Widows 7 Google chrome keeps redirecting to a different site and sometimes there are strange window pop ups that are somewhat related to this problem.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:00 PM, on 7/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12bar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SocialSearchBar_App - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
O2 - BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
O2 - BHO: Secret Feedback - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
O2 - BHO: Search Assistant BHO - {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbar.dll
O2 - BHO: Toolbar BHO - {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SocialSearchBar_App Toolbar - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
O3 - Toolbar: MyFunCards - {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\windows\V0350Mon.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe
O4 - HKLM\..\Run: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
O4 - HKCU\..\Run: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program Files (x86)\24x7Help\App24x7Svc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\windows\system32\dmwu.exe (file missing)
O23 - Service: InboxAceService (InboxAce_1gService) - COMPANYVERS_NAME - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: MyFunCardsService (MyFunCards_5mService) - COMPANYVERS_NAME - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
O23 - Service: My Scrap NookService (MyScrapNook_12Service) - COMPANYVERS_NAME - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 19081 bytes
----------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Editha Teves at 19:06:45 on 2013-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3335 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\24x7Help\App24x7Svc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\dmwu.exe
C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
C:\windows\SysWOW64\schtasks.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\TPHDEXLG64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\24x7Help\App24x7Help.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\24x7Help\App24x7Hook.exe
C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k WbioSvcGroup
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mURLSearchHooks: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
mWinlogon: Userinit = userinit.exe
BHO: Toolbar BHO: {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
BHO: Secret Feedback: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
BHO: Search Assistant BHO: {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
BHO: Search Assistant BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
BHO: Toolbar BHO: {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
BHO: Toolbar BHO: {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: InboxAce: {3775AFD7-5921-4571-968F-85A631203D1C} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
TB: MyFunCards: {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
TB: My Scrap Nook: {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: InboxAce: {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
uRun: [Best Buy pc app] C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [V0350Mon.exe] C:\windows\V0350Mon.exe
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h
mRun: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe
mRun: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
mRun: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
mRun: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF}\05F43545F56596379647F627 : DHCPNameServer = 10.2.145.9
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [TpShocks] C:\windows\System32\TpShocks.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [InboxAce Home Page Guard 64 bit] "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-10 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-10 39008]
R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2011-10-10 23648]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-5-3 45856]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-10 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-10-10 55880]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-10-10 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-10-10 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-10-10 62584]
R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-3-24 342168]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1339.1 44\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-7-24 2827728]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
R2 IBUpdaterService;IBUpdaterService;C:\windows\System32\dmwu.exe [2013-6-19 1453872]
R2 InboxAce_1gService;InboxAceService;C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc. exe [2013-6-27 42504]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-1-10 72216]
R2 MyFunCards_5mService;MyFunCardsService;C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar svc.exe [2013-3-5 42504]
R2 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [2013-3-5 42504]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-3-29 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2013-3-5 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-10 2656280]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-10 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\drivers\rtsuvc.sys [2011-10-10 8200552]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VF0350Afx;VF0350 Audio FX;C:\windows\System32\drivers\V0350Afx.sys [2012-6-30 214240]
S3 VF0350Vfx;VF0350 Video FX;C:\windows\System32\drivers\V0350Vfx.sys [2012-6-30 12288]
S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\windows\System32\drivers\V0350Vid.sys [2012-6-30 214976]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-28 01:01:31 388096 ----a-r- C:\Users\Editha Teves\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-28 01:01:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-07-24 12:34:32 -------- d-----w- C:\Program Files (x86)\LessTabs
2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\searchplugins
2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\Extensions
2013-07-24 12:34:25 -------- d-----w- C:\ProgramData\BrowserDefender
2013-07-24 12:34:23 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\BabSolution
2013-07-24 12:34:22 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Delta
2013-07-24 12:34:22 -------- d-----w- C:\Program Files (x86)\Delta
2013-07-24 12:34:15 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Babylon
2013-07-24 12:34:15 -------- d-----w- C:\ProgramData\Babylon
2013-07-11 13:39:10 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 13:39:10 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 13:39:10 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 13:39:10 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 13:39:10 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 13:39:10 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 13:39:10 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 13:39:08 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-11 13:39:08 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-11 13:39:07 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-11 13:39:06 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 13:39:00 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-11 13:38:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 13:38:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 13:38:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 13:38:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:38:58 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:38:46 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-11 13:38:46 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-09 04:25:40 -------- d-sh--w- C:\found.002
2013-07-04 14:40:10 -------- d-----w- C:\Users\Editha Teves\AppData\Local\InboxAce_1g
2013-07-01 22:28:40 -------- d-----w- C:\Program Files (x86)\SecretFeedback
2013-06-28 01:25:36 -------- d-----w- C:\Program Files (x86)\InboxAce_1g
.
