1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random Freezes and BSOD on my laptop

Discussion in 'Virus & Other Malware Removal' started by icbarefoot, Jun 29, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. icbarefoot

    icbarefoot Thread Starter

    Joined:
    Nov 30, 2006
    Messages:
    30
    I am running Windows 7 on my computer and it is running kind of sluggish and also intermittently crashing. Also the screen will go dark like it's asleep and won't come back on until I force a manual reboot, but the lights are all on and tapping the power button or keys does nothing. I have run panda anti-virus and malwarebytes so far. The former turned up some viruses but computer still crashes and I want to be sure it is not malware. also sometimes the computer dims and takes a while to come back on like it needs to process.

    but the worst part is that in addition to the freezing I have intermittently been getting the Blue screen of death with increasing frequency, I don't think the code is always the same. I don't have it because I was too slow the last two times but I will get a picture when/if it happens again and post it. provided my computer is still running. I'm not sure if it is malware or a hardware problem but I have been unable to fix with updates and drivers so far.

    Another thing that happened the other day is the taskbar disappeared, only the round window start button is there now. I've rebooted and it's the same, usually it's there at first but at some point it goes away.

    Thanks!

    Here are my logs

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:09:27 AM, on 6/29/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16611)
    Boot mode: Normal

    Running processes:
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Users\ION\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\ION\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://pandasecurity.mystart.com/?

    source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=F30917C6F77071

    C5C8F97D51B1E7DABE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows

    \SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
    O1 - Hosts: 216.239.32.20 www.google.ae # bck9
    O1 - Hosts: 216.239.32.20 www.google.at # bck9
    O1 - Hosts: 216.239.32.20 www.google.be # bck9
    O1 - Hosts: 216.239.32.20 www.google.ca # bck9
    O1 - Hosts: 216.239.32.20 www.google.ch # bck9
    O1 - Hosts: 216.239.32.20 www.google.cl # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
    O1 - Hosts: 216.239.32.20 www.google.com # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ph # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.sg # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.tr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.tw # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ua # bck9
    O1 - Hosts: 216.239.32.20 www.google.de # bck9
    O1 - Hosts: 216.239.32.20 www.google.dk # bck9
    O1 - Hosts: 216.239.32.20 www.google.es # bck9
    O1 - Hosts: 216.239.32.20 www.google.fi # bck9
    O1 - Hosts: 216.239.32.20 www.google.fr # bck9
    O1 - Hosts: 216.239.32.20 www.google.it # bck9
    O1 - Hosts: 216.239.32.20 www.google.lt # bck9
    O1 - Hosts: 216.239.32.20 www.google.lv # bck9
    O1 - Hosts: 216.239.32.20 www.google.nl # bck9
    O1 - Hosts: 216.239.32.20 www.google.pl # bck9
    O1 - Hosts: 216.239.32.20 www.google.pt # bck9
    O1 - Hosts: 216.239.32.20 www.google.ro # bck9
    O1 - Hosts: 216.239.32.20 www.google.ru # bck9
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program

    Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-

    0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

    \AcroIEFavClient.dll
    O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -

    C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program

    Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} -

    C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

    Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}

    - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:

    \Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam

    \Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell

    Datasafe Online\NOBuClient.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid

    Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search

    \vprot.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM

    \1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda

    Security URL Filtering\Panda_URL_Filtering.exe"
    O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda

    Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
    O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup

    \Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe

    Local Backup\Components\DSUpdate\DSUpdate.exe"
    O4 - HKCU\..\Run: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -

    autorun
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B00333A6B577007C6B47730655C29106]

    "C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe" --no-

    startup-window
    O4 - HKCU\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -

    autostart
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI

    RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\ION\AppData\Local\Google\Update

    \GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe"

    /minimized /regrun
    O4 - HKCU\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0
    O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software

    \AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software

    \panda2_0dn" /f (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software

    \AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software

    \panda4_0dn" /f (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software

    \AppDataLow\Software\panda2_0dn" /f (User 'Default user')
    O4 - Startup: Dropbox.lnk = ION\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files

