System slow / FBI Virus / Multiple toolbars

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

redspot321

Thread Starter
Joined
Jan 19, 2013
Messages
3
I have run AVG, and Malware & spy removal programs. Deleted all programs that looked like toolbars and Chrome which i was having problems with.

My PC seems to be back to normal but want to double check. Please see the logs. Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:50:26 PM, on 1/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Walter Hoffmann\Desktop\HijackThis.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [ScrewDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Walter Hoffmann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files (x86)\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: SapphireSetupChecker.cab - https://hfradpacs1.health-first.org/Sapphire/download/SapphireSetupChecker.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe
--
End of file - 17754 bytes
 

redspot321

Thread Starter
Joined
Jan 19, 2013
Messages
3
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Walter Hoffmann at 16:55:12 on 2013-01-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3984.2206 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google Update] "C:\Users\Walter Hoffmann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [ScrewDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NKBMON~1.LNK - C:\Program Files (x86)\Nikon\PictureProject\NkbMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: SapphireSetupChecker.cab - hxxps://hfradpacs1.health-first.org/Sapphire/download/SapphireSetupChecker.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CA41E043-8639-44F8-B864-DF9CE7DB7D3F} : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 30568]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-4-16 87600]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-4-25 165032]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-19 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-19 682344]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-25 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-13 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-2-22 56040]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-19 24176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-12-9 102368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IFCoEMP;IFCoEMP;C:\Windows\System32\drivers\ifM52x64.sys [2011-4-25 339728]
S3 IFCoEVB;IFCoEVB;C:\Windows\System32\drivers\ifP52x64.sys [2011-4-25 65808]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-4-25 158976]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2012-9-28 40320]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-12-9 203104]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
.
=============== Created Last 30 ================
.
2013-01-19 19:41:17 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\Malwarebytes
2013-01-19 19:41:09 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-19 19:41:08 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-19 19:41:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-19 17:27:22 110080 ----a-r- C:\Users\Walter Hoffmann\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2013-01-19 17:27:22 110080 ----a-r- C:\Users\Walter Hoffmann\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2013-01-19 17:27:22 -------- d-----w- C:\sh4ldr
2013-01-19 17:27:22 -------- d-----w- C:\Program Files\Enigma Software Group
2013-01-19 17:24:00 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\ElevatedDiagnostics
2013-01-18 00:11:06 -------- d-----w- C:\Users\Walter Hoffmann\FB pics
2013-01-18 00:10:49 -------- d-----w- C:\Users\Walter Hoffmann\New folder
2013-01-14 01:54:24 11264 ----a-w- C:\Windows\Launcher.exe
2013-01-14 01:54:24 -------- d-----w- C:\Program Files (x86)\Protected Search
2013-01-14 01:53:24 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\DownTango
2013-01-14 01:53:16 -------- d-----w- C:\Program Files (x86)\Red Sky
2013-01-08 22:55:52 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-08 22:55:48 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-08 22:55:31 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-08 22:55:30 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-08 22:55:30 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-08 22:55:29 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-08 22:55:11 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-08 22:55:11 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-08 22:55:07 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-08 22:55:06 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-06 19:10:03 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Western_Digital
2013-01-06 19:09:18 -------- d-----w- C:\Program Files\Western Digital
2013-01-06 19:08:53 -------- d-----w- C:\Program Files (x86)\Western Digital
2013-01-06 19:08:53 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
2013-01-06 19:08:26 -------- d-----w- C:\ProgramData\Western Digital
2013-01-01 19:04:39 -------- d-----w- C:\My Videos
2013-01-01 19:04:08 50704 ----a-w- C:\Windows\SysWow64\drivers\npf.sys
2013-01-01 19:04:08 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\aHisoft
2013-01-01 19:04:03 -------- d-----w- C:\Program Files (x86)\aHisoft
2013-01-01 03:46:44 -------- d-----w- C:\ProgramData\Browser Manager
2013-01-01 02:33:36 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\AnvSoft
2013-01-01 01:59:47 -------- d-----w- C:\Users\Walter Hoffmann\.dvdcss
2013-01-01 01:59:17 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\tiger-k
2013-01-01 01:59:16 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\Leawo
2013-01-01 01:59:16 -------- d-----w- C:\ProgramData\Leawo
2013-01-01 01:43:10 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
2013-01-01 01:43:10 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
2013-01-01 01:43:10 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
2013-01-01 01:43:10 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
2013-01-01 01:43:10 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\TFP
2013-01-01 01:42:59 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Torch
2013-01-01 01:42:47 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\FreeVideoConverter
2013-01-01 01:42:32 -------- d-----w- C:\ProgramData\boost_interprocess
2013-01-01 01:42:19 -------- d-----w- C:\Program Files (x86)\Free Video Converter
2013-01-01 01:32:19 -------- d-----w- C:\ProgramData\xml_param
2013-01-01 01:25:32 20992 ----a-w- C:\Windows\System32\OpenCL.dll
2013-01-01 01:25:32 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2013-01-01 01:25:28 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-01-01 01:25:28 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2013-01-01 01:23:55 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-01-01 01:20:06 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-01-01 01:16:39 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\Aimersoft Video Converter Ultimate
2013-01-01 01:16:25 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Aimersoft
2013-01-01 01:16:24 -------- d-----w- C:\Program Files\Common Files\Aimersoft
2013-01-01 01:16:13 -------- d-----w- C:\ProgramData\Aimersoft Video Converter Ultimate
