2013-01-21 19:11; [email protected]; C:\Users\sabba\AppData\Roaming\Mozilla\Firefox\Profiles\1gqigqn2.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2013-01-21 18:53; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-verti
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-3-8 25960]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-12-30 30568]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-3-8 13824]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-14 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-14 995392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-4 135952]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2012-3-8 7680]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-8 2656536]
R2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-30 894920]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-14 1355840]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-11-14 84480]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-14 327168]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-21 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-8 471144]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1340976]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown elhkthrj;elhkthrj; [x]
.
=============== Created Last 30 ================
.
2013-01-29 18:29:18 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD88DCD4-C477-45C0-BA41-8093B751D901}\mpengine.dll
2013-01-21 19:11:45 -------- d-----w- C:\Program Files (x86)\Yontoo
2013-01-21 19:09:41 -------- d-----w- C:\ProgramData\BrowserProtect
2013-01-21 19:09:26 -------- d-----w- C:\ProgramData\Tarma Installer
2013-01-21 19:09:23 -------- d-----w- C:\Users\sabba\AppData\Roaming\Babylon
2013-01-21 19:09:23 -------- d-----w- C:\ProgramData\Babylon
2013-01-21 18:52:51 -------- d-----w- C:\Program Files (x86)\Search Results Toolbar
2013-01-18 00:46:00 -------- d-----w- C:\ProgramData\VirtualizedApplications
2013-01-17 15:51:05 -------- d-----w- C:\Users\sabba\AppData\Local\SoftGrid Client
2013-01-17 15:51:03 -------- d-----w- C:\Users\sabba\AppData\Roaming\SoftGrid Client
2013-01-17 15:49:38 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-01-17 15:49:23 -------- d-----w- C:\Users\sabba\AppData\Roaming\TP
2013-01-15 20:49:17 -------- d-----w- C:\Users\sabba\AppData\Roaming\MotioninJoy
2013-01-11 22:12:48 -------- d-----w- C:\Program Files\MotioninJoy
2013-01-11 11:55:04 -------- d-----w- C:\Users\sabba\AppData\Local\CrashDumps
2013-01-08 00:13:21 707728 ----a-w- C:\Program Files (x86)\64Uninstall TelevisionFanatic.dll
2013-01-08 00:13:21 178720 ----a-w- C:\Program Files (x86)\64res.dll
.
==================== Find3M ====================
.
2013-01-10 02:12:17 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 02:12:17 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-30 13:28:22 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
.
============= FINISH: 18:40:48.10 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/10/2012 16:11:18
System Uptime: 29/01/2013 18:31:18 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 300E4A/300E5A/300E7A/3430EA/3530EA
Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz | CPU | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 271 GiB total, 218.953 GiB free.
D: is FIXED (NTFS) - 404 GiB total, 373.592 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP46: 10/01/2013 11:18:25 - Windows Update
RP47: 15/01/2013 20:51:29 - Device Driver Package Install: www.MotioninJoy.com Microsoft Common Controller For Windows Class
RP48: 19/01/2013 05:18:28 - Windows Update
RP49: 28/01/2013 20:16:34 - Restore Operation
RP50: 28/01/2013 20:54:37 - Windows Update
RP51: 29/01/2013 03:00:10 - Windows Update
RP53: 29/01/2013 04:11:36 - Windows Defender Checkpoint
RP54: 29/01/2013 18:01:12 - Restore Operation
RP55: 29/01/2013 18:27:47 - Windows Update
RP57: 29/01/2013 18:30:26 - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Agatha Christie - Death on the Nile
AVG 2013
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
Bejeweled 2 Deluxe
Bing Bar
Build-a-lot
Chuzzle Deluxe
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
E-POP
Easy File Share
Easy Migration
Easy Settings
Easy Software Manager
Easy Support Center 1.0
Facebook Video Calling 1.2.0.287
Farm Frenzy
Fotogalerija Windows Live
Funmoods
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
HTC BMP USB Driver
HTC Sync
Insaniquarium Deluxe
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel® PROSet/Wireless WiFi Software
John Deere Drive Green
Junk Mail filter update
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Multimedia POP
Norton Online Backup
NVIDIA Display Control Panel
NVIDIA Graphics Driver 268.83
NVIDIA Install Application
NVIDIA Optimus 1.0.23
NVIDIA Update Components
Peggle
Penguins!