    (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:

    \Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

    \AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files

    (x86)\Common Files\Adobe\Acrobat\ActiveX

    \AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:

    \Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

    \AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files

    (x86)\Common Files\Adobe\Acrobat\ActiveX

    \AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\ION

    \AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    O8 - Extra context menu item: Download by FlashGet3 - C:\Users\ION\AppData

    \Roaming\FlashGetBHO\GetUrl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

    \PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer

    \WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

    D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

    \WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer

    \WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-

    D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

    \WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:

    \Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-

    C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program

    Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-

    C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -

    C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-

    9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm

    \roboform.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-

    8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

    \skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-

    E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

    Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

    \PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-

    101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files

    (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote

    \Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:

    \Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files

    \microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files

    \microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program

    Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8}

    - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

    \PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:

    \Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller

    \15.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program

    Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems

    Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc)

    - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash

    \FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics

    Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -

    C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files

    (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc.

    - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour

    \mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner -

    C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R)

    Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner

    - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:

    \Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher

    \FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:

    \Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. -

    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files

    (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel

    Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology

    \IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin

    \iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows

    \system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management

    Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R)

    Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla

    Foundation - C:\Program Files (x86)\Mozilla Maintenance Service

    \maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows

    \System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:

    \Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda

    Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus

    \PSANHost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown

    owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files

    (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:

    \Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA

    Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core

    \daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -

    Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. -

    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R)

    Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files

    (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions -

    C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM

    \RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown

    owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

    C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:

    \Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program

    Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown

    owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown

    owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown

    owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files

    (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) -

    NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision

    \nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files

    (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated -

    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files

    \Tablet\Pen\Pen_Tablet.exe
    O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom

    Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) -

    Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -

    Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification

    Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R)

    Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:

    \Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown

    owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -

    C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -

    C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files

    (x86)\Common Files\AVG Secure Search\vToolbarUpdater

    \15.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -

    Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown

    owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -

    Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101

    (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media

    Player\wmpnetwk.exe (file missing)