2013-01-01 01:16:11 -------- d-----w- C:\Program Files (x86)\Aimersoft
2012-12-31 20:41:38 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\CDROLLER
2012-12-31 20:41:27 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Programs
2012-12-31 18:49:14 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\CUDA
2012-12-31 18:49:01 -------- d-----w- C:\Program Files (x86)\Free CUDA Video Converter 6
2012-12-31 18:47:29 -------- d-----w- C:\Program Files (x86)\OApps
2012-12-31 18:27:39 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Wondershare
2012-12-31 18:27:38 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2012-12-30 14:55:14 -------- d-sh--w- C:\BOOT
2012-12-30 02:57:17 -------- d-----w- C:\ProgramData\PDFC
2012-12-25 22:41:40 -------- d-----w- C:\Program Files (x86)\LeapFrog
2012-12-25 22:41:39 -------- d-----w- C:\ProgramData\Leapfrog
2012-12-21 08:00:27 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 08:00:27 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 08:00:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 08:00:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 13:14:10 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 13:14:10 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-20 03:54:00 189000 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys
2012-12-20 03:53:58 48200 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys
2012-12-20 03:53:54 18504 ----a-w- C:\Windows\System32\drivers\eudskacs.sys
2012-12-20 03:53:52 58952 ----a-w- C:\Windows\System32\drivers\eubakup.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 15:43:11 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-29 17:10:02 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-22 22:39:58 12887552 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-10-22 22:39:56 10674176 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-10-22 22:39:54 5903392 ----a-w- C:\Windows\System32\GfxUI.exe
2012-10-22 22:39:54 399392 ----a-w- C:\Windows\System32\hkcmd.exe
2012-10-22 22:39:54 173568 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-10-22 22:39:54 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-10-22 22:39:50 185376 ----a-w- C:\Windows\System32\difx64.exe
.
============= FINISH: 16:55:47.28 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/24/2011 5:24:21 PM
System Uptime: 1/19/2013 4:43:15 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1497
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | SOCKET 0 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 327.733 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0.997 GiB free.
E: is CDROM ()
F: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP159: 1/8/2013 5:59:51 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP160: 1/9/2013 3:00:17 AM - Windows Update
RP161: 1/17/2013 4:28:03 AM - Scheduled Checkpoint
RP162: 1/19/2013 4:34:08 PM - Removed CnW
RP163: 1/19/2013 4:35:55 PM - Removed iSilo
RP164: 1/19/2013 4:37:49 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
.
==== Installed Programs ======================
.
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG Security Toolbar
Bonjour
BufferChm
Business Plan Pro 11.0
Cisco Connect
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Corel WinDVD
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocMgr
DocProc
Fax
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Auto
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Odometer
HP Officejet 4500 G510g-m
HP Setup
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iCloud
InstallIQ Updater
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 15.7.176.0
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC90_CRT_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Nikon Message Center
OCR Software by I.R.I.S. 13.0
Picasa 3
PictureProject
PictureProject In Touch Downloader 1.0
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
ScrewDrivers Client v4 with Citrix Web Client 12.0.3 (silent)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shop for HP Supplies
Skype Click to Call
Skype&#8482; 5.10
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware
System Requirements Lab for Intel
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
Video Download Studio 3.4.14
Visual Studio 2008 x64 Redistributables
WD Drive Utilities
WD Security
WD SmartWare
WebReg
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live ID Sign-in Assistant
WinZip 16.5
Xobni
.
==== Event Viewer Messages From Past Week ========
.
1/19/2013 4:44:49 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
1/19/2013 4:44:49 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
1/19/2013 4:43:48 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/19/2013 4:43:47 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/19/2013 4:43:47 PM, Error: Service Control Manager [7000] - The npf service failed to start due to the following error: This driver has been blocked from loading
1/19/2013 4:43:47 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\npf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/19/2013 4:43:45 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/19/2013 4:43:43 PM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified.
1/19/2013 12:38:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XobniService service to connect.
1/19/2013 12:38:31 PM, Error: Service Control Manager [7000] - The XobniService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/19/2013 12:33:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/19/2013 12:30:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}
1/19/2013 12:30:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}
1/19/2013 12:18:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2013 12:18:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/19/2013 12:18:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/19/2013 12:18:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/19/2013 12:18:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/19/2013 12:18:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 BHDrvx64 ctxusbm discache eeCtrl EUDSKACS EUFDDISK IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS vpcvmm Wanarpv6
1/19/2013 12:18:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2013 12:13:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2013 12:08:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/19/2013 12:08:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/19/2013 12:08:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia BHDrvx64 CSC ctxusbm DfsC discache eeCtrl EUDSKACS EUFDDISK IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2013 11:42:34 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
1/17/2013 3:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WalterHoffmann\Walter Hoffmann SID (S-1-5-21-1170432454-2848427990-1172919331-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/13/2013 8:54:21 PM, Error: Service Control Manager [7034] - The vToolbarUpdater13.2.0 service terminated unexpectedly. It has done this 1 time(s).
1/12/2013 9:45:04 PM, Error: Schannel [36887] - The following fatal alert was received: 47.
.
==== End Of File ===========================
 