==================== Find3M ====================
.
2013-06-27 01:35:46 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-06-12 13:44:26 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:44:26 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-08 14:17:54 35656 ----a-w- C:\windows\System32\LMIport.dll
2013-06-08 14:17:54 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2013-06-08 14:17:53 100680 ----a-w- C:\windows\System32\LMIinit.dll
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-21 12:53:10 1453872 ----a-w- C:\windows\System32\dmwu.exe
2013-05-21 12:52:14 33792 ----a-w- C:\windows\System32\ImHttpComm.dll
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:08:59.21 ===============
---------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2012 9:30:01 AM
System Uptime: 7/27/2013 5:57:21 PM (2 hours ago)
.
Motherboard: LENOVO | | Emerald Lake
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 1584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 655 GiB total, 599.239 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 26.24 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 6/22/2013 11:31:45 AM - Scheduled Checkpoint
RP96: 7/1/2013 12:28:37 PM - Scheduled Checkpoint
RP97: 7/11/2013 5:40:11 PM - Windows Update
RP98: 7/18/2013 7:15:47 PM - Scheduled Checkpoint
RP99: 7/27/2013 6:00:51 PM - Windows Update
RP100: 7/27/2013 7:00:58 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
24x7 Help
Active Protection System
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Advanced Video FX Engine
AppGraffiti
AVG 2013
AVG SafeGuard toolbar
Best Buy pc app
BioExcess
BrowserDefender
Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
CyberLink YouCam
D3DX10
Delta Chrome Toolbar
Delta toolbar
DomaIQ
EgisTec ES603 WDM Driver
Energy Management
ES603 WDM Driver
FlashPlayer
FriendsChecker
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
IB Updater Service
iLivid
Inbox Toolbar
InboxAce Toolbar
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Intel® PROSet/Wireless WiMAX Software
Internet Explorer Toolbar 4.7 by SweetPacks
Junk Mail filter update
Lenovo EasyCamera
Lenovo EE Boot Optimizer
Lenovo OneKey Recovery
Lenovo Security Suite
LessTabs
LogMeIn
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
My Scrap Nook Toolbar
MyFunCards Toolbar
Norton PC Checkup
Optimizer Pro v3.0
PC Power Speed 1.0.0.24
Port Locker
Power2Go
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RebateInformer
Searchqu Toolbar
Secret Feedback
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype 5.10
SocialSearchBar_App Toolbar
Supreme Savings
Synaptics Pointing Device Driver
UnfriendMonkey
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Updater By SweetPacks 2.0.0.609
VeriFace
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.3
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/27/2013 5:51:42 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/25/2013 7:56:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Registry Service service to connect.
7/25/2013 7:56:44 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/24/2013 7:09:07 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 1726
7/24/2013 6:35:04 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserDefendert service, but this action failed with the following error: An instance of the service is already running.