    --
    End of file - 20622 bytes


    DDS----

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.7.2
    Run by ION at 10:07:50 on 2013-06-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3384 [GMT -5:00]
    .
    AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\ION\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\ION\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\ION\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=F30917C6F77071C5C8F97D51B1E7DABE
    uDefault_Page_URL = hxxp://www.dell.com
    mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [AdobeBridge] <no file>
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [FAStartup] <no file>
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
    dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f
    dRunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
    dRunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f
    StartupFolder: C:\Users\ION\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all by FlashGet3 - C:\Users\ION\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - C:\Users\ION\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\16474777966696 : DHCPNameServer = 10.128.52.129 64.134.255.2 64.134.255.10
    TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\2416275666F6F647E45647 : DHCPNameServer = 72.19.128.99 208.68.50.70 208.68.50.71
    TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\27574786965626F6E64656C6 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\64C45485943535 : DHCPNameServer = 192.168.3.100
    TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\6656277647F677E6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D09D16B0-1B54-4C80-AB61-B6A07B36BFBA}\74A434F6E63757C64796E676 : DHCPNameServer = 69.145.232.4 69.144.49.30 69.146.17.3
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 216.239.32.20 www.google.ae # bck9
    Hosts: 216.239.32.20 www.google.at # bck9
    Hosts: 216.239.32.20 www.google.be # bck9
    Hosts: 216.239.32.20 www.google.ca # bck9
    Hosts: 216.239.32.20 www.google.ch # bck9
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\ION\AppData\Roaming\Mozilla\Firefox\Profiles\hd4303be.default\
    FF - prefs.js: browser.search.defaulturl - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=F30917C6F77071C5C8F97D51B1E7DABE
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=5b97eeb3&tbp=url&toolbarid=pandasecuritytb&u=F30917C6F77071C5C8F97D51B1E7DABE&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\ION\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\ION\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Users\ION\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
    FF - plugin: C:\Users\ION\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\ION\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\ION\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\ION\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=010712_4
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - b84571680000000000008ca9827b1769
    FF - user.js: extensions.BabylonToolbar_i.hardId - b84571680000000000008ca9827b1769
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15531
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:54:20
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-11-20 30056]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-5 55856]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-6-5 21616]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-5 45856]
    R1 bckd;bckd;C:\Windows\System32\drivers\bckd.sys [2012-2-13 108304]
    R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
    R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
    R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
    R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
    R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584]
    R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
    R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
    R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
    R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
    R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
    R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
    R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
    R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
    R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-11-20 284008]
    R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-16 98208]
    R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-14 13336]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-5-28 140768]
    R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
    R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-5-28 122088]
    R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
    R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
    R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-5-28 37344]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-5 1692480]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-9-1 5790064]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-5 2656280]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
    R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-6-6 1015984]
    R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-6-5 27760]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-6-5 175168]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-5 317440]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-5 82432]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-5 181760]
    R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-6-26 58808]
    R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-6-5 29288]
    R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-13 565352]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-5 158976]
    S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-12-19 29184]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-6-5 121960]
    S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
    S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]
    S3 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-9-1 487280]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-9-1 18288]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S4 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-10-20 131912]
    .
    =============== Created Last 30 ================
    .
    2013-06-29 14:31:02 -------- d-----w- C:\Users\ION\AppData\Local\Ashisoft
    2013-06-29 14:25:03 -------- d-----w- C:\Users\ION\AppData\Roaming\Ashisoft
    2013-06-29 14:24:47 -------- d-----w- C:\Program Files (x86)\Duplicate Finder
    2013-06-29 03:36:47 -------- d-----w- C:\adobeTemp
    2013-06-28 20:08:08 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BF73E8F-CE19-46A2-8565-FFCF03A2D1D3}\offreg.dll
    2013-06-28 19:22:51 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BF73E8F-CE19-46A2-8565-FFCF03A2D1D3}\mpengine.dll
    2013-06-26 05:09:22 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
    2013-06-21 04:15:04 -------- d-----w- C:\Program Files (x86)\pandasecuritytb
    2013-06-20 20:38:20 -------- d-----w- C:\Users\ION\AppData\Local\ElevatedDiagnostics
    2013-06-20 08:01:45 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2013-06-20 04:33:35 -------- d-----w- C:\Users\ION\AppData\Roaming\BlackMesa
    2013-06-20 04:07:10 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-17 08:00:59 -------- d-----w- C:\Windows\CheckSur
    2013-06-13 02:42:29 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-06-13 02:42:29 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-06-13 02:41:42 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-06-13 02:41:42 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-06-13 02:24:41 -------- d-----w- C:\Users\ION\AppData\Local\panda4_0dn
    2013-06-07 14:03:40 -------- d-----w- C:\ProgramData\blekko toolbars
    2013-06-06 13:46:06 -------- d-----w- C:\Users\ION\AppData\Roaming\Pattycake_Blue_Goo
    2013-06-05 17:45:40 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
    2013-06-05 17:43:49 -------- d-----w- C:\Program Files\My Dell
    2013-06-05 16:28:59 825752 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    .
    ==================== Find3M ====================
    .
    2013-06-29 00:06:11 2688232 ----a-w- C:\Windows\Lucid Dreaming Screensaver.scr
    2013-06-13 02:43:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-13 02:43:08 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-06-06 15:51:36 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-05-29 22:16:45 137448 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
    2013-05-29 10:55:24 246504 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
    2013-05-29 10:55:24 106216 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
    2013-05-29 10:55:23 118504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
    2013-05-29 10:55:23 114920 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
    2013-05-29 10:55:22 69864 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
    2013-05-29 10:55:22 305896 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
    2013-05-29 10:55:22 119016 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
    2013-05-29 10:55:21 95464 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
    2013-05-29 10:55:21 114920 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
    2013-05-29 10:55:21 109288 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
    2013-05-29 10:55:20 91368 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
    2013-05-29 10:55:20 122088 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
    2013-05-28 16:25:41 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
    2013-05-28 16:25:40 205544 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
    2013-05-28 16:25:40 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
    2013-05-28 16:25:05 122088 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
    2013-05-28 16:25:04 168680 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
    2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-05-08 12:23:49 114280 ----a-w- C:\Windows\SysWow64\acaptuser32.dll
    2013-05-07 19:29:42 36584 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
    2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 10:08:43.36 ===============

