1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System slow / FBI Virus / Multiple toolbars

Discussion in 'Virus & Other Malware Removal' started by redspot321, Jan 19, 2013.

Thread Status:
Not open for further replies.
  1. redspot321

    redspot321 Thread Starter

    Joined:
    Jan 19, 2013
    Messages:
    3
    I have run AVG, and Malware & spy removal programs. Deleted all programs that looked like toolbars and Chrome which i was having problems with.

    My PC seems to be back to normal but want to double check. Please see the logs. Thanks

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:50:26 PM, on 1/19/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Walter Hoffmann\Desktop\HijackThis.exe.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [ScrewDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
    O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Walter Hoffmann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [googletalk] C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files (x86)\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: SapphireSetupChecker.cab - https://hfradpacs1.health-first.org/Sapphire/download/SapphireSetupChecker.cab
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe
    --
    End of file - 17754 bytes
     
  2. redspot321

    redspot321 Thread Starter

    Joined:
    Jan 19, 2013
    Messages:
    3
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Walter Hoffmann at 16:55:12 on 2013-01-19
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3984.2206 [GMT -5:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Xobni\XobniService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Google Update] "C:\Users\Walter Hoffmann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [googletalk] C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [ScrewDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
    mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NKBMON~1.LNK - C:\Program Files (x86)\Nikon\PictureProject\NkbMonitor.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: SapphireSetupChecker.cab - hxxps://hfradpacs1.health-first.org/Sapphire/download/SapphireSetupChecker.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
    TCP: NameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{CA41E043-8639-44F8-B864-DF9CE7DB7D3F} : DHCPNameServer = 65.32.5.111 65.32.5.112
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 30568]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-4-16 87600]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-4-25 165032]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-19 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-19 682344]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-25 2656280]
    R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
    R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-13 248248]
    R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
    R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-2-22 56040]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
    R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-19 24176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-12-9 102368]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 IFCoEMP;IFCoEMP;C:\Windows\System32\drivers\ifM52x64.sys [2011-4-25 339728]
    S3 IFCoEVB;IFCoEVB;C:\Windows\System32\drivers\ifP52x64.sys [2011-4-25 65808]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-4-25 158976]
    S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2012-9-28 40320]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-12-9 203104]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-26 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    .
    =============== Created Last 30 ================
    .
    2013-01-19 19:41:17 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\Malwarebytes
    2013-01-19 19:41:09 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-19 19:41:08 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-19 19:41:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-19 17:27:22 110080 ----a-r- C:\Users\Walter Hoffmann\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
    2013-01-19 17:27:22 110080 ----a-r- C:\Users\Walter Hoffmann\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
    2013-01-19 17:27:22 -------- d-----w- C:\sh4ldr
    2013-01-19 17:27:22 -------- d-----w- C:\Program Files\Enigma Software Group
    2013-01-19 17:24:00 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\ElevatedDiagnostics
    2013-01-18 00:11:06 -------- d-----w- C:\Users\Walter Hoffmann\FB pics
    2013-01-18 00:10:49 -------- d-----w- C:\Users\Walter Hoffmann\New folder
    2013-01-14 01:54:24 11264 ----a-w- C:\Windows\Launcher.exe
    2013-01-14 01:54:24 -------- d-----w- C:\Program Files (x86)\Protected Search
    2013-01-14 01:53:24 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\DownTango
    2013-01-14 01:53:16 -------- d-----w- C:\Program Files (x86)\Red Sky
    2013-01-08 22:55:52 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-08 22:55:48 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-08 22:55:31 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-08 22:55:30 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-08 22:55:30 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-08 22:55:29 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-08 22:55:11 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-08 22:55:11 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-08 22:55:07 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-08 22:55:06 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-01-06 19:10:03 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Western_Digital