Plants vs. Zombies
PlayBryte
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pošta Windows Live
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
SISShortcut
Software Launcher
SopCast 3.5.0
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
Visual Studio 2010 x64 Redistributables
Wajam
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
29/01/2013 18:41:07, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
29/01/2013 18:32:28, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.
29/01/2013 18:32:28, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
29/01/2013 18:32:16, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753636.
.
==== End Of File ===========================


Ark

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-01-29 18:48:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB
Running: nul1se1b.exe; Driver: C:\Users\sabba\AppData\Local\Temp\ugloypog.sys

---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!EnableWindow 00000000764f2da4 5 bytes JMP 000000016c4b9eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007650cbf3 5 bytes JMP 000000016c608fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007650cfca 5 bytes JMP 000000016c411893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!DialogBoxParamA 000000007652cb0c 5 bytes JMP 000000016c608f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007652ce64 5 bytes JMP 000000016c60901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007653fbd1 5 bytes JMP 000000016c608ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007653fc9d 5 bytes JMP 000000016c608e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!MessageBoxExA 000000007653fcd6 5 bytes JMP 000000016c608dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!MessageBoxExW 000000007653fcfa 5 bytes JMP 000000016c608d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000748f93ec 5 bytes JMP 000000016c6091d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007250388e 5 bytes JMP 000000016c609080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000725a7922 5 bytes JMP 000000016c609128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000749a2694 5 bytes JMP 000000016c6093c8
? C:\windows\system32\mssprxy.dll [4372] entry point in ".rdata" section 000000006d5071e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000771825fd 6 bytes JMP 000000016c4d8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077192a63 6 bytes JMP 000000016c479805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\kernel32.dll!CreateThread 0000000074eb34b5 5 bytes JMP 000000016c4775db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000764e8a29 5 bytes JMP 000000016c4e03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateWindowExA 00000000764ed22e 5 bytes JMP 000000016c48363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!GetKeyState 00000000764f291f 5 bytes JMP 000000016c45ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!EnableWindow 00000000764f2da4 5 bytes JMP 000000016c4b9eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CallNextHookEx 00000000764f6285 5 bytes JMP 000000016c4d7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000764f7603 5 bytes JMP 000000016c4b25ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000764fb029 5 bytes JMP 000000016c609358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000764fc63e 5 bytes JMP 000000016c609390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!IsDialogMessage 00000000765050ed 5 bytes JMP 000000016c609a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076505246 5 bytes JMP 000000016c6092e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!EndDialog 000000007650b99c 5 bytes JMP 000000016c609d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!IsDialogMessageW 000000007650c701 5 bytes JMP 000000016c609a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007650cbf3 5 bytes JMP 000000016c608fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007650cfca 5 bytes JMP 000000016c411893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007650eb96 5 bytes JMP 000000016c45ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007650f52b 5 bytes JMP 000000016c4fed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!SendInput 000000007650ff4a 5 bytes JMP 000000016c60a2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateDialogParamW 00000000765110dc 5 bytes JMP 000000016c609320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!SetKeyboardState 00000000765114b2 5 bytes JMP 000000016c60a341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076529cfd 5 bytes JMP 000000016c60a3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!DialogBoxParamA 000000007652cb0c 5 bytes JMP 000000016c608f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007652ce64 5 bytes JMP 000000016c60901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007653fbd1 5 bytes JMP 000000016c608ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007653fc9d 5 bytes JMP 000000016c608e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!MessageBoxExA 000000007653fcd6 5 bytes JMP 000000016c608dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!MessageBoxExW 000000007653fcfa 5 bytes JMP 000000016c608d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!keybd_event 00000000765402bf 5 bytes JMP 000000016c60a2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\ole32.dll!OleLoadFromStream 0000000075f36143 5 bytes JMP 000000016c609784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074893e59 5 bytes JMP 000000016c60987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!VariantClear 0000000074893eae 5 bytes JMP 000000016c6098fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074894731 5 bytes JMP 000000016c6097ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074895dee 5 bytes JMP 000000016c60989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000748f93ec 5 bytes JMP 000000016c6091d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766b5761 5 bytes JMP 000000016cf8f983
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766b5fef 5 bytes JMP 000000016cf8fae7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007250388e 5 bytes JMP 000000016c609080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000725a7922 5 bytes JMP 000000016c609128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\comdlg32.dll!PrintDlgW 00000000749933a3 5 bytes JMP 000000016c60946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000749a2694 5 bytes JMP 000000016c6093c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\comdlg32.dll!PrintDlgA 00000000749ae8ff 5 bytes JMP 000000016c609538