    ATTACH
    -------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/12/2011 2:07:06 AM
    System Uptime: 6/29/2013 9:42:57 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0NJT03
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 684 GiB total, 231.763 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    L: is FIXED (NTFS) - 93 GiB total, 70.099 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP306: 6/24/2013 10:39:48 PM - Windows Update
    RP307: 6/24/2013 11:26:35 PM - Windows Update
    RP308: 6/24/2013 11:31:20 PM - Windows Update
    RP309: 6/25/2013 8:03:29 AM - Windows Update
    RP310: 6/26/2013 3:01:29 AM - Windows Update
    RP311: 6/27/2013 3:01:23 AM - Windows Update
    RP312: 6/28/2013 3:03:10 AM - Windows Update
    RP313: 6/28/2013 7:05:20 AM - Windows Backup
    RP314: 6/28/2013 3:55:34 PM - Removed OpenVPN Client
    RP315: 6/29/2013 3:00:20 AM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 216.239.32.20 www.google.ae # bck9
    Hosts: 216.239.32.20 www.google.at # bck9
    Hosts: 216.239.32.20 www.google.be # bck9
    Hosts: 216.239.32.20 www.google.ca # bck9
    Hosts: 216.239.32.20 www.google.ch # bck9
    Hosts: 216.239.32.20 www.google.cl # bck9
    Hosts: 216.239.32.20 www.google.co.il # bck9
    Hosts: 216.239.32.20 www.google.co.in # bck9
    Hosts: 216.239.32.20 www.google.co.jp # bck9
    Hosts: 216.239.32.20 www.google.co.kr # bck9
    Hosts: 216.239.32.20 www.google.co.nz # bck9
    Hosts: 216.239.32.20 www.google.co.uk # bck9
    Hosts: 216.239.32.20 www.google.co.ve # bck9
    Hosts: 216.239.32.20 www.google.co.za # bck9
    Hosts: 216.239.32.20 www.google.com # bck9
    Hosts: 216.239.32.20 www.google.com.ar # bck9
    Hosts: 216.239.32.20 www.google.com.au # bck9
    Hosts: 216.239.32.20 www.google.com.br # bck9
    Hosts: 216.239.32.20 www.google.com.co # bck9
    Hosts: 216.239.32.20 www.google.com.gr # bck9
    Hosts: 216.239.32.20 www.google.com.hk # bck9
    Hosts: 216.239.32.20 www.google.com.mx # bck9
    Hosts: 216.239.32.20 www.google.com.my # bck9
    Hosts: 216.239.32.20 www.google.com.pe # bck9
    Hosts: 216.239.32.20 www.google.com.ph # bck9
    Hosts: 216.239.32.20 www.google.com.pk # bck9
    Hosts: 216.239.32.20 www.google.com.sg # bck9
    Hosts: 216.239.32.20 www.google.com.tr # bck9
    Hosts: 216.239.32.20 www.google.com.tw # bck9
    Hosts: 216.239.32.20 www.google.com.ua # bck9
    Hosts: 216.239.32.20 www.google.de # bck9
    Hosts: 216.239.32.20 www.google.dk # bck9
    Hosts: 216.239.32.20 www.google.es # bck9
    Hosts: 216.239.32.20 www.google.fi # bck9
    Hosts: 216.239.32.20 www.google.fr # bck9
    Hosts: 216.239.32.20 www.google.it # bck9
    Hosts: 216.239.32.20 www.google.lt # bck9
    Hosts: 216.239.32.20 www.google.lv # bck9
    Hosts: 216.239.32.20 www.google.nl # bck9
    Hosts: 216.239.32.20 www.google.pl # bck9
    Hosts: 216.239.32.20 www.google.pt # bck9
    Hosts: 216.239.32.20 www.google.ro # bck9
    Hosts: 216.239.32.20 www.google.ru # bck9
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    360Amigo System Speedup PRO
    7-Zip 9.20 (x64 edition)
    AccelerometerP11
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Acrobat 9.5.5 - CPSID_83708
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Community Help
    Adobe Content Viewer
    Adobe Default Language CS3
    Adobe Digital Editions
    Adobe Download Assistant
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3 Icon Handler
    Adobe InDesign CS5
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS5
    Adobe Reader X (10.1.7) MUI
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    Advanced Audio FX Engine
    AFPL Ghostscript 8.54
    AFPL Ghostscript Fonts
    AHV content for Acrobat and Flash
    Alien Swarm
    All Zombies Must Die!
    Anomaly Warzone Earth Demo
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Artisteer 3
    Arx Fatalis
    AVS Update Manager 1.0
    Aztaka Demo
    Bamboo
    Batman: Arkham Asylum GOTY Edition
    Beat Hazard
    BioShock
    BioShock 2
    BIT.TRIP RUNNER
    Blender
    Blue Coat K9 Web Protection
    Bonjour