redspot321

Thread Starter
Joined
Jan 19, 2013
Messages
3
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-19 17:20:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.HP61 465.76GB
Running: blp8bv1m.exe; Driver: C:\Users\WALTER~1\AppData\Local\Temp\kwtdipob.sys

---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3804] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000772e000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3804] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007736f85a 5 bytes JMP 000000017731d571
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe[4752] C:\Windows\system32\MSVCR100.dll!_CIatan2 + 274 00000000715548cc 3 bytes [22, 0C, 5F]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000762f2da4 5 bytes JMP 00000001682d9eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007630cbf3 5 bytes JMP 0000000168428fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007630cfca 5 bytes JMP 0000000168231893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007632cb0c 5 bytes JMP 0000000168428f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007632ce64 5 bytes JMP 000000016842901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007633fbd1 5 bytes JMP 0000000168428ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007633fc9d 5 bytes JMP 0000000168428e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007633fcd6 5 bytes JMP 0000000168428dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007633fcfa 5 bytes JMP 0000000168428d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075f693ec 5 bytes JMP 00000001684291d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000719b388e 5 bytes JMP 0000000168429080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a57922 5 bytes JMP 0000000168429128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074a22694 5 bytes JMP 00000001684293c8
? C:\Windows\system32\mssprxy.dll [4636] entry point in ".rdata" section 00000000747b71e6
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773025fd 6 bytes JMP 00000001682f8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077312a63 6 bytes JMP 0000000168299805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000074bc34b5 5 bytes JMP 00000001682975db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000762e8a29 5 bytes JMP 00000001683003cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000762ed22e 5 bytes JMP 00000001682a363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000762f291f 5 bytes JMP 000000016827ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000762f2da4 5 bytes JMP 00000001682d9eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000762f6285 5 bytes JMP 00000001682f7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000762f7603 5 bytes JMP 00000001682d25ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000762fb029 5 bytes JMP 0000000168429358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000762fc63e 5 bytes JMP 0000000168429390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000763050ed 5 bytes JMP 0000000168429a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076305246 5 bytes JMP 00000001684292e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!EndDialog 000000007630b99c 5 bytes JMP 0000000168429d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007630c701 5 bytes JMP 0000000168429a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007630cbf3 5 bytes JMP 0000000168428fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007630cfca 5 bytes JMP 0000000168231893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007630eb96 5 bytes JMP 000000016827ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007630f52b 3 bytes JMP 000000016831ed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx + 4 000000007630f52f 1 byte [F2]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!SendInput 000000007630ff4a 5 bytes JMP 000000016842a2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000763110dc 5 bytes JMP 0000000168429320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000763114b2 5 bytes JMP 000000016842a341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 5 bytes JMP 000000016842a3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007632cb0c 5 bytes JMP 0000000168428f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007632ce64 5 bytes JMP 000000016842901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007633fbd1 5 bytes JMP 0000000168428ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007633fc9d 5 bytes JMP 0000000168428e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007633fcd6 5 bytes JMP 0000000168428dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007633fcfa 5 bytes JMP 0000000168428d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!keybd_event 00000000763402bf 5 bytes JMP 000000016842a2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076486143 5 bytes JMP 0000000168429784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075f03e59 5 bytes JMP 000000016842987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075f03eae 5 bytes JMP 00000001684298fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075f04731 5 bytes JMP 00000001684297ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075f05dee 5 bytes JMP 000000016842989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075f693ec 5 bytes JMP 00000001684291d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000719b388e 5 bytes JMP 0000000168429080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a57922 5 bytes JMP 0000000168429128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000074a133a3 5 bytes JMP 000000016842946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074a22694 5 bytes JMP 00000001684293c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000074a2e8ff 5 bytes JMP 0000000168429538