    2013-01-06 19:09:18 -------- d-----w- C:\Program Files\Western Digital
    2013-01-06 19:08:53 -------- d-----w- C:\Program Files (x86)\Western Digital
    2013-01-06 19:08:53 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
    2013-01-06 19:08:26 -------- d-----w- C:\ProgramData\Western Digital
    2013-01-01 19:04:39 -------- d-----w- C:\My Videos
    2013-01-01 19:04:08 50704 ----a-w- C:\Windows\SysWow64\drivers\npf.sys
    2013-01-01 19:04:08 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\aHisoft
    2013-01-01 19:04:03 -------- d-----w- C:\Program Files (x86)\aHisoft
    2013-01-01 03:46:44 -------- d-----w- C:\ProgramData\Browser Manager
    2013-01-01 02:33:36 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\AnvSoft
    2013-01-01 01:59:47 -------- d-----w- C:\Users\Walter Hoffmann\.dvdcss
    2013-01-01 01:59:17 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\tiger-k
    2013-01-01 01:59:16 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\Leawo
    2013-01-01 01:59:16 -------- d-----w- C:\ProgramData\Leawo
    2013-01-01 01:43:10 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
    2013-01-01 01:43:10 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
    2013-01-01 01:43:10 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
    2013-01-01 01:43:10 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
    2013-01-01 01:43:10 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\TFP
    2013-01-01 01:42:59 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Torch
    2013-01-01 01:42:47 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\FreeVideoConverter
    2013-01-01 01:42:32 -------- d-----w- C:\ProgramData\boost_interprocess
    2013-01-01 01:42:19 -------- d-----w- C:\Program Files (x86)\Free Video Converter
    2013-01-01 01:32:19 -------- d-----w- C:\ProgramData\xml_param
    2013-01-01 01:25:32 20992 ----a-w- C:\Windows\System32\OpenCL.dll
    2013-01-01 01:25:32 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
    2013-01-01 01:25:28 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2013-01-01 01:25:28 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
    2013-01-01 01:23:55 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2013-01-01 01:20:06 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2013-01-01 01:16:39 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\Aimersoft Video Converter Ultimate
    2013-01-01 01:16:25 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Aimersoft
    2013-01-01 01:16:24 -------- d-----w- C:\Program Files\Common Files\Aimersoft
    2013-01-01 01:16:13 -------- d-----w- C:\ProgramData\Aimersoft Video Converter Ultimate
    2013-01-01 01:16:11 -------- d-----w- C:\Program Files (x86)\Aimersoft
    2012-12-31 20:41:38 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\CDROLLER
    2012-12-31 20:41:27 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Programs
    2012-12-31 18:49:14 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Roaming\CUDA
    2012-12-31 18:49:01 -------- d-----w- C:\Program Files (x86)\Free CUDA Video Converter 6
    2012-12-31 18:47:29 -------- d-----w- C:\Program Files (x86)\OApps
    2012-12-31 18:27:39 -------- d-----w- C:\Users\Walter Hoffmann\AppData\Local\Wondershare
    2012-12-31 18:27:38 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
    2012-12-30 14:55:14 -------- d-sh--w- C:\BOOT
    2012-12-30 02:57:17 -------- d-----w- C:\ProgramData\PDFC
    2012-12-25 22:41:40 -------- d-----w- C:\Program Files (x86)\LeapFrog
    2012-12-25 22:41:39 -------- d-----w- C:\ProgramData\Leapfrog
    2012-12-21 08:00:27 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 08:00:27 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 08:00:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 08:00:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 13:14:10 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 13:14:10 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-20 03:54:00 189000 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys
    2012-12-20 03:53:58 48200 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys
    2012-12-20 03:53:54 18504 ----a-w- C:\Windows\System32\drivers\eudskacs.sys
    2012-12-20 03:53:52 58952 ----a-w- C:\Windows\System32\drivers\eubakup.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-08 15:43:11 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-29 17:10:02 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-22 22:39:58 12887552 ----a-w- C:\Windows\System32\ig4icd64.dll
    2012-10-22 22:39:56 10674176 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
    2012-10-22 22:39:54 5903392 ----a-w- C:\Windows\System32\GfxUI.exe
    2012-10-22 22:39:54 399392 ----a-w- C:\Windows\System32\hkcmd.exe
    2012-10-22 22:39:54 173568 ----a-w- C:\Windows\System32\gfxSrvc.dll
    2012-10-22 22:39:54 110592 ----a-w- C:\Windows\System32\hccutils.dll
    2012-10-22 22:39:50 185376 ----a-w- C:\Windows\System32\difx64.exe
    .
    ============= FINISH: 16:55:47.28 ===============
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/24/2011 5:24:21 PM
    System Uptime: 1/19/2013 4:43:15 PM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1497
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | SOCKET 0 | 3300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 457 GiB total, 327.733 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 0.997 GiB free.