    Bos Wars
    Boxoft WMA to WAV Converter (freeware)
    Brink
    Byte Red Timer
    Camfrog Video Chat 6.2
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator 3.1
    Canon MX870 series MP Drivers
    Capsized - Demo
    Castle Crashers
    Combat Arms
    ConnectWise Internet Client
    Consumer In-Home Service Agreement
    Cozi
    Crysis(R)
    D3DX10
    Darkspore Demo
    Dawn of War Demo
    Dead Space
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell VideoStage
    Dell Webcam Central
    Desura
    DirectX 9 Runtime
    DivX Setup
    DriverUpdate
    Dropbox
    Dungeon Defenders
    Duplicate Finder
    EasyBits GO
    eBay
    Epson Event Manager
    EPSON Scan
    Eufloria
    Evernote v. 4.5.10
    F.E.A.R. 2: Project Origin
    Fable III
    Facebook Video Calling 1.0.0.8526
    Facebook Video Calling 1.0.0.8714
    Facebook Video Calling 1.0.0.8953
    Facebook Video Calling 1.1.0.13
    Facebook Video Calling 1.1.1.1
    Facebook Video Calling 1.2.0.159
    Facebook Video Calling 1.2.0.287
    Fallout 3 - Game of the Year Edition
    FileZilla Client 3.5.3
    FlashGet 3.7
    Free WMA to MP3 Converter 1.16
    From Dust
    GameSpy Comrade
    Glest 3.2.2
    GoodSync
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPL Ghostscript
    GraphicsGale FreeEdition version 1.93.18
    H&R Block Colorado 2010
    H&R Block Deluxe + Efile + State 2010
    Hacker Evolution Duality Demo
    Half-Life
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    I-Doser Free
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor 2.0
    Intel(R) Wireless Display
    Internet Explorer
    IrfanView (remove only)
    iTunes
    Java 7 Update 7
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24 (64-bit)
    Java(TM) 6 Update 29
    JavaFX 2.1.1
    Junk Mail filter update
    Killing Floor
    Killing Floor Mod: Defence Alliance 2
    Kobo
    Lame ACM MP3 Codec
    Last.fm 1.5.4.27091
    Left 4 Dead
    Left 4 Dead 2
    LIMBO Demo
    Lucid Dream Preparation
    Lucid Dreaming Kit
    Lucid Dreaming Screensaver
    Machinarium
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mesh Runtime
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Morrowind
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Fusion 2
    My Dell
    NoteTab Light 6 (Remove only)
    Nuclear Dawn
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA Optimus 1.10.8
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Oblivion
    OpenAL
    OpenOffice.org 3.3
    PaintTool SAI Ver.1
    Panda Cloud Antivirus
    Panda Security Toolbar
    Panda Security URL Filtering
    PDF Settings
    Pdf995 (installed by H&R Block)
    PDFCreator
    PdfEdit995 (installed by H&R Block)
    PhotoShowExpress
    Portal
    Portal 2
    PunkBuster Services
    Quickset64
    QuickTime
    RAGE
    RBVirtualFolder64Inst
    Reality Check
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    RoboForm 7-8-0-5 (All Users)
    RockMelt
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Roxio File Backup
    SBaGen 1.4.4
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype Toolbars
    Skype™ 6.5
    SlimCleaner
    SlimDrivers
    Sonic CinePlayer Decoder Pack
    Soul Reaver 2 (remove only)
    Source SDK Base 2006
    Source SDK Base 2007
    Spiral Knights
    Star Wars: Knights of the Old Republic
    StarCraft II
    StartNow Toolbar
    Steam
    Stratagus (64 bit)
    Synaptics Pointing Device Driver
    System Requirements Lab CYRI
    Team Fortress 2
    Team Fortress 2 Beta
    TES Construction Set
    The Path - Prologue
    The Sims(TM) 3
    Thief - Deadly Shadows
    Tom Clancy's Rainbow Six 3: Athena Sword
    Tom Clancy's Rainbow Six 3: Gold Edition
    Toolbar Cleaner 1.0
    TreeSize Free V2.6
    Trillian
    Ubisoft Game Launcher
    Unity Web Player
    Unreal Anthology
    Unreal Development Kit: 2009-11
    Unreal Tournament 3
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Warhammer® 40,000™: Dawn of War® II - Single Player Demo