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!closesocket 0000000074e63918 5 bytes JMP 000000016ce36378
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!socket 0000000074e63eb8 5 bytes JMP 000000016ce35683
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000074e64296 5 bytes JMP 000000016ce3583b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!recv 0000000074e66b0e 5 bytes JMP 000000016ce3667c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!connect 0000000074e66bdd 5 bytes JMP 000000016ce35713
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!send 0000000074e66f01 5 bytes JMP 000000016ce35c8e
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000771825fd 6 bytes JMP 000000016c4d8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077192a63 6 bytes JMP 000000016c479805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\kernel32.dll!CreateThread 0000000074eb34b5 5 bytes JMP 000000016c4775db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000764e8a29 5 bytes JMP 000000016c4e03cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateWindowExA 00000000764ed22e 5 bytes JMP 000000016c48363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!GetKeyState 00000000764f291f 5 bytes JMP 000000016c45ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!EnableWindow 00000000764f2da4 5 bytes JMP 000000016c4b9eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CallNextHookEx 00000000764f6285 5 bytes JMP 000000016c4d7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000764f7603 5 bytes JMP 000000016c4b25ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000764fb029 5 bytes JMP 000000016c609358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000764fc63e 5 bytes JMP 000000016c609390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!IsDialogMessage 00000000765050ed 5 bytes JMP 000000016c609a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076505246 5 bytes JMP 000000016c6092e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!EndDialog 000000007650b99c 5 bytes JMP 000000016c609d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!IsDialogMessageW 000000007650c701 5 bytes JMP 000000016c609a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007650cbf3 5 bytes JMP 000000016c608fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007650cfca 5 bytes JMP 000000016c411893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007650eb96 5 bytes JMP 000000016c45ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007650f52b 5 bytes JMP 000000016c4fed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!SendInput 000000007650ff4a 5 bytes JMP 000000016c60a2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateDialogParamW 00000000765110dc 5 bytes JMP 000000016c609320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!SetKeyboardState 00000000765114b2 5 bytes JMP 000000016c60a341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076529cfd 5 bytes JMP 000000016c60a3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!DialogBoxParamA 000000007652cb0c 5 bytes JMP 000000016c608f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007652ce64 5 bytes JMP 000000016c60901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007653fbd1 5 bytes JMP 000000016c608ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007653fc9d 5 bytes JMP 000000016c608e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!MessageBoxExA 000000007653fcd6 5 bytes JMP 000000016c608dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!MessageBoxExW 000000007653fcfa 5 bytes JMP 000000016c608d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!keybd_event 00000000765402bf 5 bytes JMP 000000016c60a2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\ole32.dll!OleLoadFromStream 0000000075f36143 5 bytes JMP 000000016c609784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074893e59 5 bytes JMP 000000016c60987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!VariantClear 0000000074893eae 5 bytes JMP 000000016c6098fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074894731 5 bytes JMP 000000016c6097ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074895dee 5 bytes JMP 000000016c60989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000748f93ec 5 bytes JMP 000000016c6091d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766b5761 5 bytes JMP 000000016cf8f983
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766b5fef 5 bytes JMP 000000016cf8fae7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007250388e 5 bytes JMP 000000016c609080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000725a7922 5 bytes JMP 000000016c609128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\comdlg32.dll!PrintDlgW 00000000749933a3 5 bytes JMP 000000016c60946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000749a2694 5 bytes JMP 000000016c6093c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\comdlg32.dll!PrintDlgA 00000000749ae8ff 5 bytes JMP 000000016c609538
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!closesocket 0000000074e63918 5 bytes JMP 000000016ce36378
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!socket 0000000074e63eb8 5 bytes JMP 000000016ce35683
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000074e64296 5 bytes JMP 000000016ce3583b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!recv 0000000074e66b0e 5 bytes JMP 000000016ce3667c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!connect 0000000074e66bdd 5 bytes JMP 000000016ce35713
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!send 0000000074e66f01 5 bytes JMP 000000016ce35c8e
---- Threads - GMER 2.0 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4056:3124] 000007fefafb2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4056:3980] 000007fef8875124
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b80305a941af
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710749bd
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971179d36
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039a807837
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e52fba
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e9b7f3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b80305a941af (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710749bd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971179d36 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039a807837 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e52fba (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e9b7f3 (not active ControlSet)
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top