    E: is CDROM ()
    F: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP159: 1/8/2013 5:59:51 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP160: 1/9/2013 3:00:17 AM - Windows Update
    RP161: 1/17/2013 4:28:03 AM - Scheduled Checkpoint
    RP162: 1/19/2013 4:34:08 PM - Removed CnW
    RP163: 1/19/2013 4:35:55 PM - Removed iSilo
    RP164: 1/19/2013 4:37:49 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    .
    ==== Installed Programs ======================
    .
    4500_G510gm_Help
    4500G510gm
    4500G510gm_Software_Min
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2012
    AVG Security Toolbar
    Bonjour
    BufferChm
    Business Plan Pro 11.0
    Cisco Connect
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Corel WinDVD
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DirectX for Managed Code Update (Summer 2004)
    DocMgr
    DocProc
    Fax
    Google Talk (remove only)
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.2.1.1
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    HP Auto
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Document Manager 2.0
    HP Imaging Device Functions 13.0
    HP Odometer
    HP Officejet 4500 G510g-m
    HP Setup
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Support Assistant
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    iCloud
    InstallIQ Updater
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Network Connections 15.7.176.0
    Intel(R) Processor Graphics
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    LeapFrog Connect
    LeapFrog LeapPad Explorer Plugin
    Malwarebytes Anti-Malware version 1.70.0.1100
    MarketResearch
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC90_CRT_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network64
    Nikon Message Center
    OCR Software by I.R.I.S. 13.0
    Picasa 3
    PictureProject
    PictureProject In Touch Downloader 1.0
    QuickTime
    Realtek High Definition Audio Driver
    Recovery Manager
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Scan
    ScrewDrivers Client v4 with Citrix Web Client 12.0.3 (silent)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Shop for HP Supplies
    Skype Click to Call
    Skype&#8482; 5.10
    SmartWebPrinting
    SolutionCenter
    Status
    SUPERAntiSpyware
    System Requirements Lab for Intel
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
    Video Download Studio 3.4.14
    Visual Studio 2008 x64 Redistributables
    WD Drive Utilities
    WD Security
    WD SmartWare
    WebReg
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Live ID Sign-in Assistant
    WinZip 16.5
    Xobni
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/19/2013 4:44:49 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    1/19/2013 4:44:49 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    1/19/2013 4:43:48 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/19/2013 4:43:47 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/19/2013 4:43:47 PM, Error: Service Control Manager [7000] - The npf service failed to start due to the following error: This driver has been blocked from loading
    1/19/2013 4:43:47 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\npf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    1/19/2013 4:43:45 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/19/2013 4:43:43 PM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified.
    1/19/2013 12:38:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XobniService service to connect.
    1/19/2013 12:38:31 PM, Error: Service Control Manager [7000] - The XobniService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/19/2013 12:33:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/19/2013 12:30:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}
    1/19/2013 12:30:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}
    1/19/2013 12:18:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2013 12:18:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/19/2013 12:18:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/19/2013 12:18:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/19/2013 12:18:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/19/2013 12:18:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 BHDrvx64 ctxusbm discache eeCtrl EUDSKACS EUFDDISK IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS vpcvmm Wanarpv6
    1/19/2013 12:18:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2013 12:13:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2013 12:08:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/19/2013 12:08:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/19/2013 12:08:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia BHDrvx64 CSC ctxusbm DfsC discache eeCtrl EUDSKACS EUFDDISK IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2013 12:08:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2013 11:42:34 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
    1/17/2013 3:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WalterHoffmann\Walter Hoffmann SID (S-1-5-21-1170432454-2848427990-1172919331-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/13/2013 8:54:21 PM, Error: Service Control Manager [7034] - The vToolbarUpdater13.2.0 service terminated unexpectedly. It has done this 1 time(s).
    1/12/2013 9:45:04 PM, Error: Schannel [36887] - The following fatal alert was received: 47.
    .
    ==== End Of File ===========================
     