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR 4.01 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/29/2013 9:48:01 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    6/29/2013 9:48:01 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    6/29/2013 9:46:02 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/29/2013 9:45:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    6/29/2013 9:44:14 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
    6/29/2013 9:44:14 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    6/29/2013 9:44:14 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    6/29/2013 3:02:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2813430).
    6/28/2013 3:34:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    6/28/2013 10:31:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000117 (0xfffffa80083c24e0, 0xfffff8800f222a88, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\062813-68188-01.dmp. Report Id: 062813-68188-01.
    6/27/2013 6:01:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ION-PC\ION SID (S-1-5-21-1291173224-2023153693-1731437870-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/27/2013 5:24:13 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/27/2013 5:22:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/27/2013 5:22:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/27/2013 5:22:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/27/2013 5:22:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/27/2013 5:22:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache NNSALPC NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPIHSW NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr Wanarpv6
    6/27/2013 5:22:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/27/2013 5:22:06 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    6/27/2013 5:16:56 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \\?\Volume{c77cee39-8f72-11e0-bac9-806e6f6e6963}.
    6/27/2013 10:28:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    6/26/2013 9:38:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    6/26/2013 9:38:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    6/26/2013 9:38:47 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/26/2013 12:12:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    6/26/2013 12:12:14 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/26/2013 12:08:28 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
    6/26/2013 12:08:24 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
    6/26/2013 12:05:31 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    6/25/2013 8:14:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2013 8:09:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/25/2013 8:09:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/25/2013 8:09:09 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bckd DfsC discache NetBIOS NetBT NNSALPC NNSHTTP NNSHTTPS NNSIDS NNSNAHSL NNSPICC NNSPIHSW NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC nsiproxy Psched PSINKNC rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/25/2013 8:08:42 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/25/2013 8:03:14 AM, Error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    6/25/2013 8:03:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    6/25/2013 7:35:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    6/25/2013 7:35:41 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/25/2013 7:01:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    6/25/2013 6:53:31 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    6/25/2013 6:52:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
    6/25/2013 6:52:32 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/24/2013 11:02:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Desura Install Service service to connect.
    6/24/2013 11:02:27 PM, Error: Service Control Manager [7000] - The Desura Install Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/24/2013 10:26:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
    6/24/2013 10:26:45 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    Ark.txt