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773025fd 6 bytes JMP 00000001682f8042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077312a63 6 bytes JMP 0000000168299805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000074bc34b5 5 bytes JMP 00000001682975db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000762e8a29 5 bytes JMP 00000001683003cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000762ed22e 5 bytes JMP 00000001682a363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000762f291f 5 bytes JMP 000000016827ddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000762f2da4 5 bytes JMP 00000001682d9eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000762f6285 5 bytes JMP 00000001682f7fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000762f7603 5 bytes JMP 00000001682d25ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000762fb029 5 bytes JMP 0000000168429358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000762fc63e 5 bytes JMP 0000000168429390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000763050ed 5 bytes JMP 0000000168429a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076305246 5 bytes JMP 00000001684292e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!EndDialog 000000007630b99c 5 bytes JMP 0000000168429d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007630c701 5 bytes JMP 0000000168429a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007630cbf3 5 bytes JMP 0000000168428fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007630cfca 5 bytes JMP 0000000168231893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007630eb96 5 bytes JMP 000000016827ded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007630f52b 3 bytes JMP 000000016831ed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx + 4 000000007630f52f 1 byte [F2]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!SendInput 000000007630ff4a 5 bytes JMP 000000016842a2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000763110dc 5 bytes JMP 0000000168429320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000763114b2 5 bytes JMP 000000016842a341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 5 bytes JMP 000000016842a3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007632cb0c 5 bytes JMP 0000000168428f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007632ce64 5 bytes JMP 000000016842901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007633fbd1 5 bytes JMP 0000000168428ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007633fc9d 5 bytes JMP 0000000168428e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007633fcd6 5 bytes JMP 0000000168428dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007633fcfa 5 bytes JMP 0000000168428d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!keybd_event 00000000763402bf 5 bytes JMP 000000016842a2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076486143 5 bytes JMP 0000000168429784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075f03e59 5 bytes JMP 000000016842987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075f03eae 5 bytes JMP 00000001684298fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075f04731 5 bytes JMP 00000001684297ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075f05dee 5 bytes JMP 000000016842989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075f693ec 5 bytes JMP 00000001684291d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000719b388e 5 bytes JMP 0000000168429080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a57922 5 bytes JMP 0000000168429128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000074a133a3 5 bytes JMP 000000016842946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074a22694 5 bytes JMP 00000001684293c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000074a2e8ff 5 bytes JMP 0000000168429538
---- Threads - GMER 2.0 ----
Thread [496:504] 000007feff1d6e50
Thread [496:512] 000007fefe93fb50
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4552:1056] 000007fefb0d2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4552:4448] 000007fef0e0d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4552:5388] 000007fef8925124
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ [496] 000000013fda0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2572] 0000000070c70000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe [2760] 000007fefe4c0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2940] 000000006fdd0000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4552] 000007fefc450000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [5184] 000007fefb600000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [5988] 000007feec1e0000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [4468] 000007fefb600000
---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top