7/24/2013 6:34:34 AM, Error: Service Control Manager [7031] - The BrowserDefendert service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2013 10:26:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user JoseTeves-PC\Editha Teves SID (S-1-5-21-2248509849-1098968737-2228260666-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/23/2013 7:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user JoseTeves-PC\Guest SID (S-1-5-21-2248509849-1098968737-2228260666-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/22/2013 9:44:48 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/22/2013 9:44:38 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: %%-2147467243
7/22/2013 9:44:38 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%-2147467243
.
==== End Of File ===========================
------------------------------------------
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-27 19:27:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698.64GB
Running: m1orurn5.exe; Driver: C:\Users\EDITHA~1\AppData\Local\Temp\fwtyquoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033f2000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 614 fffff800033f2036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\user32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x59c628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x59c668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x59c5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x59c528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x59c728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x59c768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x59c6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x59c6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x59c468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x59c4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x59c428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x59c5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x59c568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x59c4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x713e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x713e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x713da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x713d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x713f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x713f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x713ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x713ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x713c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x713ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x713c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x713de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x713d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x713ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x113228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x113268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x1131a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x113128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x113328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x113368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x1132e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x1132a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x113068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x1130a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x113028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x1131e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x113168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x1130e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x11a228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x11a268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x11a1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x11a128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x11a328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x11a368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x11a2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x11a2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x11a068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x11a0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x11a028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x11a1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x11a168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x11a0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0xd63e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0xd63e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0xd63da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0xd63d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0xd63f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0xd63f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0xd63ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0xd63ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0xd63c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0xd63ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0xd63c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0xd63de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0xd63d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0xd63ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x724628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x724668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x7245a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x724528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x724728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x724768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x7246e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x7246a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x724468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x7244a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x724428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x7245e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x724568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x7244e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776a3ae0 5 bytes JMP 000000016ffe0110
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776a7a90 5 bytes JMP 000000016ffe00d8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtClose 00000000776d1400 8 bytes JMP 000000016fff01f0
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776d1430 8 bytes JMP 000000016fff0180
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtQueryValueKey 00000000776d1480 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776d14e0 8 bytes JMP 000000016fff0148
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000776d1910 8 bytes JMP 000000016fff0110