    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-06-29 11:35:03
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698.64GB
    Running: vj814210.exe; Driver: C:\Users\ION\AppData\Local\Temp\pwldrpow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072d41a22 2 bytes [D4, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072d41ad0 2 bytes [D4, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072d41b08 2 bytes [D4, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072d41bba 2 bytes [D4, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2656] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072d41bda 2 bytes [D4, 72]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3392] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3724] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075a14406 6 bytes JMP 719c0f5a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceNextW 0000000075a14cbc 6 bytes JMP 71a80f5a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceEnd 0000000075a15239 6 bytes JMP 71a50f5a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 0000000075a1575a 6 bytes JMP 71af0f5a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!recv 0000000075a16b0e 6 bytes JMP 719f0f5a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!send 0000000075a16f01 6 bytes JMP 71a20f5a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075a17089 6 bytes JMP 71990f5a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5884] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000075a17489 6 bytes JMP 71960f5a
    ? C:\Windows\system32\mssprxy.dll [5884] entry point in ".rdata" section 00000000730871e6
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[6164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000660911a8 2 bytes [09, 66]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000660913a8 2 bytes [09, 66]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000066091422 2 bytes [09, 66]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6720] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000066091498 2 bytes [09, 66]
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6500] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[7160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Roaming\Dropbox\bin\Dropbox.exe[6908] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0x104b628; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0x104b668; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0x104b5a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0x104b528; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0x104b728; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0x104b768; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0x104b6e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0x104b6a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0x104b468; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0x104b4a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0x104b428; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0x104b5e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0x104b568; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0x104b4e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0xa01e28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0xa01e68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0xa01da8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0xa01d28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0xa01f28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0xa01f68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0xa01ee8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0xa01ea8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0xa01c68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0xa01ca8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0xa01c28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0xa01de8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0xa01d68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0xa01ce8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0x867228; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0x867268; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0x8671a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0x867128; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0x867328; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0x867368; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0x8672e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0x8672a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0x867068; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0x8670a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0x867028; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0x8671e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0x867168; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0x8670e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0xf69e28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0xf69e68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0xf69da8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0xf69d28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0xf69f28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0xf69f68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0xf69ee8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0xf69ea8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0xf69c68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0xf69ca8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0xf69c28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0xf69de8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0xf69d68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0xf69ce8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0x8c8e28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0x8c8e68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 2 bytes [BA, A8]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8 0000000077a2fc08 4 bytes {MOV [RAX], ES; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 2 bytes [BA, 28]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8 0000000077a2fc20 4 bytes {MOV [RAX], ES; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0x8c8f28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0x8c8f68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0x8c8ee8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0x8c8ea8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0x8c8c68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0x8c8ca8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0x8c8c28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 2 bytes [BA, E8]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8 0000000077a310a8 4 bytes {MOV [RAX], ES; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 2 bytes [BA, 68]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8 0000000077a31120 4 bytes {MOV [RAX], ES; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0x8c8ce8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0xcef228; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0xcef268; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0xcef1a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0xcef128; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0xcef328; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0xcef368; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0xcef2e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0xcef2a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0xcef068; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0xcef0a8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0xcef028; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0xcef1e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0xcef168; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0xcef0e8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[7932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 7 bytes {MOV EDX, 0x666e28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 7 bytes {MOV EDX, 0x666e68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 7 bytes {MOV EDX, 0x666da8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 7 bytes {MOV EDX, 0x666d28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 7 bytes {MOV EDX, 0x666f28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 7 bytes {MOV EDX, 0x666f68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 7 bytes {MOV EDX, 0x666ee8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 7 bytes {MOV EDX, 0x666ea8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 7 bytes {MOV EDX, 0x666c68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 7 bytes {MOV EDX, 0x666ca8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 7 bytes {MOV EDX, 0x666c28; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 7 bytes {MOV EDX, 0x666de8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 7 bytes {MOV EDX, 0x666d68; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 7 bytes {MOV EDX, 0x666ce8; JMP RDX}
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a01465 2 bytes [A0, 75]
    .text C:\Users\ION\AppData\Local\Google\Chrome\Application\chrome.exe[8484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a014bb 2 bytes [A0, 75]
    .text ... * 2
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077361429 7 bytes JMP 000000016fe2128f
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007737b223 5 bytes JMP 000000016fe2159b
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773f88f4 7 bytes JMP 000000016fe21339
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000773f8979 5 bytes JMP 000000016fe216b8
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000773f8ccf 5 bytes JMP 000000016fe2101e
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075991d1b 5 bytes JMP 000000016fe211d1
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075991dc9 5 bytes JMP 000000016fe21019
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075992aa4 5 bytes JMP 000000016fe2154b
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075992d0a 5 bytes JMP 000000016fe21276
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007562e9a2 5 bytes JMP 000000016fe215b4
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007562ebdc 5 bytes JMP 000000016fe2119a
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fa5ea5 5 bytes JMP 000000016fe215e6
    .text C:\Users\ION\Desktop\vj814210.exe[9168] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fd9d0b 5 bytes JMP 000000016fe2122b

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:8156] 000007fefba42a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:2568] 000007fee977d618
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:6432] 000007fee977d618
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:6944] 000007fef3935124
    ---- Processes - GMER 2.1 ----

    Library C:\Users\ION\AppData\Local\Temp\nstC36F.tmp\System.dll (*** suspicious ***) @ C:\Users\ION\Desktop\dds.scr [7232] 0000000010000000
    Library C:\Users\ION\AppData\Local\Temp\nstC36F.tmp\Banner.dll (*** suspicious ***) @ C:\Users\ION\Desktop\dds.scr [7232] 00000000003c0000
    Library C:\Users\ION\AppData\Local\Temp\nstC36F.tmp\nsExec.dll (*** suspicious ***) @ C:\Users\ION\Desktop\dds.scr [7232] 0000000000840000

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CDC8395C-008A-466E-823B-1B0439C0CA04}\Connection@Name isatap.{375F99C5-5A81-4537-A445-02522EA5BFB1}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{323EB616-AAB7-4061-BEEA-36F08F9AEB07}?\Device\{CDC8395C-008A-466E-823B-1B0439C0CA04}?\Device\{9259DDA5-B659-41EE-ABF7-448985CE6865}?\Device\{F788BF1B-6EA0-433D-86A7-B69FE98845A4}?\Device\{19D8491D-B683-41E3-84D6-AFAE8576E832}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{323EB616-AAB7-4061-BEEA-36F08F9AEB07}"?"{CDC8395C-008A-466E-823B-1B0439C0CA04}"?"{9259DDA5-B659-41EE-ABF7-448985CE6865}"?"{F788BF1B-6EA0-433D-86A7-B69FE98845A4}"?"{19D8491D-B683-41E3-84D6-AFAE8576E832}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{323EB616-AAB7-4061-BEEA-36F08F9AEB07}?\Device\TCPIP6TUNNEL_{CDC8395C-008A-466E-823B-1B0439C0CA04}?\Device\TCPIP6TUNNEL_{9259DDA5-B659-41EE-ABF7-448985CE6865}?\Device\TCPIP6TUNNEL_{F788BF1B-6EA0-433D-86A7-B69FE98845A4}?\Device\TCPIP6TUNNEL_{19D8491D-B683-41E3-84D6-AFAE8576E832}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDC8395C-008A-466E-823B-1B0439C0CA04}@InterfaceName isatap.{375F99C5-5A81-4537-A445-02522EA5BFB1}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDC8395C-008A-466E-823B-1B0439C0CA04}@ReusableType 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 23633

    ---- EOF - GMER 2.1 ----


    Thanks for the assistance.

    Ian
     
  2. icbarefoot

    icbarefoot Thread Starter

    Joined:
    Nov 30, 2006
    Messages:
    30
    bumping this.
     
  3. icbarefoot

    icbarefoot Thread Starter

    Joined:
    Nov 30, 2006
    Messages:
    30
    bump
    I updated all my drivers and ran cleanup and my bar is back, the freezes seem to stop but I still get the BSOD every few days which has me worried. It flashes by to fast to record the error, I need to keep a pencil and pad by the desk because there's no time for a picture but may be time to write some numbers, if I'm lucky.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1102399