  3. redspot321

    redspot321 Thread Starter

    Joined:
    Jan 19, 2013
    Messages:
    3
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-19 17:20:13
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.HP61 465.76GB
    Running: blp8bv1m.exe; Driver: C:\Users\WALTER~1\AppData\Local\Temp\kwtdipob.sys

    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3804] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000772e000c 1 byte [C3]
    .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3804] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007736f85a 5 bytes JMP 000000017731d571
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe[4752] C:\Windows\system32\MSVCR100.dll!_CIatan2 + 274 00000000715548cc 3 bytes [22, 0C, 5F]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000762f2da4 5 bytes JMP 00000001682d9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007630cbf3 5 bytes JMP 0000000168428fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007630cfca 5 bytes JMP 0000000168231893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007632cb0c 5 bytes JMP 0000000168428f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007632ce64 5 bytes JMP 000000016842901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007633fbd1 5 bytes JMP 0000000168428ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007633fc9d 5 bytes JMP 0000000168428e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007633fcd6 5 bytes JMP 0000000168428dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007633fcfa 5 bytes JMP 0000000168428d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075f693ec 5 bytes JMP 00000001684291d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000719b388e 5 bytes JMP 0000000168429080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a57922 5 bytes JMP 0000000168429128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4636] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074a22694 5 bytes JMP 00000001684293c8
    ? C:\Windows\system32\mssprxy.dll [4636] entry point in ".rdata" section 00000000747b71e6
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[5312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773025fd 6 bytes JMP 00000001682f8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077312a63 6 bytes JMP 0000000168299805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000074bc34b5 5 bytes JMP 00000001682975db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000762e8a29 5 bytes JMP 00000001683003cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000762ed22e 5 bytes JMP 00000001682a363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000762f291f 5 bytes JMP 000000016827ddab
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000762f2da4 5 bytes JMP 00000001682d9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000762f6285 5 bytes JMP 00000001682f7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000762f7603 5 bytes JMP 00000001682d25ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000762fb029 5 bytes JMP 0000000168429358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000762fc63e 5 bytes JMP 0000000168429390
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000763050ed 5 bytes JMP 0000000168429a52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076305246 5 bytes JMP 00000001684292e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!EndDialog 000000007630b99c 5 bytes JMP 0000000168429d26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007630c701 5 bytes JMP 0000000168429a7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007630cbf3 5 bytes JMP 0000000168428fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007630cfca 5 bytes JMP 0000000168231893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007630eb96 5 bytes JMP 000000016827ded5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007630f52b 3 bytes JMP 000000016831ed00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx + 4 000000007630f52f 1 byte [F2]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!SendInput 000000007630ff4a 5 bytes JMP 000000016842a2e9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000763110dc 5 bytes JMP 0000000168429320
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000763114b2 5 bytes JMP 000000016842a341
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 5 bytes JMP 000000016842a3c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007632cb0c 5 bytes JMP 0000000168428f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007632ce64 5 bytes JMP 000000016842901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007633fbd1 5 bytes JMP 0000000168428ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007633fc9d 5 bytes JMP 0000000168428e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007633fcd6 5 bytes JMP 0000000168428dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007633fcfa 5 bytes JMP 0000000168428d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\USER32.dll!keybd_event 00000000763402bf 5 bytes JMP 000000016842a2a6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076486143 5 bytes JMP 0000000168429784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075f03e59 5 bytes JMP 000000016842987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075f03eae 5 bytes JMP 00000001684298fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075f04731 5 bytes JMP 00000001684297ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075f05dee 5 bytes JMP 000000016842989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075f693ec 5 bytes JMP 00000001684291d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000719b388e 5 bytes JMP 0000000168429080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a57922 5 bytes JMP 0000000168429128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000074a133a3 5 bytes JMP 000000016842946c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074a22694 5 bytes JMP 00000001684293c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7036] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000074a2e8ff 5 bytes JMP 0000000168429538