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtDeleteKey 00000000776d1e70 8 bytes JMP 000000016fff0228
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00000000776d1ea0 8 bytes JMP 000000016fff0260
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776d2260 8 bytes JMP 000000016fff01b8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\system32\ole32.DLL!CoCreateInstance 000007fefe6c7490 11 bytes JMP 000007fffe6900d8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!LoadLibraryExA] [7fef174c860] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryExA] [7fef174cf20] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryA] [7fef174d040] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryExW] [7fef174cfb0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryW] [7fef174d0d0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ole32.DLL[KERNEL32.dll!LoadLibraryA] [7fef174cbc0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ole32.DLL[KERNEL32.dll!LoadLibraryW] [7fef174cc50] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryA] [7fef174d4c0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryExA] [7fef174d3a0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryExW] [7fef174d430] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryW] [7fef174d550] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegDeleteKeyW] [7feee1cae90] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegSetValueExW] [7feee1cb030] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegQueryValueExW] [7feee1cb0e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryExA] [7fef174d160] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryExW] [7fef174d1f0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryA] [7fef174d280] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryW] [7fef174d310] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHRegGetUSValueW] [7feee1cb420] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHSetValueW] [7feee1cad20] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHDeleteKeyW] [7feee1cacb0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHRegSetUSValueW] [7feee1cb4e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryExW] [7fef174d8b0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryW] [7fef174d9d0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryA] [7fef174d940] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryExA] [7fef174d820] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryExA] [7fef174cce0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryExW] [7fef174cd70] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryW] [7fef174ce90] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[ADVAPI32.dll!RegQueryValueExW] [7feee1cb0e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[ADVAPI32.dll!RegSetValueExW] [7feee1cb030] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{90905B57-FBC8-4104-AABF-48F984044B5A}\Connection@Name isatap.{58DA0AF7-8A73-490B-9306-D20C0E2FAA55}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CDBF1A12-36DC-462F-B648-E9C0AD469705}\Connection@Name isatap.{9997D281-2D9C-4726-8D61-963461342A2A}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}?\Device\{CDBF1A12-36DC-462F-B648-E9C0AD469705}?\Device\{90905B57-FBC8-4104-AABF-48F984044B5A}?\Device\{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}?\Device\{86C24373-07DF-4388-AA05-770B16B1D6F7}?\Device\{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}?\Device\{3E973146-3A73-434D-9107-A100724F184B}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}"?"{CDBF1A12-36DC-462F-B648-E9C0AD469705}"?"{90905B57-FBC8-4104-AABF-48F984044B5A}"?"{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}"?"{86C24373-07DF-4388-AA05-770B16B1D6F7}"?"{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}"?"{3E973146-3A73-434D-9107-A100724F184B}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}?\Device\TCPIP6TUNNEL_{CDBF1A12-36DC-462F-B648-E9C0AD469705}?\Device\TCPIP6TUNNEL_{90905B57-FBC8-4104-AABF-48F984044B5A}?\Device\TCPIP6TUNNEL_{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}?\Device\TCPIP6TUNNEL_{86C24373-07DF-4388-AA05-770B16B1D6F7}?\Device\TCPIP6TUNNEL_{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}?\Device\TCPIP6TUNNEL_{3E973146-3A73-434D-9107-A100724F184B}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{90905B57-FBC8-4104-AABF-48F984044B5A}@InterfaceName isatap.{58DA0AF7-8A73-490B-9306-D20C0E2FAA55}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{90905B57-FBC8-4104-AABF-48F984044B5A}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDBF1A12-36DC-462F-B648-E9C0AD469705}@InterfaceName isatap.{9997D281-2D9C-4726-8D61-963461342A2A}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDBF1A12-36DC-462F-B648-E9C0AD469705}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10312
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)
---- EOF - GMER 2.1 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:00 PM, on 7/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12bar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SocialSearchBar_App - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
O2 - BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
O2 - BHO: Secret Feedback - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
O2 - BHO: Search Assistant BHO - {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbar.dll
O2 - BHO: Toolbar BHO - {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SocialSearchBar_App Toolbar - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
O3 - Toolbar: MyFunCards - {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\windows\V0350Mon.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe
O4 - HKLM\..\Run: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
O4 - HKCU\..\Run: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program Files (x86)\24x7Help\App24x7Svc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\windows\system32\dmwu.exe (file missing)
O23 - Service: InboxAceService (InboxAce_1gService) - COMPANYVERS_NAME - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: MyFunCardsService (MyFunCards_5mService) - COMPANYVERS_NAME - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
O23 - Service: My Scrap NookService (MyScrapNook_12Service) - COMPANYVERS_NAME - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 19081 bytes
----------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Editha Teves at 19:06:45 on 2013-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3335 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\24x7Help\App24x7Svc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\dmwu.exe
C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
C:\windows\SysWOW64\schtasks.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\TPHDEXLG64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\24x7Help\App24x7Help.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\24x7Help\App24x7Hook.exe
C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k WbioSvcGroup
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mURLSearchHooks: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
mWinlogon: Userinit = userinit.exe
BHO: Toolbar BHO: {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
BHO: Secret Feedback: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
BHO: Search Assistant BHO: {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
BHO: Search Assistant BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
BHO: Toolbar BHO: {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
BHO: Toolbar BHO: {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: InboxAce: {3775AFD7-5921-4571-968F-85A631203D1C} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
TB: MyFunCards: {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
TB: My Scrap Nook: {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: InboxAce: {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
uRun: [Best Buy pc app] C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [V0350Mon.exe] C:\windows\V0350Mon.exe
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h
mRun: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe
mRun: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
mRun: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
mRun: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF}\05F43545F56596379647F627 : DHCPNameServer = 10.2.145.9
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [TpShocks] C:\windows\System32\TpShocks.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [InboxAce Home Page Guard 64 bit] "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-10 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-10 39008]
R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2011-10-10 23648]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-5-3 45856]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-10 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-10-10 55880]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-10-10 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-10-10 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-10-10 62584]
R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-3-24 342168]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1339.1 44\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-7-24 2827728]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
R2 IBUpdaterService;IBUpdaterService;C:\windows\System32\dmwu.exe [2013-6-19 1453872]
R2 InboxAce_1gService;InboxAceService;C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc. exe [2013-6-27 42504]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-1-10 72216]
R2 MyFunCards_5mService;MyFunCardsService;C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar svc.exe [2013-3-5 42504]
R2 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [2013-3-5 42504]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-3-29 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2013-3-5 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-10 2656280]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-10 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\drivers\rtsuvc.sys [2011-10-10 8200552]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VF0350Afx;VF0350 Audio FX;C:\windows\System32\drivers\V0350Afx.sys [2012-6-30 214240]
S3 VF0350Vfx;VF0350 Video FX;C:\windows\System32\drivers\V0350Vfx.sys [2012-6-30 12288]
S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\windows\System32\drivers\V0350Vid.sys [2012-6-30 214976]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-28 01:01:31 388096 ----a-r- C:\Users\Editha Teves\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-28 01:01:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-07-24 12:34:32 -------- d-----w- C:\Program Files (x86)\LessTabs
2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\searchplugins
2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\Extensions
2013-07-24 12:34:25 -------- d-----w- C:\ProgramData\BrowserDefender
2013-07-24 12:34:23 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\BabSolution
2013-07-24 12:34:22 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Delta
2013-07-24 12:34:22 -------- d-----w- C:\Program Files (x86)\Delta
2013-07-24 12:34:15 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Babylon
2013-07-24 12:34:15 -------- d-----w- C:\ProgramData\Babylon
2013-07-11 13:39:10 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 13:39:10 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 13:39:10 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 13:39:10 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 13:39:10 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 13:39:10 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 13:39:10 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 13:39:08 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-11 13:39:08 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-11 13:39:07 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-11 13:39:06 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 13:39:00 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-11 13:38:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 13:38:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 13:38:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 13:38:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:38:58 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:38:46 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-11 13:38:46 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-09 04:25:40 -------- d-sh--w- C:\found.002
2013-07-04 14:40:10 -------- d-----w- C:\Users\Editha Teves\AppData\Local\InboxAce_1g
2013-07-01 22:28:40 -------- d-----w- C:\Program Files (x86)\SecretFeedback
2013-06-28 01:25:36 -------- d-----w- C:\Program Files (x86)\InboxAce_1g
.
==================== Find3M ====================
.
2013-06-27 01:35:46 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-06-12 13:44:26 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:44:26 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-08 14:17:54 35656 ----a-w- C:\windows\System32\LMIport.dll
2013-06-08 14:17:54 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2013-06-08 14:17:53 100680 ----a-w- C:\windows\System32\LMIinit.dll
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-21 12:53:10 1453872 ----a-w- C:\windows\System32\dmwu.exe
2013-05-21 12:52:14 33792 ----a-w- C:\windows\System32\ImHttpComm.dll
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:08:59.21 ===============
---------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2012 9:30:01 AM
System Uptime: 7/27/2013 5:57:21 PM (2 hours ago)
.
Motherboard: LENOVO | | Emerald Lake
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 1584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 655 GiB total, 599.239 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 26.24 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 6/22/2013 11:31:45 AM - Scheduled Checkpoint
RP96: 7/1/2013 12:28:37 PM - Scheduled Checkpoint
RP97: 7/11/2013 5:40:11 PM - Windows Update
RP98: 7/18/2013 7:15:47 PM - Scheduled Checkpoint
RP99: 7/27/2013 6:00:51 PM - Windows Update
RP100: 7/27/2013 7:00:58 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
24x7 Help
Active Protection System
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Advanced Video FX Engine
AppGraffiti
AVG 2013
AVG SafeGuard toolbar
Best Buy pc app
BioExcess
BrowserDefender
Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
CyberLink YouCam
D3DX10
Delta Chrome Toolbar
Delta toolbar
DomaIQ
EgisTec ES603 WDM Driver
Energy Management
ES603 WDM Driver
FlashPlayer
FriendsChecker
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
IB Updater Service
iLivid
Inbox Toolbar
InboxAce Toolbar
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Intel® PROSet/Wireless WiMAX Software
Internet Explorer Toolbar 4.7 by SweetPacks
Junk Mail filter update
Lenovo EasyCamera
Lenovo EE Boot Optimizer
Lenovo OneKey Recovery
Lenovo Security Suite
LessTabs
LogMeIn
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
My Scrap Nook Toolbar
MyFunCards Toolbar
Norton PC Checkup
Optimizer Pro v3.0
PC Power Speed 1.0.0.24
Port Locker
Power2Go
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RebateInformer
Searchqu Toolbar
Secret Feedback
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype 5.10
SocialSearchBar_App Toolbar
Supreme Savings
Synaptics Pointing Device Driver
UnfriendMonkey
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Updater By SweetPacks 2.0.0.609
VeriFace
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.3
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/27/2013 5:51:42 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/25/2013 7:56:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Registry Service service to connect.
7/25/2013 7:56:44 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/24/2013 7:09:07 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 1726
7/24/2013 6:35:04 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserDefendert service, but this action failed with the following error: An instance of the service is already running.
7/24/2013 6:34:34 AM, Error: Service Control Manager [7031] - The BrowserDefendert service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2013 10:26:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user JoseTeves-PC\Editha Teves SID (S-1-5-21-2248509849-1098968737-2228260666-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/23/2013 7:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user JoseTeves-PC\Guest SID (S-1-5-21-2248509849-1098968737-2228260666-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/22/2013 9:44:48 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/22/2013 9:44:38 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: %%-2147467243
7/22/2013 9:44:38 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%-2147467243
.
==== End Of File ===========================
------------------------------------------
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-27 19:27:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698.64GB
Running: m1orurn5.exe; Driver: C:\Users\EDITHA~1\AppData\Local\Temp\fwtyquoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033f2000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 614 fffff800033f2036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\user32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x59c628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x59c668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x59c5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x59c528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x59c728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x59c768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x59c6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x59c6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x59c468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x59c4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x59c428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x59c5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x59c568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x59c4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x713e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x713e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x713da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x713d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x713f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x713f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x713ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x713ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x713c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x713ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x713c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x713de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x713d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x713ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x113228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x113268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x1131a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x113128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x113328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x113368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x1132e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x1132a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x113068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x1130a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x113028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x1131e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x113168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x1130e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x11a228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x11a268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x11a1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x11a128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x11a328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x11a368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x11a2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x11a2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x11a068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x11a0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x11a028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x11a1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x11a168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x11a0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0xd63e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0xd63e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0xd63da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0xd63d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0xd63f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0xd63f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0xd63ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0xd63ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0xd63c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0xd63ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0xd63c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0xd63de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0xd63d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0xd63ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x724628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x724668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x7245a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x724528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x724728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x724768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x7246e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x7246a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x724468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x7244a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x724428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x7245e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x724568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x7244e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776a3ae0 5 bytes JMP 000000016ffe0110
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776a7a90 5 bytes JMP 000000016ffe00d8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtClose 00000000776d1400 8 bytes JMP 000000016fff01f0
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776d1430 8 bytes JMP 000000016fff0180
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtQueryValueKey 00000000776d1480 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776d14e0 8 bytes JMP 000000016fff0148
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000776d1910 8 bytes JMP 000000016fff0110
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtDeleteKey 00000000776d1e70 8 bytes JMP 000000016fff0228
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00000000776d1ea0 8 bytes JMP 000000016fff0260
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776d2260 8 bytes JMP 000000016fff01b8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\system32\ole32.DLL!CoCreateInstance 000007fefe6c7490 11 bytes JMP 000007fffe6900d8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!LoadLibraryExA] [7fef174c860] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryExA] [7fef174cf20] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryA] [7fef174d040] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryExW] [7fef174cfb0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryW] [7fef174d0d0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ole32.DLL[KERNEL32.dll!LoadLibraryA] [7fef174cbc0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ole32.DLL[KERNEL32.dll!LoadLibraryW] [7fef174cc50] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryA] [7fef174d4c0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryExA] [7fef174d3a0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryExW] [7fef174d430] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryW] [7fef174d550] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegDeleteKeyW] [7feee1cae90] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegSetValueExW] [7feee1cb030] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegQueryValueExW] [7feee1cb0e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryExA] [7fef174d160] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryExW] [7fef174d1f0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryA] [7fef174d280] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryW] [7fef174d310] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHRegGetUSValueW] [7feee1cb420] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHSetValueW] [7feee1cad20] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHDeleteKeyW] [7feee1cacb0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHRegSetUSValueW] [7feee1cb4e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryExW] [7fef174d8b0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryW] [7fef174d9d0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryA] [7fef174d940] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryExA] [7fef174d820] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryExA] [7fef174cce0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryExW] [7fef174cd70] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryW] [7fef174ce90] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[ADVAPI32.dll!RegQueryValueExW] [7feee1cb0e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[ADVAPI32.dll!RegSetValueExW] [7feee1cb030] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{90905B57-FBC8-4104-AABF-48F984044B5A}\Connection@Name isatap.{58DA0AF7-8A73-490B-9306-D20C0E2FAA55}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CDBF1A12-36DC-462F-B648-E9C0AD469705}\Connection@Name isatap.{9997D281-2D9C-4726-8D61-963461342A2A}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}?\Device\{CDBF1A12-36DC-462F-B648-E9C0AD469705}?\Device\{90905B57-FBC8-4104-AABF-48F984044B5A}?\Device\{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}?\Device\{86C24373-07DF-4388-AA05-770B16B1D6F7}?\Device\{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}?\Device\{3E973146-3A73-434D-9107-A100724F184B}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}"?"{CDBF1A12-36DC-462F-B648-E9C0AD469705}"?"{90905B57-FBC8-4104-AABF-48F984044B5A}"?"{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}"?"{86C24373-07DF-4388-AA05-770B16B1D6F7}"?"{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}"?"{3E973146-3A73-434D-9107-A100724F184B}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}?\Device\TCPIP6TUNNEL_{CDBF1A12-36DC-462F-B648-E9C0AD469705}?\Device\TCPIP6TUNNEL_{90905B57-FBC8-4104-AABF-48F984044B5A}?\Device\TCPIP6TUNNEL_{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}?\Device\TCPIP6TUNNEL_{86C24373-07DF-4388-AA05-770B16B1D6F7}?\Device\TCPIP6TUNNEL_{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}?\Device\TCPIP6TUNNEL_{3E973146-3A73-434D-9107-A100724F184B}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{90905B57-FBC8-4104-AABF-48F984044B5A}@InterfaceName isatap.{58DA0AF7-8A73-490B-9306-D20C0E2FAA55}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{90905B57-FBC8-4104-AABF-48F984044B5A}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDBF1A12-36DC-462F-B648-E9C0AD469705}@InterfaceName isatap.{9997D281-2D9C-4726-8D61-963461342A2A}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDBF1A12-36DC-462F-B648-E9C0AD469705}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10312
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)
---- EOF - GMER 2.1 ----