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773025fd 6 bytes JMP 00000001682f8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077312a63 6 bytes JMP 0000000168299805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000074bc34b5 5 bytes JMP 00000001682975db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000762e8a29 5 bytes JMP 00000001683003cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000762ed22e 5 bytes JMP 00000001682a363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000762f291f 5 bytes JMP 000000016827ddab
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000762f2da4 5 bytes JMP 00000001682d9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000762f6285 5 bytes JMP 00000001682f7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000762f7603 5 bytes JMP 00000001682d25ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000762fb029 5 bytes JMP 0000000168429358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000762fc63e 5 bytes JMP 0000000168429390
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000763050ed 5 bytes JMP 0000000168429a52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076305246 5 bytes JMP 00000001684292e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!EndDialog 000000007630b99c 5 bytes JMP 0000000168429d26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007630c701 5 bytes JMP 0000000168429a7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007630cbf3 5 bytes JMP 0000000168428fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007630cfca 5 bytes JMP 0000000168231893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007630eb96 5 bytes JMP 000000016827ded5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007630f52b 3 bytes JMP 000000016831ed00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx + 4 000000007630f52f 1 byte [F2]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!SendInput 000000007630ff4a 5 bytes JMP 000000016842a2e9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000763110dc 5 bytes JMP 0000000168429320
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000763114b2 5 bytes JMP 000000016842a341
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076329cfd 5 bytes JMP 000000016842a3c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007632cb0c 5 bytes JMP 0000000168428f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007632ce64 5 bytes JMP 000000016842901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007633fbd1 5 bytes JMP 0000000168428ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007633fc9d 5 bytes JMP 0000000168428e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007633fcd6 5 bytes JMP 0000000168428dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007633fcfa 5 bytes JMP 0000000168428d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\USER32.dll!keybd_event 00000000763402bf 5 bytes JMP 000000016842a2a6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076486143 5 bytes JMP 0000000168429784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075f03e59 5 bytes JMP 000000016842987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075f03eae 5 bytes JMP 00000001684298fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075f04731 5 bytes JMP 00000001684297ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075f05dee 5 bytes JMP 000000016842989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075f693ec 5 bytes JMP 00000001684291d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076471401 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076471419 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076471431 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007647144a 2 bytes [47, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764714dd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764714f5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007647150d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076471525 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007647153d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076471555 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007647156d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076471585 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007647159d 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764715b5 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764715cd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764716b2 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764716bd 2 bytes [47, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000719b388e 5 bytes JMP 0000000168429080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a57922 5 bytes JMP 0000000168429128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000074a133a3 5 bytes JMP 000000016842946c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074a22694 5 bytes JMP 00000001684293c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7156] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000074a2e8ff 5 bytes JMP 0000000168429538
    ---- Threads - GMER 2.0 ----
    Thread [496:504] 000007feff1d6e50
    Thread [496:512] 000007fefe93fb50
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4552:1056] 000007fefb0d2a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4552:4448] 000007fef0e0d618
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4552:5388] 000007fef8925124
    ---- Processes - GMER 2.0 ----
    Library ? (*** suspicious ***) @ [496] 000000013fda0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2572] 0000000070c70000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe [2760] 000007fefe4c0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2940] 000000006fdd0000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4552] 000007fefc450000
    Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [5184] 000007fefb600000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [5988] 000007feec1e0000
    Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [4468] 000007fefb600000
    ---- EOF - GMER 2.0 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086005

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice